Type-driven Verification of Communicating Systems
Lead Research Organisation:
University of St Andrews
Department Name: Computer Science
Abstract
It is considered a fact of life that computer software routinely fails. Often, this is merely inconvenient. When a PC, tablet or mobile phone crashes, we can restart it, perhaps losing only a small amount of work. On the other hand, errors in systems software or in network or security infrastructure can be disastrous. Recent high profile security vulnerabilities such as the "Heartbleed" bug show that even well tested and widely used software can contain serious and undetected flaws.
This project forms the initial part of an ambitious long term vision of a platform for full-stack verified software development, accessible by
both programming practitioners and researchers. We will use a type-driven approach to software verification, using the dependently typed programming language Idris.
The promise of dependently typed languages is that we can, in principle, guarantee important functional properties of software (such as preservation of size and ordering properties of data) and extra-functional properties such as resource safety (for example, that a protocol is followed accurately). However, proving such properties in general remains impractical for typical application developers, due to the difficulty of constructing proofs, the difficulty of reading and maintaining software due to proof details interfering with the details of an algorithm, and the lack of robustness and efficiency in even state of the art implementations of dependently typed languages.
Idris aims to address these problems, having been built specifically with the goal of generating good quality executable code which can interroperate with existing systems. Furthermore, it supports language constructs for building "Domain Specific Languages" (DSLs). In this project, we will further develop Idris, focussing on robustness and efficiency, and show how its support for DSL construction and type-level programming allow us to develop secure communication protocol implementations, described as a type-level DSL and verified by type checking.
In particular, we will construct verified implementations of Diffie-Hellman key exchange, and the Needham-Schroeder-Lowe protocol, and use these to implement a demonstrator application. This application (a networked chat system) will support secure communication (up to the guarantees given in the protocols), be efficient (no overhead due to proof obligations) and be able to communicate with alternative implementations in other languages.
This project forms the initial part of an ambitious long term vision of a platform for full-stack verified software development, accessible by
both programming practitioners and researchers. We will use a type-driven approach to software verification, using the dependently typed programming language Idris.
The promise of dependently typed languages is that we can, in principle, guarantee important functional properties of software (such as preservation of size and ordering properties of data) and extra-functional properties such as resource safety (for example, that a protocol is followed accurately). However, proving such properties in general remains impractical for typical application developers, due to the difficulty of constructing proofs, the difficulty of reading and maintaining software due to proof details interfering with the details of an algorithm, and the lack of robustness and efficiency in even state of the art implementations of dependently typed languages.
Idris aims to address these problems, having been built specifically with the goal of generating good quality executable code which can interroperate with existing systems. Furthermore, it supports language constructs for building "Domain Specific Languages" (DSLs). In this project, we will further develop Idris, focussing on robustness and efficiency, and show how its support for DSL construction and type-level programming allow us to develop secure communication protocol implementations, described as a type-level DSL and verified by type checking.
In particular, we will construct verified implementations of Diffie-Hellman key exchange, and the Needham-Schroeder-Lowe protocol, and use these to implement a demonstrator application. This application (a networked chat system) will support secure communication (up to the guarantees given in the protocols), be efficient (no overhead due to proof obligations) and be able to communicate with alternative implementations in other languages.
Planned Impact
In the course of the project, we will make significant advances in the state of the art of dependently typed programming, improving the available tools and developing new libraries and programming idioms. As well as benefitting academic researchers in the field of software verification, it will benefit the wider community of application developers and the general public.
Ultimately, the public at large will benefit from enhanced security and verification in communications technology. By providing enhanced tools for guaranteeing confidentiality and integrity of data, we greatly reduce the risk of leaking private data, and greatly reduce the costs of patching affected systems. This project will itself contribute to a longer term vision of fully verified systems infrastructure, laying foundations for secure protocol implementation and developing robust and efficient tools to support these implementations.
We are collaborating with companies who may make use of the results of this project, in particular Erlang Solutions and Galois, Inc. Erlang Solutions provide scalable distributed systems using Erlang's built-in support for concurrent and distributed systems. This project will ultimately lead to tools for adding verification and security as well as scalability. Galois Inc, based in Portland, Oregon, use functional programming and domain specific language based technology to build tools for guaranteed confidentiality, integrity and availability of systems. They will benefit from enhanced domain specific language technology to support machine checkable proofs of correctness of systems infrastructure.
The project will involve further development of the Idris programming language (http://idris-lang.org). As with all code released as part of the Idris system so far, everything produced during the project will be released under an Open Source licence, and made available via GitHub (http://www.github.com/) and the project web site.
Ultimately, the public at large will benefit from enhanced security and verification in communications technology. By providing enhanced tools for guaranteeing confidentiality and integrity of data, we greatly reduce the risk of leaking private data, and greatly reduce the costs of patching affected systems. This project will itself contribute to a longer term vision of fully verified systems infrastructure, laying foundations for secure protocol implementation and developing robust and efficient tools to support these implementations.
We are collaborating with companies who may make use of the results of this project, in particular Erlang Solutions and Galois, Inc. Erlang Solutions provide scalable distributed systems using Erlang's built-in support for concurrent and distributed systems. This project will ultimately lead to tools for adding verification and security as well as scalability. Galois Inc, based in Portland, Oregon, use functional programming and domain specific language based technology to build tools for guaranteed confidentiality, integrity and availability of systems. They will benefit from enhanced domain specific language technology to support machine checkable proofs of correctness of systems infrastructure.
The project will involve further development of the Idris programming language (http://idris-lang.org). As with all code released as part of the Idris system so far, everything produced during the project will be released under an Open Source licence, and made available via GitHub (http://www.github.com/) and the project web site.
Organisations
People |
ORCID iD |
Edwin Brady (Principal Investigator) |
Publications
Alam MS
(2022)
Repurposing of existing antibiotics for the treatment of diabetes mellitus.
in In silico pharmacology
Brady E
(2017)
TYPE-DRIVEN DEVELOPMENT OF CONCURRENT COMMUNICATING SYSTEMS
in Computer Science
Christiansen D
(2016)
Elaborator reflection: extending Idris in Idris
Christiansen D
(2016)
Elaborator reflection: extending Idris in Idris
in ACM SIGPLAN Notices
De Muijnck-Hughes J
(2019)
Value-Dependent Session Design in a Dependently Typed Language
in Electronic Proceedings in Theoretical Computer Science
De Muijnck-Hughes J.
(2020)
A framework for resource dependent EDSLs in a dependently typed language
in Leibniz International Proceedings in Informatics, LIPIcs
Jan De Muijnck-Hughes
(2020)
A Framework for Resource Dependent EDSLs in a Dependently Typed Language
Description | This one year long project led to an initial implementation of libraries and tools for developing safe concurrent software, and a method for describing secure communication protocols in such a way that implementations of those protocols can be verified by machine. A significant difficulty in concurrent and communicating programs is that there are multiple processes which need to interact safely and consistently (for example, if one sends a message to another, the receiver needs to be expecting the message). Using advanced programming language techniques, in the Idris programming language, we describe a communicating system as a "type", and from this derive the required communication patterns of each process in the overall system. This was the initial stage in a longer term vision for full-stack verified software development, and throughout the project we have continued to develop and enhance Idris. In particular, we have extended it with "linear types" which allow resource usage protocols (especially state transition systems such as communicating programs) to be encoded and verified with little programmer effort. In developing verified software with advanced type systems, it is often necessary to prove properties of certain arithmetical properties. We have developed a technique for automatically proving such properties (as long as they have a relatively simple structure) and will continue to try to incorporate this into Idris in a form which is accessible by application developers. |
Exploitation Route | The results of this project were achieved in the context of the Idris programming language, the development of which is led by the PI. In developing libraries for communicating software, we have improved the implementation of Idris and developed and documented new libraries (see for example http://docs.idris-lang.org/en/latest/st/index.html). While there is still a lot of work to do the make our approach to verifying communicating systems widely accessible, and robust enough for large scale industrial systems, the underlying programming language technology is available for general adoption. |
Sectors | Digital/Communication/Information Technologies (including Software) |
URL | http://www.idris-lang.org/ |
Description | The project involved development of a prototype of a new programming language, Idris, and how to use it to develop verifiable communication protocols. As well as academic publications, I have been presenting Idris and its applications at commercial programming conferences, including how to model security protocols. As a result Idris is now getting some use in industry, and in particular I am now working with a Californian copany (https://onai.com/) in using Idris to verify the communication protocols used in a micropayments system for applications in distributed computing (for example, Folding@home and related projects). |
First Year Of Impact | 2020 |
Sector | Financial Services, and Management Consultancy |
Impact Types | Economic |
Title | Idris |
Description | A programming language with an advanced type system which allows developers to give precise specifications for the programs, and verify them according to those specifications. |
Type Of Technology | Software |
Year Produced | 2017 |
Open Source License? | Yes |
Impact | At the moment, use is primarily by developers who are investigating the potential of advanced type systems for mainstream software development. Adoption can be estimated by sales of the book "Type-driven Development with Idris" (around 4000 copies as of March 2018). |
URL | https://idris-lang.org |
Description | Code Mesh 2016 |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | A presentation at a conference attended by software developers, to spread knowledge of the Idris programming language and related research |
Year(s) Of Engagement Activity | 2016 |
URL | http://www.codemesh.io/codemesh2016 |
Description | Functional Kats Workshop |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | A day long workshop introducing the Idris programming language to an audience of software developers in Dublin. |
Year(s) Of Engagement Activity | 2016 |
URL | https://www.meetup.com/es-ES/FunctionalKubs/events/228632790/ |
Description | Lambda World |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Talk at a software developer conference, subsequently made available as a video on the internet. |
Year(s) Of Engagement Activity | 2016 |
URL | https://www.47deg.com/events/lambda-world-2016/ |
Description | SE Radio |
Form Of Engagement Activity | A broadcast e.g. TV/radio/film/podcast (other than news/press) |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | An interview on a functional programming podcast |
Year(s) Of Engagement Activity | 2016 |
URL | https://www.functionalgeekery.com/episode-54-edwin-brady/ |