Secure Execution of Distributed Session Programs

TL;DR

This paper enhances the SJ framework for session-based distributed programming by integrating security features, including secure transport and delegation, with formal security proofs to ensure communication safety and robustness.

Contribution

It introduces a secure transport implementation using modified TLS and SRP, and provides formal security proofs for session delegation protocols in the SJ framework.

Findings

Secure transport with TLS and SRP enhances communication security.

Modular design supports rapid extension to new transports.

Formal pi-calculus proofs verify security properties of delegation protocols.

Abstract

The development of the SJ Framework for session-based distributed programming is part of recent and ongoing research into integrating session types and practical, real-world programming languages. SJ programs featuring session types (protocols) are statically checked by the SJ compiler to verify the key property of communication safety, meaning that parties engaged in a session only communicate messages, including higher-order communications via session delegation, that are compatible with the message types expected by the recipient. This paper presents current work on security aspects of the SJ Framework. Firstly, we discuss our implementation experience from improving the SJ Runtime platform with security measures to protect and augment communication safety at runtime. We implement a transport component for secure session execution that uses a modified TLS connection with authentication based on the Secure Remote Password (SRP) protocol. The key technical point is the delicate treatment of secure session delegation to counter a previous vulnerability. We find that the modular design of the SJ Runtime, based on the notion of an Abstract Transport for session communication, supports rapid extension to utilise additional transports whilst separating this concern from the application-level session programming task. In the second part of this abstract, we formally prove the target security properties by modelling the extended SJ delegation protocols in the pi-calculus.