security typed programming within dependently typed
play

Security-Typed Programming within Dependently-Typed Programming - PowerPoint PPT Presentation

Aug 25, 2022 •256 likes •1.06k views

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469 Security-Typed Programming Access control: who gets access

  1. Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469

  2. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what can they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 2

  3. Security-Typed Programming Access control: who gets access to what? read a file play a song make an FFI call Information flow: what can they do with it? post the file contents on a blog copy the mp3 save the result in a database Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 3

  4. Access Control Access control list (ACL) for secret.txt Read secret.txt Alice: r Bob: rw Alice Server (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4

  5. Access Control Access control list (ACL) for secret.txt Read secret.txt Alice: r Bob: rw Alice Server Enforcement: Authentication + ACL lookup (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 4

  6. Decentralized Access Control Digital library Read paper.pdf • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  7. Decentralized Access Control Digital library Read paper.pdf • All students of members can read papers • CMU is a member Alice CMU • Alice is a student Need a mechanism to • Charlie is a student specify and enforce • … decentralized policies... (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 5

  8. Decentralized Access Control ACM says ∀ s:principal, Digital library ∀ i:principal, • All students of ∀ p:paper, members can read papers (member(i) ⋀ i says student(s)) • CMU is a member ⊃ MayRead(s, p) ... CMU • Alice is a student • Charlie is a student CMU says student(Alice) • … ... (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 6

  9. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  10. Proof Carrying Authorization [Appel+Felten] Digital library Read “paper.pdf” • All students of members can read papers • CMU is a member Alice p : mayread(Alice,paper.pdf) CMU • Alice is a student • Charlie is a student • … (slide by Kumar Avijit) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 7

  11. Proof Carrying Authorization Read “paper.pdf” Proof OK? Alice p : mayread(Alice,paper.pdf) Access granted Runtime error Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  12. Proof Carrying Authorization • ACM says ... Policy Read “paper.pdf” Proof OK? Alice p : mayread(Alice,paper.pdf) Access granted Runtime error Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  13. Proof Carrying Authorization • ACM says ... Policy State Read “paper.pdf” Proof OK? Alice p : mayread(Alice,paper.pdf) Access granted Runtime error Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 8

  14. An API for PCA Digital library Read “paper.pdf” Alice p : mayread(Alice,paper.pdf) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  15. An API for PCA read : prin → file → proof → contents Digital library Read “paper.pdf” Alice p : mayread(Alice,paper.pdf) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  16. An API for PCA read : prin → file → proof → contents Digital library Read “paper.pdf” Alice p : mayread(Alice,paper.pdf) { read(Alice,paper.pdf,p) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 9

  17. An API for PCA read : prin → file → proof → contents e.g. read(Alice, paper.pdf,p) Problems: p might not be a well-formed proof p might not be a proof of the right theorem! Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 10

  18. Dependent Types! read : prin → file → proof → contents read : (k : prin) (f : file) (p : proof(mayread(k,f)) → contents Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  19. Dependent Types! read : prin → file → proof → contents read : (k : prin) (f : file) (p : proof(mayread(k,f)) → contents typing ensures p is a well-formed proof theorem is explicit in p’s type Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 11

  20. Verification Spectrum static dynamic Predict the policy Prove consequences statically Do all proving at run-time Failures only if prediction was wrong Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 12

  21. Verification Spectrum Reuse proofs static dynamic for several API calls Predict the policy Prove consequences statically Do all proving at run-time Failures only if prediction was wrong Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 12

  22. Dependent PCA Several new languages: PCML5 [Avijit,Datta,Harper, TLDI’10] Aura [Jia,Vaughan,Zdancewic, et al., ICFP’08 ] Fine [Swamy,Chen,Chugh, ESOP’10] F7 [Gordon,Bengston,Bhargavan,Fournet,Maffeis, CSF’08] … Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 13

  23. This paper: We can do security-typed programming within an existing dependently-typed language Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 14

  24. Our library Supports programming as in PCML5 [Avijit,Datta,Harper, TLDI’10] Aura [Jia,Vaughan,Zdancewic, et al., ICFP’08 ] Fine [Swamy,Chen,Chugh, ESOP’10] F7 [Gordon,Bengston,Bhargavan,Fournet,Maffeis, CSF’08] … Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 15

  25. Aglet: Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 16

  26. Aglet: Security-typed Programming in Agda 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 17

  27. Dependent Types! read : file → prin → proof → contents read : (k : prin) (f : file) (p : proof(mayread(k,f)) → contents typing ensures p is a well-formed proof theorem is explicit in p’s type Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 18

  28. Representing BL 0 [Garg+Pfenning] says (Prin CMU, CMU says student(Alice) student(Prin Alice)) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 19

  29. Representing BL 0 [Garg+Pfenning] says (Prin CMU, CMU says student(Alice) student(Prin Alice)) data Propo where says : Principal → Propo → Propo ... Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 19

  30. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  31. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Classifying only well-formed derivations: D D : Γ ⊢ A Γ ⊢ A Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  32. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Classifying only well-formed derivations: D D : Γ ⊢ A Γ ⊢ A Inference rules as datatype constructors: ⊃ R : ∀ { Γ A B} Γ , A ⊢ B → (A :: Γ ) ⊢ B Γ ⊢ A ⊃ B → Γ ⊢ (A ⊃ B) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  33. Representing BL 0 [Garg+Pfenning] Sequent as indexed inductive definition: data _ ⊢ _ : Ctx → Propo → Type Γ ⊢ A Classifying only well-formed derivations: D D : Γ ⊢ A Γ ⊢ A Inference rules as datatype constructors: dependent ⊃ R : ∀ { Γ A B} Γ , A ⊢ B de Bruijn → (A :: Γ ) ⊢ B Γ ⊢ A ⊃ B indices → Γ ⊢ (A ⊃ B) Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 20

  34. BL0 [Garg+Pfenning] Logic with says modality: CMU says student(Alice) principal we’re reasoning as k Ω ; Δ ; Γ → A individuals: claims: truth: x : τ k claims A A true Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 21

  35. Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 22

  36. Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 22

  37. Outline 1.Representing an authorization logic 2.Compile-time and run-time theorem proving 3.Stateful and dynamic policies Security-Typed Programming within DTP Dan Licata and Jamie Morgenstern 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Security-Typed Programming Access control: who gets access to what? read a file play a song make an

860 views • 62 slides
Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter Morris pwm@cs.nott.ac.uk University of Nottingham Generic Programming in a Dependently Typed Language p. 1/12 This talk We introduce a

599 views • 45 slides
Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers

Categories with Families Unityped, Simply Typed, Dependently Typed Peter Dybjer Chalmers tekniska hgskola joint work with Simon Castellan, Imperial College Pierre Clairambault, ENS Lyon TYPES 2019 Oslo, 11-14 June . . . . . . . .

140 views • 12 slides
Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic

Super advanced functional programming Or: dependently-typed programming in Agda Dr. Dominic Mulligan Programming, Logic, and Semantics Group, University of Cambridge Part III, Advanced Functional Programming, March 2017 1 System F Very

130 views • 9 slides
LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to

LEARN DEPENDENTLY- TYPED PROGRAMMING WITH IDRIS WHO I AM @puffnfresh Tiny contributor to Idris (18 commits) Played with dependent types for 2 years Been doing Idris for 6 months ASSUMPTIONS Small experience with Haskell

739 views • 39 slides
Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of

Dependently Typed Programming with Finite Sets Denis Firsov and Tarmo Uustalu Institute of Cybernetics at TUT November 13, 2015 1 / 67 Outline The problem and motivation Different notions of finiteness Pragmatic finite subsets Approaches to

860 views • 57 slides
Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert Harper Karl Crary Frank Pfenning Greg Morrisett, Harvard 1 Domain-specific logics Type systems for reasoning about a specific application

985 views • 67 slides
Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady

DTP11, Nijmegen, 26-08-2011 Dependently-Typed Programming in Economic Modelling Cezar Ionescu (PIK) with Edwin Brady (University of St. Andrews) and members of the Cartesian Seminar at PIK DTP11, Nijmegen, 26-08-2011 PIK : Potsdam Institute

698 views • 22 slides
Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad

Scrapping Your Dependently- Typed Boilerplate is Hard Ahmad Salim Al-Sibahi Supervised by: Dr. Peter Sesto@ David R. ChrisCansen IT University of

422 views • 38 slides
Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for

IFL 2012, Oxford, September 1st, 2012 Dependently-typed Programming in Scientific Computing Cezar Ionescu (Potsdam Institute for Climate Impact Research) and Patrik Jansson (Chalmers University of Technology) IFL 2012, Oxford, September 1st,

858 views • 59 slides
A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer Science Bilgi University, Istanbul TYPES06 - Nottingham Lszl Nmeth A Dependently Typed Framework for Maintaining Invariants

434 views • 11 slides
A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary

A Translation-Based Animation of Specifications in a Dependently-Typed Lambda Calculus Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota Other Contributors: D. Baelde, Z. Snow The Context

417 views • 14 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien

Dependently typed superposition in Lean Gabriel Ebner Matryoshka 2018 2018-06-27 TU Wien Introduction Calculus Implementation Conclusion 1 Lean Proof assistant based on dependent type theory terms, types, formulas, proofs are all

458 views • 33 slides
A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern

A Translation-Based Approach to Reasoning About Dependently Typed Specifications 1 Mary Southern Department of Computer Science and Engineering University of Minnesota Joint work with Kaustuv Chaudhuri, INRIA 1 Based on work which will be

571 views • 36 slides
A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto Takeyama April 16, 2003 (809) A Logical Framework with Dependently Typed Records Thierry Coquand, Slide 1 Robert Pollack, Makoto Takeyama April 16,

363 views • 13 slides
Interactive and Automatic Theorem Proving in the First Order Theory of Combinators Ana Bove 1 ,

Interactive and Automatic Theorem Proving in the First Order Theory of Combinators Ana Bove 1 ,

Introduction Agda as LF for FOL FOTC Mirror ABP FOTC vs DTP Interactive and Automatic Theorem Proving in the First Order Theory of Combinators Ana Bove 1 , Peter Dybjer 1 , Andrs Sicard-Ramrez 2 1 Chalmers tekniska hgskola, Gteborg,

574 views • 36 slides
Real World Autonomous Agents Coordinate multiple agents Robust Execution of Contingent,

Real World Autonomous Agents Coordinate multiple agents Robust Execution of Contingent,

Massachusetts Institute of Technology Real World Autonomous Agents Coordinate multiple agents Robust Execution of Contingent, Provide robustness Temporally Flexible Plans Stephen Block Andreas Wehowsky, Brian Williams 2 Robustness

278 views • 5 slides
Accurate&Network&Clock&Synchronization at&Scale Balaji&Prabhakar

Accurate&Network&Clock&Synchronization at&Scale Balaji&Prabhakar

Accurate&Network&Clock&Synchronization at&Scale Balaji&Prabhakar Joint&work&with:&Yilong Geng,&Zi Yin,&Shiyu Liu,&Ashish&Naik,& Mendel&Rosenblum&and&Amin&Vahdat

312 views • 29 slides
ATOMIC-2 & Netstation Projects Gregory Finn, Joe Touch, Annette DeSchon, Ted Faber Steve

ATOMIC-2 & Netstation Projects Gregory Finn, Joe Touch, Annette DeSchon, Ted Faber Steve

INFORMATION SCIENCES INSTITUTE UNIVERSITY OF SOUTHERN CALIFORNIA 4676 Admiralty Way Marina Del Rey, CA 90292 ATOMIC-2 & Netstation Projects Gregory Finn, Joe Touch, Annette DeSchon, Ted Faber Steve Hotz, Rodney Van Meter, Bruce Parham 1

154 views • 14 slides
Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F.

Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F.

Efficient FPGA implementation of a Digital Transparent Satellite Processor G. Marini, V. Sulli, F. Santucci, M. Faccio University of LAquila, LAquila, Italy Outline Introduction Problem Definition Resolution Method FPGA

1.27k views • 22 slides
Data Collection Planning Multi-Goal Planning Jan Faigl Department of Computer Science

Data Collection Planning Multi-Goal Planning Jan Faigl Department of Computer Science

Data Collection Planning Close Enough TSP and TSPN GTSP OP OPN Prize Collecting TSP Data Collection Planning Multi-Goal Planning Jan Faigl Department of Computer Science Faculty of Electrical Engineering Czech Technical University in

617 views • 51 slides
rss r t Ptr rrs rst

rss r t Ptr rrs rst

rss rss r t Ptr rrs rst tt r rss trt

566 views • 27 slides
Managing the Bathtub of Tax Debt UK Chapter of the System Dynamics Society Annual Gathering

Managing the Bathtub of Tax Debt UK Chapter of the System Dynamics Society Annual Gathering

Managing the Bathtub of Tax Debt UK Chapter of the System Dynamics Society Annual Gathering February 2011 Nick Whitehouse & Nicola Fletcher Contents 1. Background what is debt? 2. Analysis issues 3. Interim modelling & need for

236 views • 19 slides

More recommend