Adversary Safety by Construction in a Language of Cryptographic Protocols

2022 IEEE 35th Computer Security Foundations Symposium (CSF) Pub Date : 2022-08-01 DOI:10.1109/CSF54842.2022.9919638

T. Braje, Alice R. Lee, Andrew Wagner, Benjamin Kaiser, Daniel Park, Martine Kalke, R. Cunningham, A. Chlipala

{"title":"Adversary Safety by Construction in a Language of Cryptographic Protocols","authors":"T. Braje, Alice R. Lee, Andrew Wagner, Benjamin Kaiser, Daniel Park, Martine Kalke, R. Cunningham, A. Chlipala","doi":"10.1109/CSF54842.2022.9919638","DOIUrl":null,"url":null,"abstract":"Compared to ordinary concurrent and distributed systems, cryptographic protocols are distinguished by the need to reason about interference by adversaries. We suggest a new layered approach to tame that complexity, via an executable protocol language whose semantics does not reveal an adversary directly, instead enforcing a set of intuitive hygiene rules. By virtue of those rules, protocols written in this language provably behave identically with or without interference by active Dolev-Yao-style adversaries. As a result, formal reasoning about protocols can be simplified enough that even naïve model checking can establish correctness of a multiparty protocol, through analysis of a state space with no adversary. We present the design and implementation of SPICY, short for Secure Protocols Implemented CorrectlY, including the semantics of its input languages; the essential safety proofs, formalized in the Coq theorem prover; and the automation techniques. We provide a preliminary evaluation of the tool's performance and capabilities via a handful of case studies.","PeriodicalId":412553,"journal":{"name":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF54842.2022.9919638","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Compared to ordinary concurrent and distributed systems, cryptographic protocols are distinguished by the need to reason about interference by adversaries. We suggest a new layered approach to tame that complexity, via an executable protocol language whose semantics does not reveal an adversary directly, instead enforcing a set of intuitive hygiene rules. By virtue of those rules, protocols written in this language provably behave identically with or without interference by active Dolev-Yao-style adversaries. As a result, formal reasoning about protocols can be simplified enough that even naïve model checking can establish correctness of a multiparty protocol, through analysis of a state space with no adversary. We present the design and implementation of SPICY, short for Secure Protocols Implemented CorrectlY, including the semantics of its input languages; the essential safety proofs, formalized in the Coq theorem prover; and the automation techniques. We provide a preliminary evaluation of the tool's performance and capabilities via a handful of case studies.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

用一种密码协议语言构造对手安全

与普通的并发和分布式系统相比，加密协议的特点是需要对对手的干扰进行推理。我们建议一种新的分层方法来驯服这种复杂性，通过一种可执行的协议语言，其语义不会直接揭示对手，而是强制执行一组直观的卫生规则。凭借这些规则，用这种语言编写的协议可以证明，无论是否受到活跃的dolev - yao式对手的干扰，其行为都是相同的。因此，关于协议的形式推理可以被简化到足够的程度，甚至naïve模型检查也可以通过分析没有对手的状态空间来建立多方协议的正确性。我们提出了麻辣的设计和实现，简称安全协议正确实现，包括其输入语言的语义;在Coq定理证明中形式化的基本安全证明;还有自动化技术。我们通过一些案例研究对该工具的性能和能力进行了初步评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 IEEE 35th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量