Results 1  10
of
20
Static validation of security protocols
 Journal of Computer Security
, 2005
"... We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suf ..."
Abstract

Cited by 49 (15 self)
 Add to MetaCart
We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as NeedhamSchroeder symmetric key, OtwayRees, Yahalom, Andrew Secure RPC, NeedhamSchroeder asymmetric key, and BellerChangYacobi MSR.
Automatic Validation of Protocol Narration
, 2003
"... We perform a systematic expansion of protocol narrations into terms of a process algebra in order to make precise some of the detailed checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstra ..."
Abstract

Cited by 49 (16 self)
 Add to MetaCart
We perform a systematic expansion of protocol narrations into terms of a process algebra in order to make precise some of the detailed checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice for identifying a number of authentication flaws in symmetric key protocols such as NeedhamSchroeder, OtwayRees, Yahalom and Andrew Secure RPC.
Flow logics: a multiparadigmatic approach to static analysis
 In The Essence of Computation: Complexity, Analysis, Transformation, LNCS no. 2566
, 2002
"... Abstract. Flow logic is an approach to static analysis that separates the specification of when an analysis estimate is acceptable for a program from the actual computation of the analysis information. It allows one not only to combine a variety of programming paradigms but also to link up with stat ..."
Abstract

Cited by 41 (14 self)
 Add to MetaCart
(Show Context)
Abstract. Flow logic is an approach to static analysis that separates the specification of when an analysis estimate is acceptable for a program from the actual computation of the analysis information. It allows one not only to combine a variety of programming paradigms but also to link up with stateoftheart developments in classical approaches to static analysis, in particular data flow analysis, constraintbased analysis and abstract interpretation. This paper gives a tutorial on flow logic and explains the underlying methodology; the multiparadigmatic approach is illustrated by a number of examples including functional, imperative, objectoriented and concurrent constructs. 1
ControlFlow Analysis in Cubic Time
 ELECTRONIC NOTES OF THEORETICAL COMPUTER SCIENCE
, 2001
"... The spicalculus is a variant of the polyadic sscalculus that admits symmetric cryptography and that admits expressing communication protocols in a precise though still abstract way. This paper shows that contextindependent control flow analysis can be calculated in cubic time despite the fact th ..."
Abstract

Cited by 36 (13 self)
 Add to MetaCart
The spicalculus is a variant of the polyadic sscalculus that admits symmetric cryptography and that admits expressing communication protocols in a precise though still abstract way. This paper shows that contextindependent control flow analysis can be calculated in cubic time despite the fact that the spicalculus operates over an infinite universe of values. Our approach is based on Horn Clauses with Sharing and we develop transformations to pass from the infinite to the finite and to deal with the polyadic nature of input and output. We prove that this suffices for obtaining a cubic time implementation without sacrificing precision and without making simplifying assumptions on the nature of keys.
A Dependently Typed Ambient Calculus
 In Programming Languages & Systems, 13th European Symp. Programming
, 2003
"... The Ambient calculus is a successful model of distributed, mobile computation, and has been the vehicle of new ideas for resource access control. ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
The Ambient calculus is a successful model of distributed, mobile computation, and has been the vehicle of new ideas for resource access control.
Relational analysis of correlation
 In María Alpuente and Germán Vidal, editors, The 15th International Static Analysis Symposium (SAS’08), volume 5079 of Lecture Notes in Computer Science
, 2008
"... Abstract. In serviceoriented computing, correlations are used to determine links between service providers and users. A correlation contains values for some variables received in a communication. Subsequent messages will only be received when they match the values of the correlation. Correlations a ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Abstract. In serviceoriented computing, correlations are used to determine links between service providers and users. A correlation contains values for some variables received in a communication. Subsequent messages will only be received when they match the values of the correlation. Correlations allow for the implementation of sessions, local shared memory, gradually provided input, or input provided in arbitrary order – thus presenting a challenge to static analysis. In this work, we present a static analysis in relational form of correlations. It is defined in terms of a fragment of the process calculus COWS that itself builds on the Fusion Calculus. The analysis is implemented and practical experiments allow us to automatically establish properties of the flow of information between services. 1
Handling exp, × (and timestamps) in protocol analysis
 In Proc. of FOSSACS’06, volume 3921 of LNCS
, 2006
"... Abstract. We present a static analysis technique for the verification of cryptographic protocols, specified in a process calculus. Rather than assuming a specific, fixed set of cryptographic primitives, we only require them to be specified through a term rewriting system, with no restrictions. Examp ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a static analysis technique for the verification of cryptographic protocols, specified in a process calculus. Rather than assuming a specific, fixed set of cryptographic primitives, we only require them to be specified through a term rewriting system, with no restrictions. Examples are provided to support our analysis. First, we tackle forward secrecy for a DiffieHellmanbased protocol involving exponentiation, multiplication and inversion. Then, a simplified version of Kerberos is analyzed, showing that its use of timestamps succeeds in preventing replay attacks. 1
From Flow Logic to Static Type Systems for Coordination Languages
"... Coordination languages are often used to describe openended systems. This makes it challenging to develop tools for guaranteeing security of the coordinated systems and correctness of their interaction. Successful approaches to this problem have been based on type systems with dynamic checks; there ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Coordination languages are often used to describe openended systems. This makes it challenging to develop tools for guaranteeing security of the coordinated systems and correctness of their interaction. Successful approaches to this problem have been based on type systems with dynamic checks; therefore, the correctness properties cannot be statically enforced. By contrast, static analysis approaches based on Flow Logic usually guarantee properties statically. In this paper we show how the insights from the Flow Logic approach can be used to construct a type system for statically ensuring secure access to tuple spaces and safe process migration for an extension of the language Klaim.
A privacy analysis for the πcalculus: The denotational approach
 Roskilde University
, 2002
"... We present a nonuniform static analysis for the πcalculus that is built on a denotational semantics of the language and is useful in detecting instances of information leakage and insecure communications in systems with multilevel security policies. To ensure the termination of the analysis, we p ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
We present a nonuniform static analysis for the πcalculus that is built on a denotational semantics of the language and is useful in detecting instances of information leakage and insecure communications in systems with multilevel security policies. To ensure the termination of the analysis, we propose an abstraction, which maintains a finite number of names to be generated by any process. We prove the safety of the analysis and review a prototype of the analysis called the Picasso tool.
Relational analysis for delivery of services
 In Trustworthy Global Computing
, 2007
"... Abstract. Many techniques exist for statically computing properties of the evolution of processes expressed in process algebras. Static analysis has shown how to obtain useful results that can both be checked and computed in polynomial time. In this paper we develop a static analysis in relational f ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Many techniques exist for statically computing properties of the evolution of processes expressed in process algebras. Static analysis has shown how to obtain useful results that can both be checked and computed in polynomial time. In this paper we develop a static analysis in relational form which substantially improves the precision of the results obtained while being able to deal with the full generality of the syntax of processes. The analysis reveals a feasible complexity for practical examples and gives rise to a fast prototype. We use this prototype to automatically prove the correct delivery of messages for the implementation of an accident service, which is based on multiplexed communication, a crucial feature of global computing applications. 1