@techreport{swamy2011secure,
author = {Swamy, Nikhil and Chen, Juan and Fournet, Cédric and Strub, Pierre-Yves and Bharagavan, Karthikeyan and Yang, Jean},
title = {Secure Distributed Programming with Value-Dependent Types},
year = {2011},
month = {March},
abstract = {Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed side-by-side with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications and proofs becomes challenging.

We present F*, a full-fledged design and implementation of a new dependently typed language for secure distributed programming. Unlike prior languages, F* provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sub-languages within F* and controls their interaction. F* subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs partially mechanized in Coq) and logical consistency for F*.

We have implemented a compiler that translates F* to .NET bytecode, based on a prototype for Fine. F* provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F# and the other .NET languages. The compiler produces verifiable binaries with 60% code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification.

To date, we have programmed and verified more than 17,000 lines of F* including (1) new schemes for multi-party sessions; (2) a new zero-knowledge privacy-preserving payment protocol; (3) a provenance aware curated database; (4) a suite of 17 web-browser extensions verified for authorization properties; and (5) a cloud-hosted multi-tier web application with a verified reference monitor.},
url = {http://approjects.co.za/?big=en-us/research/publication/secure-distributed-programming-with-value-dependent-types/},
number = {MSR-TR-2011-37},
note = {This is an extended version of the conference paper (ICFP '11) with the same title. A final version of this full technical report is forthcoming.},
}