E. If, J and dom(µ 1 ) ? fnfv(µ 2 ) = ? then E, µ 2, E J . LEMMA, vol.5, issue.2 1

E. If and X. Dom, E) then forms(E), forms(x : T ) forms(x : T )

E. T. Suppose, E. T. If, E. J. , E. T. , and E. J. , Moreover the depth of the derivation of the second judgment equals that of the first

E. We-have, {C 1 }, : {C 2 }, E J if and only if E, : {C 1 ?C 2 }, J

J. Gordon, Properties of Kinding We introduced in Section 3.2 a universal type Un of data known to the opponent Lemma 15 (Public Tainted) is a standard characterization of the public and tainted kinds: a type T is public if and only if it is a subtype of Un, and a type is tainted if and only if it is a supertype of Un. The next two lemmas are needed in the proof of this main lemma, 2003.

E. If, T and (? <: ? ) ? E we have that: {?, ? } ? fnfv(T ) = ? if and only if {?

E. If, <. , and E. T. , ? :: pub, ? :: tnt, E T :: ?. Our second substitution lemma shows how substitution of a type T for a variable ? affects various judgments

E. If, E. U. , E. T. , E. T-?, and E. Te-{t-/-?}-)-t-{t-/-?}, (4) If E, ? :: ?

. Let, Let T be {y : U | C} or U for any U such that h : (H,U) For any H and U such that h, if E T <: U then E H <: H

·. Bengtson, . Bhargavan, . Fournet, and . Gordon, Maffeis The next two lemmas assert that heating A A preserves the extracted formulas of an expression (that is, the formulas extracted from A follow from those extracted from A) and also that heating preserves types

E. If, E. A. Is-executable, A. A. , and E. , Similarly, the next two lemmas assert that reduction A ? A preserves the extracted formulas of an expression and also that reduction preserves types

E. A. If, A. , and E. , Our next results are that typing implies static safety and indeed safety

?. If, S. Is, and . Safe, RESTATEMENT OF THEOREM 1 (SAFETY) If ? A : T then A is safe. PROOF. Consider any A and S such that A ? * A and A S; it suffices to show that S is statically safe, Preserves Types) this and A S imply ? S : T . By Lemma 31 (Static Safety), this implies S is statically safe

E. Suppose, If O is an expression containing no assert such that (a Un) ? E for each name a ? fn(O), and (x : Un) ? E for each variable x ? fv(O), then E O : Un. Finally, we prove that robust safety follows by typing, RESTATEMENT OF THEOREM 2 (ROBUST SAFETY

M. Abadi, Secrecy by typing in security protocols, Journal of the ACM, vol.46, issue.5, pp.749-786, 1999.
DOI : 10.1145/324133.324266

. Abadi, Access control in a core calculus of dependency, Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin, pp.5-31, 2007.

M. Abadi and B. Blanchet, Analyzing security protocols with secrecy types and logic programs, Journal of the ACM, vol.52, issue.1, pp.102-146, 2005.
DOI : 10.1145/1044731.1044735

M. Abadi and C. Fournet, Access control based on execution history, 10th Annual Network and Distributed System Symposium (NDSS'03). Internet Society, 2003.

M. Abadi and A. D. Gordon, A calculus for cryptographic protocols, Proceedings of the 4th ACM conference on Computer and communications security , CCS '97, pp.1-70, 1999.
DOI : 10.1145/266420.266432

M. Abadi and R. Needham, Prudent engineering practice for cryptographic protocols, IEEE Transactions on Software Engineering, vol.22, issue.1, pp.6-15, 1996.
DOI : 10.1109/32.481513

M. Abadi, B. Burrows, G. Lampson, and . Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems, vol.15, issue.4, pp.706-734, 1993.
DOI : 10.1145/155183.155225

A. Askarov and A. Sabelfeld, Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study, European Symposium on Research in Computer Security (ESORICS'05), pp.197-221, 2005.
DOI : 10.1007/11555827_12

D. Askarov, A. Hedin, and . Sabelfeld, Cryptographically-masked flows, Static Analysis Symposium, pp.353-369, 2006.

D. Aspinall and A. Compagnoni, Subtyping dependent types, Theoretical Computer Science, vol.266, issue.1-2, pp.273-309, 2001.
DOI : 10.1016/S0304-3975(00)00175-4

A. Aydemir, B. C. Chargéraud, R. Pierce, S. Pollack, and . Weirich, Engineering formal metatheory, ACM Symposium on Principles of Programming Languages (POPL'08), pp.3-17, 2008.

M. Backes, M. Grochulla, C. Hrit¸cuhrit¸cu, and M. Maffei, Achieving Security Despite Compromise Using Zero-knowledge, 2009 22nd IEEE Computer Security Foundations Symposium, pp.308-323, 2009.
DOI : 10.1109/CSF.2009.24

I. Baltopoulos and A. D. Gordon, Secure compilation of a multi-tier web language, Proceedings of the 4th international workshop on Types in language design and implementation, TLDI '09, pp.27-38, 2009.
DOI : 10.1145/1481861.1481866

M. Barnett, M. Leino, and W. Schulte, The Spec# Programming System: An Overview, CASSIS'05, pp.49-69, 2005.
DOI : 10.1007/978-3-540-30569-9_3

M. Bellare and P. Rogaway, Random oracles are practical, Proceedings of the 1st ACM conference on Computer and communications security , CCS '93, pp.62-73, 1993.
DOI : 10.1145/168588.168596

J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis, Refinement types for secure implementations, 2010.
URL : https://hal.archives-ouvertes.fr/hal-01294973

K. Bhargavan, C. Fournet, R. Corin, and E. Zalinescu, Cryptographically verified implementations for TLS, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.459-468, 2008.
DOI : 10.1145/1455770.1455828

K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse, Verified interoperable implementations of security protocols, ACM Transactions on Programming Languages and Systems, vol.31, issue.1, pp.1-561, 2008.
DOI : 10.1145/1452044.1452049

K. Bhargavan, R. Corin, P. Deniélou, C. Fournet, and J. J. Leifer, Cryptographic Protocol Synthesis and Verification for Multiparty Sessions, 2009 22nd IEEE Computer Security Foundations Symposium, pp.124-140, 2009.
DOI : 10.1109/CSF.2009.26

K. Bhargavan, C. Fournet, and A. D. Gordon, Modular verification of security protocol code by typing, ACM Symposium on Principles of Programming Languages (POPL'10), pp.445-456, 2010.

B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.82-96, 2001.
DOI : 10.1109/CSFW.2001.930138

. Blanchet, A computationally sound mechanized prover for security protocols, Cryptology ePrint Archive Report, vol.401, 2005.

B. Blanchet, M. Abadi, and C. Fournet, Automated Verification of Selected Equivalences for Security Protocols, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05), pp.3-51, 2008.
DOI : 10.1109/LICS.2005.8

J. Borgström, A. D. Gordon, and R. Pucella, Roles, stacks, histories: A triple for Hoare, pp.2009-97, 2009.

. Cardelli, Typechecking dependent types and subtypes, Foundations of Logic and Functional Programming, pp.45-57, 1986.
DOI : 10.1007/3-540-19129-1_2

S. Chaki and A. Datta, ASPIER: An Automated Framework for Verifying Security Protocol Implementations, 2009 22nd IEEE Computer Security Foundations Symposium, pp.172-185, 2009.
DOI : 10.1109/CSF.2009.20

A. Cirillo, R. Jagadeesan, C. Pitcher, and J. Riely, Do As I SaY! Programmatic Access Control with Explicit Identities, 20th IEEE Computer Security Foundations Symposium (CSF'07), pp.16-30, 2007.
DOI : 10.1109/CSF.2007.19

R. Constable, S. Allen, H. Bromley, W. Cleaveland, J. Cremer et al., Implementing mathematics with the Nuprl proof development system, 1986.

E. Cooper, S. Lindley, P. Wadler, and J. Yallop, Links: Web Programming Without Tiers, FMCO: Proceedings of 5th International Symposium on Formal Methods for Components and Objects, 2006.
DOI : 10.1007/978-3-540-74792-5_12

T. Coquand and G. Huet, The calculus of constructions. Information and Computation, pp.95-120, 1988.
URL : https://hal.archives-ouvertes.fr/inria-00076024

N. G. De-bruijn, Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem, Indagationes Mathematicae, vol.34, pp.381-392, 1972.

L. De-moura and N. Bjørner, Z3: An efficient SMT solver In Tools and Algorithms for the Construction and Analysis of Systems, LNCS, vol.4963, pp.337-340, 2008.

D. Dean, E. Felten, and D. Wallach, Java security: from HotJava to Netscape and beyond, Proceedings 1996 IEEE Symposium on Security and Privacy, 1996.
DOI : 10.1109/SECPRI.1996.502681

D. Detlefs, G. Nelson, and J. Saxe, Simplify: a theorem prover for program checking, Journal of the ACM, vol.52, issue.3, pp.365-473, 2005.
DOI : 10.1145/1066100.1066102

D. Dolev and A. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983.
DOI : 10.1109/TIT.1983.1056650

M. A. Dummett, Elements of intuitionism, 1977.

J. Filliâtre, Why: a multi-language multi-prover verification condition generator, 2003.

C. Flanagan, K. R. Leino, M. Lillibridge, G. Nelson, J. B. Saxe et al., Extended static checking for Java, ACM SIGPLAN Notices, vol.37, issue.5, pp.234-245, 2002.
DOI : 10.1145/543552.512558

C. Fournet and T. Rezk, Cryptographically sound implementations for typed informationflow security, 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'08), pp.323-335, 2008.

C. Fournet, A. D. Gordon, and S. Maffeis, A type discipline for authorization policies, ACM TOPLAS, vol.29, issue.5, 2007.

C. Fournet, A. D. Gordon, and S. Maffeis, A type discipline for authorization policies in distributed systems, 20th IEEE Computer Security Foundations Symposium (CSF'07), pp.31-45, 2007.

T. Freeman and F. Pfenning, Refinement types for ML, Programming Language Design and Implementation (PLDI'91), pp.268-277, 1991.

A. D. Gordon, A mechanisation of name-carrying syntax up to alpha-conversion, Higher Order Logic Theorem Proving and its Applications. Proceedings number 780 in LNCS, pp.414-426, 1993.
DOI : 10.1007/3-540-57826-9_152

A. D. Gordon and C. Fournet, Principles and applications of refinement types A preliminary version appears as, In Proceedings of the NATO Summer School Marktoberdorf, 2009.

A. D. Gordon and A. S. Jeffrey, Cryptyc: Cryptographic protocol type checker. At http://cryptyc.cs.depaul, 2002.

A. D. Gordon and A. S. Jeffrey, Authenticity by typing for security protocols, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.451-521, 2003.
DOI : 10.1109/CSFW.2001.930143

A. D. Gordon and A. S. Jeffrey, Types and effects for asymmetric cryptographic protocols, Journal of Computer Security, vol.12, issue.3-4, pp.435-484, 2003.
DOI : 10.3233/JCS-2004-123-406

A. D. Gordon and A. S. Jeffrey, Secrecy Despite Compromise: Types, Cryptography, and the Pi-Calculus, CONCUR 2005?Concurrency Theory, pp.186-201, 2005.
DOI : 10.1007/11539452_17

J. Goubault-larrecq and F. Parrennes, Cryptographic Protocol Analysis on Real C Code, VMCAI'05, pp.363-379, 2005.
DOI : 10.1007/978-3-540-30579-8_24

J. Gronski, K. Knowles, A. Tomb, S. N. Freund, and C. Flanagan, Sage: Hybrid checking for flexible specifications, Scheme and Functional Programming Workshop, pp.93-104, 2006.

. Gunter, Semantics of programming languages, 1992.

N. Guts, C. Fournet, and F. Z. Nardelli, Reliable Evidence: Auditability by Typing, 14th European Symposium on Research in Computer Security (ESORICS'09), pp.168-183, 2009.
DOI : 10.1016/S0140-3664(02)00049-X

E. Hubbers, M. Oostdijk, and E. Poll, Implementing a Formally Verifiable Security Protocol in Java Card, Security in Pervasive Computing, pp.213-226, 2003.
DOI : 10.1007/978-3-540-39881-3_19

A. S. Jagadeesan, C. Jeffrey, J. Pitcher, and . Riely, Lambda-RBAC: Programming with Role-Based Access Control, Logical Methods in Computer Science, vol.4, issue.1, 2008.
DOI : 10.2168/LMCS-4(1:2)2008

L. Jia, J. Vaughan, K. Mazurak, J. Zhao, L. Zarko et al., Aura: a programming language for authorization and audit, International Conference on Functional Programming (ICFP'08), pp.27-38, 2008.

M. Kawaguchi, P. Rondon, and R. Jhala, Type-based data structure verification, Programming Language Design and Implementation (PLDI'09), pp.304-315, 2009.

P. Li and S. Zdancewic, Encoding information flow in Haskell, IEEE Computer Security Foundations Workshop (CSFW'06), p.16, 2006.

S. Maffeis, M. Abadi, C. Fournet, and A. D. Gordon, Code-Carrying Authorization, 13th European Symposium on Research in Computer Security (ESORICS'08), pp.563-579, 2008.
DOI : 10.1007/3-540-56610-4_62

P. Martin-löf, Intuitionistic type theory, Bibliopolis, 1984.

J. H. Morris and J. , Protection in programming languages, Communications of the ACM, vol.16, issue.1, pp.15-21, 1973.
DOI : 10.1145/361932.361937

A. C. Myers, JFlow, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , POPL '99, pp.228-241, 1999.
DOI : 10.1145/292540.292561

A. Nadalin, C. Kaler, P. Hallam-baker, and R. Monzillo, OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security, 2004.

R. Needham and M. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, vol.21, issue.12, pp.993-999, 1978.
DOI : 10.1145/359657.359659

C. Parent, Synthesizing proofs from programs in the Calculus of Inductive Constructions, Mathematics of Program Construction (MPC'95), pp.351-379, 1995.
DOI : 10.1007/3-540-60117-1_20

L. C. Paulson, Logic and computation: Interactive proof with Cambridge LCF, 1987.
DOI : 10.1017/CBO9780511526602

L. C. Paulson, Isabelle: a generic theorem prover, LNCS, vol.828, 1991.
DOI : 10.1007/BFb0030541

B. Pierce and D. Sangiorgi, Typing and subtyping for mobile processes, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science, pp.409-454, 1996.
DOI : 10.1109/LICS.1993.287570

E. Poll and A. Schubert, Verifying an implementation of SSH, WITS'07, pp.164-177, 2007.

F. Pottier and V. Simonet, Information flow inference for ML, ACM Transactions on Programming Languages and Systems, vol.25, issue.1, pp.117-158, 2003.
DOI : 10.1145/596980.596983

F. Pottier, C. Skalka, and S. Smith, A systematic approach to access control, Programming Languages and Systems, pp.30-45, 2001.

Y. Régis-gianas and F. Pottier, A Hoare Logic for Call-by-Value Functional Programs, Mathematics of Program Construction, pp.305-335
DOI : 10.1007/978-3-540-70594-9_17

P. Rondon, M. Kawaguchi, and R. Jhala, Liquid types, Programming Language Design and Implementation (PLDI'08), pp.159-169, 2008.

P. Rondon, M. Kawaguchi, and R. Jhala, Low-level liquid types, ACM Symposium on Principles of Programming Languages (POPL'10), pp.131-144, 2010.

J. Rushby, S. Owre, and N. Shankar, Subtypes for specifications: predicate subtyping in PVS, IEEE Transactions on Software Engineering, vol.24, issue.9, pp.709-720, 1998.
DOI : 10.1109/32.713327

A. Sabry and M. Felleisen, Reasoning about programs in continuation-passing style, LISP and Symbolic Computation, vol.6, pp.3-4289, 1993.

E. Sumii and B. Pierce, A bisimulation for dynamic sealing, TCS, vol.375, pp.1-3169, 2007.

J. A. Vaughan and S. Zdancewic, A Cryptographic Decentralized Label Model, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.192-206, 2007.
DOI : 10.1109/SP.2007.5

J. A. Vaughan, L. Jia, K. Mazurak, and S. Zdancewic, Evidence-Based Audit, 2008 21st IEEE Computer Security Foundations Symposium, pp.177-191, 2008.
DOI : 10.1109/CSF.2008.24

T. Woo and S. Lam, A semantic model for authentication protocols, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp.178-194, 1993.
DOI : 10.1109/RISP.1993.287633

H. Xi and F. Pfenning, Dependent types in practical programming, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , POPL '99, pp.214-227, 1999.
DOI : 10.1145/292540.292560

D. N. Xu, Extended static checking for haskell, Proceedings of the 2006 ACM SIGPLAN workshop on Haskell , Haskell '06, pp.48-59, 2006.
DOI : 10.1145/1159842.1159849