Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

Backes, Michael; Hriţcu, Cătălin; Maffei, Matteo

doi:10.3233/jcs-130493

Cited by 18 publications

(22 citation statements)

References 122 publications

(198 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, it prevents digital signatures on private data which is a limitation of our type system inherited from the kinding rules of [7]. This problem can be resolved by adding a number of subkinding and subtyping rules to the type system [18] or by using union and intersection types [6].…”

Section: Kinding and Subtypingmentioning

confidence: 97%

“…However, it has been shown that ProVerif is not scalable when the number of lines of the protocol specification increases [12]. In another line of research, the source code of a given protocol is annotated by security types and the annotated code is analyzed using a type checker [5,6,14,68,69]. Type-based analysis methods are inherently modular and, in turn, scalable.…”

Section: Related Workmentioning

confidence: 99%

“…The methods proposed have even been further improved so that more complicated protocols can be analyzed. Notwithstanding, either they do not go beyond non-injective agreement [12,6] or they can only analyze protocols involving so-called public-out-secret-home (POSH) nonce handshakes [13,14]. Moreover, none of these enhanced type systems is equipped with a type inference algorithm, which even hinders their practical application.…”

Section: Introductionmentioning

confidence: 96%

“…This method has its origin in the first type system devised to check protocols for secrecy [1]. Now, there are many analysis methods and tools based on this idea that can be utilized to verify different kinds of security properties such as authenticity [2,3,4,5,6] and zero-knowledge proofs [6]. To achieve an effective type-based analysis method for security protocols, scholars first decide on a language that is expressive enough to model protocols.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Automated type-based analysis of injective agreement in the presence of compromised principals

Sattarzadeh

Fallah

2015

Journal of Logical and Algebraic Methods in Programming

View full text Add to dashboard Cite

show abstract

Section: Kinding and Subtypingmentioning

confidence: 97%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 96%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automated type-based analysis of injective agreement in the presence of compromised principals

Sattarzadeh

Fallah

2015

Journal of Logical and Algebraic Methods in Programming

View full text Add to dashboard Cite

show abstract

“…In particular, mature push-button analysis tools have emerged and have been successfully applied to many protocols from the literature in the context of trace properties such as authentication or confidentiality. These tools employ a variety of analysis techniques, such as model checking (e.g., Avispa [6] and Scyther [31]), Horn clause resolution (e.g., ProVerif [13]), term rewriting (e.g., Scyther [31] and Tamarin [38]), and type systems [7,12,[16][17][18][19][20][21]34,36,37].…”

Section: Introductionmentioning

confidence: 99%

Equivalence Properties by Typing in Cryptographic Branching Protocols

Cortier

Grimm

Lallemand

et al. 2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Recently, many tools have been proposed for automatically analysing, in symbolic models, equivalence of security protocols. Equivalence is a property needed to state privacy properties or game-based properties like strong secrecy. Tools for a bounded number of sessions can decide equivalence but typically suffer from efficiency issues. Tools for an unbounded number of sessions like Tamarin or ProVerif prove a stronger notion of equivalence (diff-equivalence) that does not properly handle protocols with else branches.Building upon a recent approach, we propose a type system for reasoning about branching protocols and dynamic keys. We prove our type system to entail equivalence, for all the standard primitives. Our type system has been implemented and shows a significant speedup compared to the tools for a bounded number of sessions, and compares similarly to ProVerif for an unbounded number of sessions. Moreover, we can also prove security of protocols that require a mix of bounded and unbounded number of sessions, which ProVerif cannot properly handle.

show abstract

Robustly Safe Compilation

Patrignani

Garg

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Secure compilers generate compiled code that withstands many target-level attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect and preserve observational equivalence. Fully abstract compilation is strong and useful but, in certain cases, comes at the cost of requiring expensive runtime constructs in compiled code. These constructs may have no relevance for security, but are needed to accommodate differences between the source and target languages that fully abstract compilation necessarily needs. As an alternative to fully abstract compilation, this paper explores a different criterion for secure compilation called robustly safe compilation or RSC. Briefly, this criterion means that the compiled code preserves relevant safety properties of the source program against all adversarial contexts interacting with the compiled program. We show that RSC can be proved more easily than fully abstract compilation and also often results in more efficient code. We also develop two illustrative robustlysafe compilers and, through them, illustrate two different proof techniques for establishing that a compiler attains RSC. Based on these, we argue that proving RSC can be simpler than proving fully abstraction.

show abstract

Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

Cited by 18 publications

References 122 publications

Automated type-based analysis of injective agreement in the presence of compromised principals

Automated type-based analysis of injective agreement in the presence of compromised principals

Equivalence Properties by Typing in Cryptographic Branching Protocols

Robustly Safe Compilation

Contact Info

Product

Resources

About