Creating High-Performance, Statically Type-Safe Network Applications

A typical Internet server finds itself in the middle of a virtual battleground, under constant threat from worms, viruses and other malware seeking to subvert the original intentions of the programmer. Critical Internet servers have had numerous security issues ranging from low-level buffer overflows to subtle logic errors. These problems have cost billions of dollars as the growth of the Internet exposes increasing numbers of computers to electronic malware. Despite the decades of research on techniques such as model-checking and type-safety, the vast majority of server implementations continue to be written unsafely and informally in C/C++. We describe an architecture for constructing new implementations of Internet protocols which integrates mature formal methods not currently used in deployed servers: 1) static type systems from the ML family of functional languages; 2) model checking to verify safety properties exhaustively about aspects of the servers; and 3)...