Union and Intersection Types for Secure Protocol Implementations

Backes, Michael; Hriţcu, Cătălin; Maffei, Matteo

doi:10.1007/978-3-642-27375-9_1

Cited by 13 publications

(22 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Among various static analysis approaches, security type systems have played a major role, since they are able to statically provide security proofs for an unbounded number of concurrent executions, even in presence of an active attacker; they are modular, and scale remarkably well in practice. Recent research has shown that it is possible to leverage generalpurpose theorem proving techniques to develop powerful type systems for the verification of a wide range of security properties on application code, thus narrowing the gap between the formal model designed for the analysis and the actual implementation of the protocols [4,2,26]. The integration between type systems and theorem proving is achieved by resorting to a form of dependent types, known as refinement types.…”

Section: Introductionmentioning

confidence: 99%

Logical Foundations of Secure Resource Management in Protocol Implementations

Bugliesi

Calzavara

Eigner

et al. 2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Recent research has shown that it is possible to leverage general-purpose theorem proving techniques to develop powerful type systems for the verification of a wide range of security properties on application code. Although successful in many respects, these type systems fall short of capturing resource-conscious properties that are crucial in large classes of modern distributed applications. In this paper, we propose the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic. Our type system draws on a novel notion of "exponential serialization" of affine formulas, a general technique to protect affine formulas from the effect of duplication. This technique allows to formulate an expressive logical encoding of the authentication mechanisms underpinning distributed resource-aware authorization policies. We further devise a sound and complete type checking algorithm. We discuss the effectiveness of our approach on a case study from the world of e-commerce protocols.

show abstract

Section: Introductionmentioning

confidence: 99%

Logical Foundations of Secure Resource Management in Protocol Implementations

Bugliesi

Calzavara

Eigner

et al. 2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…This extends the scope of the existing type-based analyses of protocol implementations to important classes of cryptographic protocols that were not covered so far, including protocols based on zeroknowledge proofs. Our type system comes with a mechanized proof of correctness and an efficient implementation [21].…”

Section: Discussionmentioning

confidence: 99%

“…The type-checker consists of around 2.5kLOC, while the whole tool-chain has over 5kLOC. All the tools are available online [21].…”

Section: Methodsmentioning

confidence: 99%

“…The tool-chain we have developed additionally contains the automatic code generator for zero-knowledge proofs, an interpreter, and a visual debugger. The formalization and the implementation are available online [21].…”

Section: Contributionsmentioning

confidence: 99%

“…Our Coq formalization [21] totals more than 14kLOC, 11 out of which more than 1.5kLOC are just definitions. We used Ott [115] to generate a large part of these definitions from a 1kLOC long Ott specification, but for the more complex rules we often 11 All code size figures include whitespace and comments.…”

Section: Theorem 15 (Value Of Type Private ⇒ Robustly Private) If ∅mentioning

confidence: 99%

See 2 more Smart Citations

Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

Backes

Hriţcu

Maffei

2014

JCS

Self Cite

View full text Add to dashboard Cite

We present a new type system for verifying the security of reference implementations of cryptographic protocols written in a core functional programming language.The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of important protocol classes that were previously out of scope for the type-based analyses of reference protocol implementations. In particular, our types can statically characterize:(i) more usages of asymmetric cryptography, such as signatures of private data and encryptions of authenticated data; (ii) authenticity and integrity properties achieved by showing knowledge of secret data; (iii) applications based on zero-knowledge proofs. The type system comes with a mechanized proof of correctness and an efficient type-checker.

show abstract

Typing secure implementation of authentication protocols in environments with compromised principals

Sattarzadeh

Fallah

2013

Security Comm Networks

View full text Add to dashboard Cite

Analyzing the executable code, instead of the high‐level model, of security protocols has received attention in recent years. To this end, a number of security type systems have already been proposed. These type systems are sound but incomplete. That is, a well‐typed protocol is certainly secure, whereas no judgment can be made about the protocol whose type‐annotated code is ill typed. In fact, the type‐based analysis of a protocol would have no result unless we are able to find a well‐typed code that represents both the protocol and the attacker's capabilities. As there is a very large space of possible type annotations and adversary models, this requires a profound knowledge of the rationale behind the underlying type system as well as the components of the protocol being analyzed. The problem is aggravated when the protocol runs in environments containing compromised principals. These issues have rendered the use of such type systems somewhat impractical. This paper is an attempt to resolve the problem for authentication protocols in environments containing Dolev–Yao attackers. We concretize our ideas in F5, a security type checker, and suggest effective type annotations and so‐called attacker interfaces representing the capabilities of a general adversary. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

Union and Intersection Types for Secure Protocol Implementations

Cited by 13 publications

References 43 publications

Logical Foundations of Secure Resource Management in Protocol Implementations

Logical Foundations of Secure Resource Management in Protocol Implementations

Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

Typing secure implementation of authentication protocols in environments with compromised principals

Contact Info

Product

Resources

About