Results 1 - 10
of
17
On Global Types and Multi-Party Sessions ⋆
"... Abstract. We present a new, streamlined language of global types equipped with a trace-based semantics and whose features and restrictions are semantically justified. The multi-party sessions obtained projecting our global types enjoy a liveness property in addition to the traditional progress and a ..."
Abstract
-
Cited by 21 (4 self)
- Add to MetaCart
Abstract. We present a new, streamlined language of global types equipped with a trace-based semantics and whose features and restrictions are semantically justified. The multi-party sessions obtained projecting our global types enjoy a liveness property in addition to the traditional progress and are shown to be sound and complete with respect to the set of traces of the originating global type. Our notion of completeness is less demanding than the classical ones, allowing a multiparty session to leave out redundant traces from an underspecified global type. In addition to the technical content, we discuss some limitations of our language of global types and provide an extensive comparison with related specification languages adopted in different communities. 1
Algebraic properties in alice and bob notation
- Availability, Reliability and Security, International Conference on, 0:433–440
, 2009
"... Some reports are available at ..."
(Show Context)
Compiling and securing cryptographic protocols
, 2009
"... Protocol narrations are widely used in security as semi-formal notations to specify conversations between roles. We define a translation from a protocol narration to the sequences of operations to be performed by each role. Unlike previous works, we reduce this compilation process to well-known deci ..."
Abstract
-
Cited by 10 (1 self)
- Add to MetaCart
(Show Context)
Protocol narrations are widely used in security as semi-formal notations to specify conversations between roles. We define a translation from a protocol narration to the sequences of operations to be performed by each role. Unlike previous works, we reduce this compilation process to well-known decision problems in formal protocol analysis. This allows one to define a natural notion of prudent translation and to reuse many known results from the literature in order to cover more crypto-primitives. In particular this work is the first one to show how to compile protocols parameterised by the properties of the available operations.
Distributed Temporal Logic for the Analysis of Security Protocol Models
, 2010
"... The distributed temporal logic DTL is an expressive logic, well-suited for formalizing properties of concurrent, communicating agents. We show how DTL can be used as a metalogic to reason about and relate different security-protocol models. This includes reasoning about model simplifications, where ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
The distributed temporal logic DTL is an expressive logic, well-suited for formalizing properties of concurrent, communicating agents. We show how DTL can be used as a metalogic to reason about and relate different security-protocol models. This includes reasoning about model simplifications, where models are transformed to have fewer agents or behaviors, and verifying model reductions, where to establish the validity of a property it suffices to consider its satisfaction on only a subset of models. We illustrate how DTL can be used to formalize security models, protocols, and properties, and then present three concrete examples of metareasoning. First, we prove a general theorem about sufficient conditions for data to remain secret during communication. Second, we prove the equivalence of two models for guaranteeing message-origin authentication. Finally, we relate channel-based and intruder-centric models, showing that it is sufficient to consider models in which the intruder completely controls the network. While some of these results belong to the folklore or have been shown, mutatis mutandis, using other formalisms, DTL provides a uniform means to prove them within the same formalism. It also allows us to clarify subtle aspects of these model transformations that are often neglected or cannot be specified in the first place.
Towards Understanding Pure Publish/Subscribe Cryptographic Protocols DRAFT
"... In this paper, we pursue towards understanding how to design and analyse cryptographic protocols in a (large) network setting where all communication is solely based on the publish/subscribe paradigm. That is, we expect a stack and network architecture where all message passing is based on publish/s ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
In this paper, we pursue towards understanding how to design and analyse cryptographic protocols in a (large) network setting where all communication is solely based on the publish/subscribe paradigm. That is, we expect a stack and network architecture where all message passing is based on publish/subscribe rather than send/receive, all the way down to the link layer. Under those assumptions, it looks like that the majority of present work on cryptographic protocol analysis applies to an extend, with only minor modifications mostly on the notation side, while the protocol design aspects will need larger modifications. Furthermore, the paradigm shift opens a number of interesting problems, requiring modifications to many of the traditional intuitions guiding protocol design and analysis. 1.
Cryptographic protocol explication and end-point projection
- In European Symposium on Research in Computer Security (ESORICS
, 2008
"... Abstract. Cryptographic protocols are useful for engineering trust in transactions. There are several languages for describing these protocols, but these tend to capture the communications from the perspective of an individual role. In contrast, traditional protocol descriptions as found in a state ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Abstract. Cryptographic protocols are useful for engineering trust in transactions. There are several languages for describing these protocols, but these tend to capture the communications from the perspective of an individual role. In contrast, traditional protocol descriptions as found in a state of nature tend to employ a whole-protocol description, resulting in an impedance mismatch. In this paper we present two results to address this gap between human descriptions and deployable specifications. The first is an end-point projection technique that consumes an explicit whole-protocol description and generates specifications that capture the behavior of each participant role. In practice, however, many whole-protocol descriptions contain idiomatic forms of implicit specification. We therefore present our second result, a transformation that identifies and eliminates these implicit patterns, thereby preparing protocols for end-point projection. Concretely, our tools consume protocols written in our whole-protocol language, wppl, and generate role descriptions in the cryptographic protocol programming language, cppl. We have formalized and established properties of the transformations using the Coq proof assistant. We have validated our transformations by applying them successfully to most of the protocols in the spore repository. 1
Towards the Attacker’s View of Protocol Narrations (or, How to Compile Security Protocols)
"... As protocol narrations are widely used to describe security protocols, efforts have been made to formalize or devise semantics for them. An important, but largely neglected, question is whether or not the formalism faithfully accounts for the attacker’s view. Several attempts have been made in the l ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
As protocol narrations are widely used to describe security protocols, efforts have been made to formalize or devise semantics for them. An important, but largely neglected, question is whether or not the formalism faithfully accounts for the attacker’s view. Several attempts have been made in the literature to recover the attacker’s view. They, how-ever, are rather restricted in scope and quite complex. This greatly impedes the ability of protocol verification tools to detect intricate attacks. In this paper, we establish a faithful view of the attacker based on rigorous, yet intuitive, interpretations of exchanged messages. This gives us a new way to look at attacks and protocol implementations. Specifically, we identify two types of attacks that can be thawed through adjusting the protocol implementation; and show that such an ideal implementa-tion does not always exist. Overall, the obtained attacker’s view provides a path to more secure protocol designs and implementations.
Social Aspects of Trust in the Internet: Issues and Incentives
"... Abstract—This paper draws lessons from research on trust in social sciences. Human beings have an innate drive towards cooperation including a basic willingness to trust strangers, and to altruistically punish defectors, even at a high cost to themselves. The ability to trust people, i.e. having an ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—This paper draws lessons from research on trust in social sciences. Human beings have an innate drive towards cooperation including a basic willingness to trust strangers, and to altruistically punish defectors, even at a high cost to themselves. The ability to trust people, i.e. having an environment, in which people can be generally assumed to be benevolent, is considered important for democracy and working markets. Market efficiency and creation of communities are of importance for the future of communications. Based on the findings, a number of architectural principles that have effects on trust are proposed: prefer code, multi-dimensional compensation, intention neutrality, balancing privacy and attribution, internalising and market shaping, and explicit representation of trust and reputation. The findings indicate that a technical architecture that fosters trust is necessary for the future of communication networks. I.
Static Analyses of Cryptographic Protocols
, 2009
"... Most protocol analyses only address security properties. However, other properties are important and can increase our understanding of protocols, as well as aid in the deployment and compilation of implementations. We investigate such analyses. Unfortunately, existing high-level protocol implementat ..."
Abstract
- Add to MetaCart
Most protocol analyses only address security properties. However, other properties are important and can increase our understanding of protocols, as well as aid in the deployment and compilation of implementations. We investigate such analyses. Unfortunately, existing high-level protocol implementation languages do not accept programs that match the style used by the protocol design community. These languages are designed to implement protocol roles independently, not whole protocols. Therefore, a different program must be written for each role. We define a language, WPPL, that avoids this problem. It avoids the need to create a new tool-chain, however, by compiling protocol descriptions into an existing, standard role-based protocol implementation language. Next, we investigate two families of analyses. The first reveals the implicit design decisions of the protocol designer and enables fault-tolerance in implementations. The second characterizes the infinite space of all messages a protocol role could accept and enables scalability by determining the session state necessary to support concurrency. Our entire work is formalized in a mechanical proof checker, the Coq proof assistant, to ensure its theoretical reliability. Our implementations are automatically extracted from the formal Coq theory, so they are guaranteed to implement the theory.
Alice and Bob Meet Equational Theories
"... Abstract. Cryptographic protocols are the backbone of secure com-munication over open networks and their correctness is therefore cru-cial. Tool-supported formal analysis of cryptographic protocol designs increases our confidence that these protocols achieve their intended se-curity guarantees. We p ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Cryptographic protocols are the backbone of secure com-munication over open networks and their correctness is therefore cru-cial. Tool-supported formal analysis of cryptographic protocol designs increases our confidence that these protocols achieve their intended se-curity guarantees. We propose a method to automatically translate text-book style Alice&Bob protocol specifications into a format amenable to formal verification using existing tools. Our translation supports specifi-cation modulo equational theories, which enables the faithful represen-tation of algebraic properties of a large class of cryptographic operators. 1
