Secure Implementations for Typed Session Abstractions

R.J. Corin, Pierre-Malo Deniélou, Cédric Fournet, Karthikeyan Bhargavan, James Leifer

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    24 Citations (Scopus)
    59 Downloads (Pure)

    Abstract

    Distributed applications can be structured as parties that exchange messages according to some pre-arranged communication patterns. These sessions (or contracts, or protocols) simplify distributed programming: when coding a role for a given session, each party just has to follow the intended message flow, under the assumption that the other parties are also compliant. In an adversarial setting, remote parties may not be trusted to play their role. Hence, defensive implementations also have to monitor one another, in order to detect any deviation from the assigned roles of a session. This task involves low-level coding below session abstractions, thus giving up most of their benefits. We explore language-based support for sessions. We extend the ML language with session types that express flows of messages between roles, such that well-typed programs always play their roles. We compile session type declarations to cryptographic communication protocols that can shield programs from any low-level attempt by coalitions of remote peers to deviate from their roles. Our main result is that, when reasoning about programs that use our session implementation, one can safely assume that all session peers comply with their roles—without trusting their remote implementations.
    Original languageUndefined
    Title of host publication20th IEEE Computer Security Foundations Symposium (CSF)
    EditorsR. Focardi
    Place of PublicationLos Alamitos, CA, USA
    PublisherIEEE Computer Society
    Pages170-186
    Number of pages17
    ISBN (Print)0-7695-2819-8
    DOIs
    Publication statusPublished - Jul 2007
    Event20th IEEE Computer Security Foundations Symposium (CSF) - Venice, Italy
    Duration: 1 Jul 20071 Jul 2007

    Publication series

    Name
    PublisherIEEE Computer Society
    Number07TH8938

    Conference

    Conference20th IEEE Computer Security Foundations Symposium (CSF)
    Period1/07/071/07/07
    Other6-8 July

    Keywords

    • EWI-9703
    • IR-67073
    • METIS-241591
    • SCS-Cybersecurity

    Cite this