NSF Award
2314324
Computer-aided cryptography has started to impact the design and implementation of real-world protocols. One of its main challenges is the development of maintainable models and proofs. In particular, it is important that the assumptions and guarantees of verified protocols can be checked against each other, so that the design of protocols and systems can evolve in a robust manner through formalized reasoning for cryptography and security. The formal reasoning methods used in this project are based on separation logic, a mathematical framework for certifying the absence of bugs in computer systems. While many such frameworks exist, separation logic has attracted considerable interest in recent years because it simplifies the analysis of how computer systems employ resources such as memory, disk space, etc. Reasoning about these resources is challenging in general because different system components might use the same resource in potentially conflicting ways. For example, two components in a program might try to save different files under the same name, thus leading to data loss. Traditionally, these conflicts were ruled out by reasoning about what every part of the system is doing at the same time, rendering the analysis of systems complex. With separation logic, by contrast, it is possible to analyze what each system component does in isolation, regardless of what the rest of the system is doing. This makes the analysis more self contained, allowing separation logic to handle more complex systems compared to traditional methods. Despite many success stories demonstrating this power, there is an important class of components that are often overlooked in separation logic: cryptographic protocols. To withstand attackers when facing an open network, networked systems must communicate using intricate cryptographic protocols. Current proofs in separation logic abstract away from these protocols, assuming an ideal model where malicious agents have limited power over communication. Because the analysis does not take the underlying protocols into account, it might miss bugs in the system that result from employing a faulty protocol, or simply from employing a correct protocol in incorrect ways. <br/><br/>This project aims to advance the state-of-the-art in program verification by extending separation logic with cryptographic reasoning. The extension will make separation logic developments more reliable by explicitly taking cryptographic protocols into account. The goals of the project are: (1) Using resources in separation logic to model cryptographic terms; (2) Simplifying the analysis of composite protocols that were developed and verified independently; and (3) Integrate cryptographic reasoning within existing frameworks for verifying distributed systems. The resulting logic will come in two variants: one for the symbolic model of cryptography, which is better suited for formal analysis, and one for the computational model, which offers stronger guarantees. The design of the logic will build upon existing approaches for protocol analysis, such as protocol model checkers or the universal composability framework. Part of the project consist of implementing a proof checker for this logic based on Iris, a framework for separation logic built on the Coq proof assistant. This will allow the logic to support many advanced features of separation logic while keeping a relatively small and trustworthy code base. The evaluation of the logic will be based on a series of case studies verifying protocols and integrating them in larger systems.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
