security typed programming within dependently typed
play

Security-Typed Programming within Dependently-Typed Programming - PowerPoint PPT Presentation

Oct 16, 2023 •233 likes •860 views

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Security-Typed Programming Access control: who gets access to what? read a file play a song make an

  1. Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University

  2. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what can they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 2

  3. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what do they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 3

  4. Access Control Access control list (ACL) for /alice/secret.txt Read “/alice/secret.txt” Alice: rwad Bob: rw Admin: rlidwka Alice Desktop (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4 Security-Typed Programming within DTP

  5. Access Control Access control list (ACL) for /alice/secret.txt Read “/alice/secret.txt” Alice: rwad Bob: rw Admin: rlidwka Alice Desktop Enforcement: Authentication + ACL lookup (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4 Security-Typed Programming within DTP

  6. Decentralized Access Control Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  7. Decentralized Access Control Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student Need a mechanism to • Charlie is a student specify and enforce • … decentralized policies... (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  8. Authorization Logic CMU Digital library • All students of • Alice is a student members can read • Charlie is a student papers • … • CMU is a member ACM says ∀ s:principal, CMU says student(Alice) ∀ i:principal, ∀ p:paper, (member(i) ⋀ i says student(s)) ⊃ MayRead(s, p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 6

  9. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  10. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice p : mayread(Alice,paper.pdf) CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  11. Proof Carrying Authorization Digital library Read “paper.pdf” Evidence OK? Alice p : mayread(Alice,paper.pdf) (Access granted) (Runtime error) (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  12. Proof Carrying Authorization Digital library Read “paper.pdf” Evidence OK? Alice p : mayread(Alice,paper.pdf) (Access granted) (Runtime error) Can we ensure that runtime errors won’t happen? (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  13. An API for PCA read : file → prin → proof → contents e.g. read(paper.pdf,Alice,p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  14. An API for PCA read : file → prin → proof → contents e.g. read(paper.pdf,Alice,p) p might not be a well-formed proof Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  15. An API for PCA read : file → prin → proof → contents e.g. read(paper.pdf,Alice,p) p might not be a well-formed proof p might not be a proof of the right theorem! Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  16. Dependent Types! read : (f : file) (k : prin) (p : proof(mayread(k,f)) → contents p is well-formed by typing theorem is explicit in p’s type Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 10

  17. Dependent PCA PCML5 [Avijit+Harper] Aura [Jia,Vaughn,Zdancewik,et al.] Fine [Swamy et. al] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  18. Dependent PCA 12,000 lines of Coq PCML5 [Avijit+Harper] Aura [Jia,Vaughn,Zdancewik,et al.] Fine [Swamy et. al] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  19. Dependent PCA 12,000 lines of Coq PCML5 [Avijit+Harper] Aura [Jia,Vaughn,Zdancewik,et al.] Fine [Swamy et. al] 20,000 lines of F# Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  20. Can we do security-typed programming within an existing dependently-typed language ? Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 12

  21. Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 13

  22. Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 14

  23. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  24. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  25. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  26. BL0 [Garg+Pfenning] Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  27. Outline 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 16

  28. Theorem Prover can be big and read(paper.pdf,Alice,p) difficult to write out Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  29. Theorem Prover can be big and read(paper.pdf,Alice,p) difficult to write out We implemented a theorem prover: prove : ( Θ : Ctx) (A : Prop) → Maybe ( Θ ⊢ A) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  30. Theorem Prover can be big and read(paper.pdf,Alice,p) difficult to write out We implemented a theorem prover: prove : ( Θ : Ctx) (A : Prop) → Maybe ( Θ ⊢ A) (n : nat) search depth Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  31. Run-time Proving tryRead : ( Γ : Ctx) (p : prin)(f : file) → Maybe(string) tryRead Γ p f = case (prove 15 Γ Mayread(f,p)) of None => None Some proof => Some (read p f proof) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  32. Run-time Proving tryRead : ( Γ : Ctx) (p : prin)(f : file) → Maybe(string) tryRead Γ p f = case (prove 15 Γ Mayread(f,p)) of None => None Some proof => Some (read p f proof) prove is fancy version of “look up in ACL” Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  33. Run-time Proving prove : (n:nat) ( Θ : Ctx) (A : Prop) → Maybe ( Θ ⊢ A) tryRead : ( Γ : Ctx) (p : prin)(f : file) → Maybe(string) tryRead Γ p f = case (prove 15 Γ Mayread(f,p)) of None => None Some proof => Some (read p f proof) prove is fancy version of “look up in ACL” Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  34. Compile-time Proving Γ pol a static (known at compile-time) policy: Γ pol = CMU says student(Alice) :: ACM says ∀ s:principal, ∀ i:principal, ∀ p:paper, (member(i) ⋀ i says student(s)) ⊃ MayRead(s, p) :: ... Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 19

  35. Compile-time Proving proof? : Maybe ( Γ pol ⊢ Mayread(Alice, paper.pdf)) proof? = prove 15 Γ pol (Mayread(Alice, paper.pdf)) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  36. Compile-time Proving proof? : Maybe ( Γ pol ⊢ Mayread(Alice, paper.pdf)) proof? = prove 15 Γ pol (Mayread(Alice, paper.pdf)) Computes (defintional equality) to either None or Some(p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  37. Compile-time Proving proof? : Maybe ( Γ pol ⊢ Mayread(Alice, paper.pdf)) proof? = prove 15 Γ pol (Mayread(Alice, paper.pdf)) Computes (defintional equality) to either None or Some(p) theProof : Γ pol ⊢ Mayread(Alice, paper.pdf) theProof = getSome proof? Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469 Security-Typed Programming Access control: who gets access

1.06k views • 79 slides
Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter Morris pwm@cs.nott.ac.uk University of Nottingham Generic Programming in a Dependently Typed Language p. 1/12 This talk We introduce a

599 views • 45 slides
Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers tekniska hgskola joint work with Simon Castellan, Imperial College Pierre Clairambault, ENS Lyon TYPES 2019 Oslo, 11-14 June . . . . . . . .

140 views • 12 slides
Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic Mulligan Programming, Logic, and Semantics Group, University of Cambridge Part III, Advanced Functional Programming, March 2017 1 System F Very

130 views • 9 slides
LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to Idris (18 commits) Played with dependent types for 2 years Been doing Idris for 6 months ASSUMPTIONS Small experience with Haskell

739 views • 39 slides
Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of Cybernetics at TUT November 13, 2015 1 / 67 Outline The problem and motivation Different notions of finiteness Pragmatic finite subsets Approaches to

860 views • 57 slides
Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert Harper Karl Crary Frank Pfenning Greg Morrisett, Harvard 1 Domain-specific logics Type systems for reasoning about a specific application

985 views • 67 slides
Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

DTP11, Nijmegen, 26-08-2011 Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady (University of St. Andrews) and members of the Cartesian Seminar at PIK DTP11, Nijmegen, 26-08-2011 PIK : Potsdam Institute

698 views • 22 slides
Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad Salim Al-Sibahi Supervised by: Dr. Peter Sesto@ David R. ChrisCansen IT University of

422 views • 38 slides
Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

IFL 2012, Oxford, September 1st, 2012 Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for Climate Impact Research) and Patrik Jansson (Chalmers University of Technology) IFL 2012, Oxford, September 1st,

858 views • 59 slides
A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer Science Bilgi University, Istanbul TYPES06 - Nottingham Lszl Nmeth A Dependently Typed Framework for Maintaining Invariants

434 views • 11 slides
A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota Other Contributors: D. Baelde, Z. Snow The Context

417 views • 14 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien Introduction Calculus Implementation Conclusion 1 Lean Proof assistant based on dependent type theory terms, types, formulas, proofs are all

458 views • 33 slides
A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern Department of Computer Science and Engineering University of Minnesota Joint work with Kaustuv Chaudhuri, INRIA 1 Based on work which will be

571 views • 36 slides
A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto Takeyama April 16, 2003 (809) A Logical Framework with Dependently Typed Records Thierry Coquand, Slide 1 Robert Pollack, Makoto Takeyama April 16,

363 views • 13 slides
CS 5413 Group Projects Friday, February 17, 2017 Goals Identify a fun and challenging

CS 5413 Group Projects Friday, February 17, 2017 Goals Identify a fun and challenging

CS 5413 Group Projects Friday, February 17, 2017 Goals Identify a fun and challenging semester project Suggested project ideas relate to: Disaggregated Datacenters Designing new Dataplane Programming applications Containers in

330 views • 30 slides
Presentation of XML commercial approach (XML in DTP) Patryk Czarnik XML and Applications

Presentation of XML commercial approach (XML in DTP) Patryk Czarnik XML and Applications

Presentation of XML commercial approach (XML in DTP) Patryk Czarnik XML and Applications 2013/2014 Week 11 16.12.2013 Uwaga, nie trzeba uczy si wszystkich szczegw technicznych do egzaminu. 2 / 87 Desktop Publishing (DTP)

1.23k views • 87 slides
Modularising inductive families Josh Ko & Jeremy Gibbons Department of Computer Science

Modularising inductive families Josh Ko & Jeremy Gibbons Department of Computer Science

Accepted for WGP11 Modularising inductive families Josh Ko & Jeremy Gibbons Department of Computer Science University of Oxford Dependently Typed Programming workshop 27 August 2011, Nijmegen, The Netherlands Internalism Constraints

886 views • 34 slides
t strsr s ss

t strsr s ss

t strsr s ss r strsr r r t trsr

589 views • 47 slides
Accurate&Network&Clock&Synchronization at&Scale Balaji&Prabhakar

Accurate&Network&Clock&Synchronization at&Scale Balaji&Prabhakar

Accurate&Network&Clock&Synchronization at&Scale Balaji&Prabhakar Joint&work&with:&Yilong Geng,&Zi Yin,&Shiyu Liu,&Ashish&Naik,& Mendel&Rosenblum&and&Amin&Vahdat

312 views • 29 slides
Real World Autonomous Agents Coordinate multiple agents Robust Execution of Contingent,

Real World Autonomous Agents Coordinate multiple agents Robust Execution of Contingent,

Massachusetts Institute of Technology Real World Autonomous Agents Coordinate multiple agents Robust Execution of Contingent, Provide robustness Temporally Flexible Plans Stephen Block Andreas Wehowsky, Brian Williams 2 Robustness

278 views • 5 slides
Interactive and Automatic Theorem Proving in the First Order Theory of Combinators Ana Bove 1 ,

Interactive and Automatic Theorem Proving in the First Order Theory of Combinators Ana Bove 1 ,

Introduction Agda as LF for FOL FOTC Mirror ABP FOTC vs DTP Interactive and Automatic Theorem Proving in the First Order Theory of Combinators Ana Bove 1 , Peter Dybjer 1 , Andrs Sicard-Ramrez 2 1 Chalmers tekniska hgskola, Gteborg,

574 views • 36 slides
ATOMIC-2 & Netstation Projects Gregory Finn, Joe Touch, Annette DeSchon, Ted Faber Steve

ATOMIC-2 & Netstation Projects Gregory Finn, Joe Touch, Annette DeSchon, Ted Faber Steve

INFORMATION SCIENCES INSTITUTE UNIVERSITY OF SOUTHERN CALIFORNIA 4676 Admiralty Way Marina Del Rey, CA 90292 ATOMIC-2 & Netstation Projects Gregory Finn, Joe Touch, Annette DeSchon, Ted Faber Steve Hotz, Rodney Van Meter, Bruce Parham 1

154 views • 14 slides

More recommend