We present a compiler for generating custom cryptographic protocols from high-level multiparty sessions.Sessions specify pre-arranged patterns of message exchanges between distributed participants and their data accesses to a shared store. We define integrity and confidentiality properties of sessions, in a setting where the network and arbitrary compromised parties may be controlled by an adversary. Our compiler enforces these security properties by guarding the sending and receiving of session messages by efficient cryptographic operations and checks.Given a session, our compiler generates an ML module and an interface that exposes send and receive functions that can be called by application code for each party. We prove that this generated code is secure by relying on a recent refinement type system for ML. Functions in the module interface are given dependent types that express invariants of the session state. We typecheck the program against this interface, and complete the proof by a brief, handcrafted argument.We illustrate and evaluate our implementation on a series of typical protocols, inspired by web services. In comparison with prior work, our source language is more expressive, our implementation more efficient, and our proof technique novel. Most of the proof is performed by mechanized type checking of the generated code, and does not rely on the correctness of our compiler. We obtain the strongest session security guarantees to date in a model that accounts for the actual details of protocol code. Security by compilationTaking advantage of modern programming tools and generic wire formats, one can sometimes design, develop, and deploy complex distributed protocols in a matter of hours-relying on automated proxy generators, for example, to rapidly expose existing applications as networked services. The situation is less favorable when attempting to ensure application security subject to realistic assumptions on the network and remote parties. The problem is that most widely-available protocols for cryptographic communications (say TLS or IPSEC) operate at a lower level; they provide authenticity and confidentiality guarantees only for messages exchanged between two endpoints (URLs or IP addresses), but they leave the interpretation of these messages and endpoints to the application programmer. Hence, any guarantee that involves more than two parties (say, a multi-tiered web application with a client, a gateway, and two servers) must be carefully established by linking lowerlevel guarantees on related messages, or by layering ad hoc cryptographic mechanisms on top of communications, for instance by embedding certificates in message payloads.When considering protocols between participants in an open, networked environment, each participant may belong to a different domain, with its own configuration and security policy; although all participants are willing to run the protocol, they may not trust one another. Although it is straightforward to protect the participants of the protocol from netw...
Existing languages provide good support for typeful programming of standalone programs. In a distributed system, however, there may be interaction between multiple instances of many distinct programs, sharing some (but not necessarily all) of their module structure, and with some instances rebuilt with new versions of certain modules as time goes on. In this paper we discuss programminglanguage support for such systems, focussing on their typing and naming issues.We describe an experimental language, Acute, which extends an ML core to support distributed development, deployment, and execution, allowing type-safe interaction between separately-built programs. The main features are: (1) type-safe marshalling of arbitrary values; (2) type names that are generated (freshly and by hashing) to ensure that type equality tests suffice to protect the invariants of abstract types, across the entire distributed system; (3) expression-level names generated to ensure that name equality tests suffice for type-safety of associated values, e.g. values carried on named channels; (4) controlled dynamic rebinding of marshalled values to local resources; and (5) thunkification of threads and mutexes to support computation mobility.These features are a large part of what is needed for typeful distributed programming. They are a relatively lightweight extension of ML, should be efficiently implementable, and are expressive enough to enable a wide variety of distributed infrastructure layers to be written as simple library code above the byte-string network and persistent store APIs. This disentangles the language runtime from communication intricacies. This paper highlights the main design choices in Acute. It is supported by a full language definition (of typing, compilation, and operational semantics), by a prototype implementation, and by example distribution libraries.
Distributed applications can be structured as parties that exchange messages according to some pre-arranged communication patterns. These sessions (or contracts, or protocols) simplify distributed programming: when coding a role for a given session, each party just has to follow the intended message flow, under the assumption that the other parties are also compliant.In an adversarial setting, remote parties may not be trusted to play their role. Hence, defensive implementations also have to monitor one another, in order to detect any deviation from the assigned roles of a session. This task involves low-level coding below session abstractions, thus giving up most of their benefits.We explore language-based support for sessions. We extend the ML language with session types that express flows of messages between roles, such that well-typed programs always play their roles. We compile session type declarations to cryptographic communication protocols that can shield programs from any low-level attempt by coalitions of remote peers to deviate from their roles. Our main result is that, when reasoning about programs that use our session implementation, one can safely assume that all session peers comply with their roles-without trusting their remote implementations. Session types for distributed programmingProgramming networked, independent systems is complex, because the programmer has little control over the runtime environment. To simplify his task, programming languages and system libraries offer abstractions for common communication patterns (such as private channels or RPCs), with automated support to help the programmer use these abstractions reliably and to relieve him from their lowlevel implementation details (such as message format and routing). As an example, web services promote declarative types and policies for messaging, with tools that can automatically fetch these declarations and set up proxies with a simple typed programming interface.From a security perspective, when parts of the system and some of the remote parties are not trusted, communication abstractions can be especially effective: relying on cryptographic protocols, implementations of these abstractions can sometimes entirely shield programmers from low-level attacks (such as message interception and rewriting) [1,2]. However, this is seldom the case in practice, as security concerns force the programmer to understand lowlevel protocol issues.Beyond simple abstractions for communications, distributed applications can often be structured as parties that exchange messages according to some fixed, pre-arranged patterns. These sessions (also named contracts, or workflows, or protocols) simplify distributed programming by specifying the behaviour of each network entity, or role. By agreeing on a common session specification, the parties can resolve most of the complexity upfront. Then, when coding a role for a given session, each party just has to follow the message flow for this role, under the assumption that the other parties are al...
Distributed applications can be structured as parties that exchange messages according to some prearranged communication patterns. These sessions (or contracts, or protocols) simplify distributed programming: when coding a role for a given session, each party just has to follow the intended message flow, under the assumption that the other parties are also compliant.In an adversarial setting, remote parties may not be trusted to play their role. Hence, defensive implementations also have to monitor one another, in order to detect any deviation from the assigned roles of a session. This task involves low-level coding below session abstractions, thus giving up most of their benefits.We explore language-based support for sessions. We extend the ML language with session types that express flows of messages between roles, such that well-typed programs always play their roles. We compile session type declarations to cryptographic communication protocols that can shield programs from any low-level attempt by coalitions of remote peers to deviate from their roles. Our main result is that, when reasoning about programs that use our session implementation, one can safely assume that all session peers comply with their roles -without trusting their remote implementations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.