Typing and Compositionality for Security Protocols: A Generalization to the Geometric Fragment

Almousa, Omar Saad; Mödersheim, Sebastian; Modesti, Paolo; Viganò, Luca

doi:10.1007/978-3-319-24177-7_11

Cited by 13 publications

(13 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With sets we can model events, e.g., asserting an event e amounts to inserting e into a distinguished set of events while checking whether e has previously occurred (or not) corresponds to a positive (respectively negative) set-membership check. We therefore support all security properties expressible in the geometric fragment [1]. This covers many standard reachability goals such as authentication; it seems that any significantly richer fragment of first-order logic would be incompatible with our result.…”

Section: Protocol Semanticssupporting

confidence: 54%

Stateful Protocol Composition

2018

View full text Add to dashboard Cite

We prove a parallel compositionality result for protocols with a shared mutable state, i.e., stateful protocols. For protocols satisfying certain compositionality conditions our result shows that verifying the component protocols in isolation is sufficient to prove security of their composition. Our main contribution is an extension of the compositionality paradigm to stateful protocols where participants maintain shared databases. Because of the generality of our result we also cover many forms of sequential composition as a special case of stateful parallel composition. Moreover, we support declassification of shared secrets. As a final contribution we prove the core of our result in Isabelle/HOL, providing a strong correctness guarantee of our proofs.

show abstract

Section: Protocol Semanticssupporting

confidence: 54%

Stateful Protocol Composition

2018

View full text Add to dashboard Cite

show abstract

“…One may think of the variables as parameters of a protocol description that must be instantiated for a concrete execution of the protocol; in our example, the variables A and B shall be instantiated with concrete agent names such as a, b or the intruder p 4 , whereas X and Y should be instantiated with random numbers that are freshly chosen by A and B, respectively.…”

Section: Sps Syntaxmentioning

confidence: 99%

“…By default, the interpretation of SPS is untyped, i.e., types are used only by the SPS translator to check that the user did not specify any ill-typed terms. The types can however be used to generate a more restrictive typed model and under certain conditions this restriction is without loss of attacks [4]. The type Agent has a special relevance: constants and variables of this type we call roles, and the symbol Role in the above grammar must only be used for identifiers of type Agent.…”

Section: Sps Syntaxmentioning

confidence: 99%

“…Then we can define (independent of the concrete protocol) a violation of secrecy as a state where the intruder has learned Payload but is neither A nor B. We do not give here more details on goals, because from a semantical point of view we just treat the events as if they were messages on a special channel to a "referee" who decides if the present state is an attack; the handling of these events is uniform for a wide class of goals [4] and only limited by the abilities of current verification tools. In textual representation, we will simply write event(t) where t is a term characterizing the event.…”

Section: Operational Strandsmentioning

confidence: 99%

See 1 more Smart Citation

Alice and Bob: Reconciling Formal Models and Implementation

Almousa¹,

Mödersheim²,

Viganò

2015

Programming Languages With Applications to Biology and Security

Self Cite

View full text Add to dashboard Cite

Abstract. This paper defines the "ultimate" formal semantics for Alice and Bob notation, i.e., what actions the honest agents have to perform, in the presence of an arbitrary set of cryptographic operators and their algebraic theory. Despite its generality, this semantics is mathematically simpler than any previous attempt. For practical applicability, we introduce the language SPS and an automatic translation to robust real-world implementations and corresponding formal models, and we prove this translation correct with respect to the semantics.

show abstract

“…Beyond their implementation in different tools, we formally specify the functions behaviour in VDM, the same language that is being used here for the formal specification of AnB. This is different from other approaches [1,2,5], which compile AnB to different languages (e.g. CSP [32], operational strands [31], IF [3]), with a formally specified compilation strategy/set of rules which consider uninterpreted functions only symbolically.…”

Section: Introductionmentioning

confidence: 99%

A Methodology for Protocol Verification Applied to EMV® 1

Freitas

Modesti

Emms

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The EMVCo 3 organisation (i.e. MasterCard, Visa, etc.) protocols facilitate worldwide interoperability of secure electronic payments. Despite recent advances, it has proved difficult for academia to provide an acceptable solution to construction of secure applications within industry's constraints. In this paper, we describe a methodology we have applied to EMV1. It involves domain specific languages and verification tools targeting different analysis of interest. We are currently collaborating with EMVCo on their upcoming EMV R 2 nd Generation (EMV2) specifications.

show abstract

Typing and Compositionality for Security Protocols: A Generalization to the Geometric Fragment

Cited by 13 publications

References 22 publications

Stateful Protocol Composition

Stateful Protocol Composition

Alice and Bob: Reconciling Formal Models and Implementation

A Methodology for Protocol Verification Applied to EMV® 1

Contact Info

Product

Resources

About