article

On the secure implementation of security protocols

Authors:

Pablo Giambiagi,

Mads DamAuthors Info & Claims

Science of Computer Programming, Volume 50, Issue 1-3

Pages 73 - 99

https://doi.org/10.1016/j.scico.2004.01.002

Published: 01 March 2004 Publication History

Abstract

We consider the problem of implementing a security protocol in such a manner that secrecy of sensitive data is not jeopardized. Implementation is assumed to take place in the context of an API that provides standard cryptography and communication services. Given a dependency specification, stating how API methods can produce and consume secret information, we pro pose an information flow property based on the idea of invariance under perturbation, relating observable changes in output to corresponding changes in input. Besides the information flow condition itself, the main contributions of the paper are results relating the admissibility property to a direct flow property in the special case of programs which branch on secrets: only cases permitted by the dependency rules. These results are used to derive an unwinding theorem, reducing a behavioural correctness check (strong bisimulation) to an invariant.

References

[1]

{1} M. Abadi, A. Benerjee, N. Heintze, J.G. Riecke, A core calculus of dependency, in: Proc. 26th Ann. ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, San Antonio, TX, 1999, pp. 147-160.

Digital Library

Google Scholar

[2]

{2} M. Abadi, A.D. Gordon, A bisimulation method for cryptographic protocols, Nord. J. Comput. 5 (4) (1998) 267-303.

Digital Library

Google Scholar

[3]

{3} E.S. Cohen, Information transmission in sequential programs, in: R.A. DeMillo, D.P. Dobkin, A.K Jones, R.J. Lipton (Eds.), Foundations of Secure Computation, Academic Press, New York, 1978, pp-297-335.

Google Scholar

[4]

{4} M. Dam, P. Giambiagi, Confidentiality for mobile code: the case of a simple payment protocol, in: Proc. 13th IEEE Computer Security Foundations Workshop, Cambridge, England, 2000, pp. 233-244.

Digital Library

Google Scholar

[5]

{5} R. Focardi, R. Gorrieri, A classification of security properties for process algebras, J. Comput. Security 3 (1) (1995) 5-33.

Digital Library

Google Scholar

[6]

{6} P. Laud, Handling encryption in an analysis for secure information flow, in: Proc. 12th European Symp. on Programming, Lecture Notes in Computer Science, vol. 2618, Springer, Berlin, 2003, pp. 159-173.

Digital Library

Google Scholar

[7]

{7} J.C. Mitchell, Foundations for Programming Languages, MIT Press, Cambridge, MA, 1996.

Digital Library

Google Scholar

[8]

{8} D. Naumaun, Soundness of data refinement for a higher order imperative language, Theoret. Comput. Sci. 278 (2002) 271-301.

Digital Library

Google Scholar

[9]

{9} A.W. Roscoe, M.H. Goldsmith, What is intransitive noninterference? in: Proc. 12th IEEE Computer Security Foundations Workshop, Mordano, Italy, 1999, pp. 228-238.

Digital Library

Google Scholar

[10]

{10} A. Sabelfeld, A.C. Myers, Language-based information-flow security, IEEE J. Selected Areas Comm. 21 (1) (2003) 5-19.

Digital Library

Google Scholar

[11]

{11} A. Sabelfeld, D. Sands, A per model of secure information flow in sequential programs, Higher Order Symbolic Comput. 14 (1) (2001) 59-91.

Digital Library

Google Scholar

[12]

{12} D. Volpano, Secure introduction of one-way functions, in: Proc. 13th IEEE Computer Security Foundations Workshop, Cambridge, England, 2000, pp. 246-254.

Digital Library

Google Scholar

[13]

{13} D. Volpano, G. Smith, C. Irvine, A sound type system for secure flow analysis, J. Comput. Security 4 (3) (1996) 167-187.

Digital Library

Google Scholar

[14]

{14} S. Zdancewic, A. Myers, Robust declassification, in: Proc. 14th IEEE Computer Security Foundations Workshop, Nova Scotia, Canada, 2001, pp. 15-23.

Digital Library

Google Scholar

Cited By

View all

Bhargavan KFournet CGordon ATse S(2008)Verified interoperable implementations of security protocolsACM Transactions on Programming Languages and Systems10.1145/1452044.145204931:1(1-61)Online publication date: 12-Dec-2008
https://dl.acm.org/doi/10.1145/1452044.1452049
Bhargavan KFournet CGordon ASwamy NAbe MGligor V(2008)Verified implementations of the information card federated identity-management protocolProceedings of the 2008 ACM symposium on Information, computer and communications security10.1145/1368310.1368330(123-135)Online publication date: 18-Mar-2008
https://dl.acm.org/doi/10.1145/1368310.1368330
Jürjens J(2008)Model-Based Run-Time Checking of Security Permissions Using Guarded ObjectsRuntime Verification10.1007/978-3-540-89247-2_3(36-50)Online publication date: 30-Mar-2008
https://dl.acm.org/doi/10.1007/978-3-540-89247-2_3
Show More Cited By

Index Terms

On the secure implementation of security protocols

Recommendations

Information flow query and verification for security policy of security-enhanced linux
IWSEC'06: Proceedings of the 1st international conference on Security

This paper presents a Colored Petri Nets (CPN) approach to analyze the information flow in the policy file of Security-Enhanced Linux (SELinux). The SELinux access control decisions are based on a security policy file that contains several thousands of ...
A dynamic information flow model of secure systems
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security

We characterize the information flow features of an information system in a state machine model, which emphasizes on the subject properties of information flows. We ague that the legality of a flow mainly depends on the subjects exploit it rather than ...
Semiautomatic Implementation of Communication Protocols

The use of formal specifications in software development allows the use of certain automated tools during the specification and software development process. Formal description techniques have been developed for the specification of communication ...

Comments

Information & Contributors

Information

Published In

cover image Science of Computer Programming

Science of Computer Programming Volume 50, Issue 1-3

Special issue on 12th European symposium on programming (ESOP 2003)

March 2004

264 pages

ISSN:0167-6423

Issue’s Table of Contents

Publisher

Elsevier North-Holland, Inc.

United States

Publication History

Published: 01 March 2004

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Bhargavan KFournet CGordon ATse S(2008)Verified interoperable implementations of security protocolsACM Transactions on Programming Languages and Systems10.1145/1452044.145204931:1(1-61)Online publication date: 12-Dec-2008
https://dl.acm.org/doi/10.1145/1452044.1452049
Bhargavan KFournet CGordon ASwamy NAbe MGligor V(2008)Verified implementations of the information card federated identity-management protocolProceedings of the 2008 ACM symposium on Information, computer and communications security10.1145/1368310.1368330(123-135)Online publication date: 18-Mar-2008
https://dl.acm.org/doi/10.1145/1368310.1368330
Jürjens J(2008)Model-Based Run-Time Checking of Security Permissions Using Guarded ObjectsRuntime Verification10.1007/978-3-540-89247-2_3(36-50)Online publication date: 30-Mar-2008
https://dl.acm.org/doi/10.1007/978-3-540-89247-2_3
Nielsen JSchwartzbach MHicks M(2007)A domain-specific programming language for secure multiparty computationProceedings of the 2007 workshop on Programming languages and analysis for security10.1145/1255329.1255333(21-30)Online publication date: 14-Jun-2007
https://dl.acm.org/doi/10.1145/1255329.1255333
Dam M(2006)Decidability and proof systems for language-based noninterference relationsACM SIGPLAN Notices10.1145/1111320.111104441:1(67-78)Online publication date: 11-Jan-2006
https://dl.acm.org/doi/10.1145/1111320.1111044
Dam MMorrisett GJones S(2006)Decidability and proof systems for language-based noninterference relationsConference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages10.1145/1111037.1111044(67-78)Online publication date: 11-Jan-2006
https://dl.acm.org/doi/10.1145/1111037.1111044

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Information flow query and verification for security policy of security-enhanced linux

A dynamic information flow model of secure systems

Semiautomatic Implementation of Communication Protocols

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations