Not quite so broken


Protocol implementations have lots of security flaws. The immediate causes of these are often programming errors, e.g. in memory management, but the root causes are more fundamental: the challenges of interpreting the ambiguous prose specification (RFCs), the complexities inherent in large APIs and code bases, inherently unsafe programming choices, and the impossibility of directly testing conformance between implementations and the specification.

Not-quite-so-broken is the theme of our re-engineered approach to security protocol specification and implementation that addresses these root causes. The same code serves two roles: it is both a specification, executable as a test oracle to check conformance of traces from arbitrary implementations, and a usable implementation; a modular and declarative programming style provides clean separation between its components. Many security flaws are thus excluded by construction.

Read more in our paper: Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation by David Kaloper-Meršinjak, Hannes Mehnert, Anil Madhavapeddy and Peter Sewell, published at Usenix Security 2015. We implemented some libraries in OCaml using this approach:


Code using nqsb:


Texts about nqsb:

Parts of this work were supported by REMS: Rigorous Engineering for Mainstream Systems EPSRC Programme Grant EP/K008528/1, and by the European Union’s Seventh Framework Programme FP7/2007–2013 under the User Centric Networking project (no. 611001).

Thanks to IPredator for hosting.