Abstract:International audienceSecurity protocols are distributed programs that aim at securing communications by the means of cryptography. They are for instance used to secure electronic payments, home banking and more recently electronic elections. Given The financial and societal impact in case of failure, and the long history of design flaws in such protocol, formal verification is a necessity. A major difference from other safety critical systems is that the properties of security protocols must hold in the prese… Show more
“…Indeed, research on security extensions to behavioral types (cf. the survey [2]) seems to have proceeded independently from approaches such as those overviewed in [7]. The work in [6] is similar in spirit to ours, but is different in conception and details, as it uses a session graph specification to generate a cryptographic functional implementation that enjoys session integrity.…”
Section: Related Work and Concluding Remarksmentioning
confidence: 99%
“…They are representative of two separate research strands: (a) Process models for security protocols, such as [12] (see also [7]), rely on variants of the applied π-calculus [1] to establish properties related to process execution (e.g., secrecy and confidentiality). These models support cryptography and term passing, but lack support for high-level communication structures.…”
Abstract. Process calculi are expressive specification languages for concurrency. They have been very successful in two research strands: (a) the analysis of security protocols and (b) the enforcement of correct messagepassing programs. Despite their shared foundations, languages and reasoning techniques for (a) and (b) have been separately developed. Here we connect two representative calculi from (a) and (b): we encode a (high-level) π-calculus for multiparty sessions into a (low-level) applied π-calculus for security protocols. We establish the correctness of our encoding, and we show how it enables the integrated analysis of security properties and communication correctness by re-using existing tools.
“…Indeed, research on security extensions to behavioral types (cf. the survey [2]) seems to have proceeded independently from approaches such as those overviewed in [7]. The work in [6] is similar in spirit to ours, but is different in conception and details, as it uses a session graph specification to generate a cryptographic functional implementation that enjoys session integrity.…”
Section: Related Work and Concluding Remarksmentioning
confidence: 99%
“…They are representative of two separate research strands: (a) Process models for security protocols, such as [12] (see also [7]), rely on variants of the applied π-calculus [1] to establish properties related to process execution (e.g., secrecy and confidentiality). These models support cryptography and term passing, but lack support for high-level communication structures.…”
Abstract. Process calculi are expressive specification languages for concurrency. They have been very successful in two research strands: (a) the analysis of security protocols and (b) the enforcement of correct messagepassing programs. Despite their shared foundations, languages and reasoning techniques for (a) and (b) have been separately developed. Here we connect two representative calculi from (a) and (b): we encode a (high-level) π-calculus for multiparty sessions into a (low-level) applied π-calculus for security protocols. We establish the correctness of our encoding, and we show how it enables the integrated analysis of security properties and communication correctness by re-using existing tools.
“…In addition to type checkers and type systems, there are other tools and techniques that can be utilized for the formal analysis of security protocols, each has its own pros and cons [45,46]. The inductive method [47] is among the first solutions proposed to verify security protocols.…”
Please cite this article in press as: B. Sattarzadeh, M.S. Fallah, Automated type-based analysis of injective agreement in the presence of compromised principals, Journal of Logical and Algebraic Methods in Programming (2015), http://dx.
“…[15,27,34] The approach to secure such a complex system is the modelization of security protocols with formal languages, and of the security properties to be preserved with formal logics. This formalization effort allows us to produce automated techniques and tools that verify whether the protocols and their implementations respect the security requirements.…”
Abstract. The protection of users' data conforming to best practice and legislation is one of the main challenges in computer science. Very often, large-scale data leaks remind us that the state of the art in data privacy and anonymity is severely lacking. The complexity of modern systems make it impossible for software architect to create secure software that correctly implements privacy policies without the help of automated tools. The academic community needs to invest more effort in the formal modelization of security and anonymity properties, providing a deeper understanding of the underlying concepts and challenges and allowing the creation of automated tools to help software architects and developers. This track provides numerous contributions to the formal modeling of security and anonymity properties and the creation of tools to verify them on large-scale software projects.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.