Affiliation:
1. Microsoft Research, USA
2. Inria, France
3. Massachusetts Institute of Technology, USA
Abstract
We present Low*, a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a dependently- typed variant of ML aimed at program verification. Departing from ML, Low* does not involve any garbage collection or implicit heap allocation; instead, it has a structured memory model à la CompCert, and it provides the control required for writing efficient low-level security-critical code.
By virtue of typing, any Low* program is memory safe. In addition, the programmer can make full use of the verification power of F* to write high-level specifications and verify the functional correctness of Low* code using a combination of SMT automation and sophisticated manual proofs. At extraction time, specifications and proofs are erased, and the remaining code enjoys a predictable translation to C. We prove that this translation preserves semantics and side-channel resistance.
We provide a new compiler back-end from Low* to C and, to evaluate our approach, we implement and verify various cryptographic algorithms, constructions, and tools for a total of about 28,000 lines of code. We show that our Low* code delivers performance competitive with existing (unverified) C cryptographic libraries, suggesting our approach may be applicable to larger-scale low-level software.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,Software
Reference79 articles.
1. 2008–2017. The Sodium crypto library (libsodium). (2008–2017). https://www.gitbook.com/book/jedisct1/libsodium/details 2008–2017. The Sodium crypto library (libsodium). (2008–2017). https://www.gitbook.com/book/jedisct1/libsodium/details
2. 2010–2017. The Rust Programming Language. (2010–2017). https://www.rust- lang.org 2010–2017. The Rust Programming Language. (2010–2017). https://www.rust- lang.org
3. 2016. CVE-2016-7054: ChaCha20/Poly1305 heap-buffer-overflow. (Nov. 2016). http://cve.mitre.org/cgi- bin/cvename.cgi? name=CVE- 2016- 7054 2016. CVE-2016-7054: ChaCha20/Poly1305 heap-buffer-overflow. (Nov. 2016). http://cve.mitre.org/cgi- bin/cvename.cgi? name=CVE- 2016- 7054
4. 2017. Common Weakness Enumeration (CWE-190: Integer Overflow or Wraparound). (2017). https://cwe.mitre.org/data/ definitions/190.html 2017. Common Weakness Enumeration (CWE-190: Integer Overflow or Wraparound). (2017). https://cwe.mitre.org/data/ definitions/190.html
5. 2017. Common Weakness Enumeration (CWE-415: Double Free). (2017). http://cwe.mitre.org/data/definitions/415.html 2017. Common Weakness Enumeration (CWE-415: Double Free). (2017). http://cwe.mitre.org/data/definitions/415.html
Cited by
66 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Extending Isabelle/HOL’s Code Generator with Support for the Go Programming Language;Lecture Notes in Computer Science;2024-09-13
2. Timing Side-Channel Mitigation via Automated Program Repair;ACM Transactions on Software Engineering and Methodology;2024-07-16
3. How We Built Cedar: A Verification-Guided Approach;Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering;2024-07-10
4. Foundational Integration Verification of a Cryptographic Server;Proceedings of the ACM on Programming Languages;2024-06-20
5. Verified Extraction from Coq to OCaml;Proceedings of the ACM on Programming Languages;2024-06-20