8,530 research outputs found
Automated analysis of security protocols with global state
Security APIs, key servers and protocols that need to keep the status of
transactions, require to maintain a global, non-monotonic state, e.g., in the
form of a database or register. However, most existing automated verification
tools do not support the analysis of such stateful security protocols -
sometimes because of fundamental reasons, such as the encoding of the protocol
as Horn clauses, which are inherently monotonic. A notable exception is the
recent tamarin prover which allows specifying protocols as multiset rewrite
(msr) rules, a formalism expressive enough to encode state. As multiset
rewriting is a "low-level" specification language with no direct support for
concurrent message passing, encoding protocols correctly is a difficult and
error-prone process. We propose a process calculus which is a variant of the
applied pi calculus with constructs for manipulation of a global state by
processes running in parallel. We show that this language can be translated to
msr rules whilst preserving all security properties expressible in a dedicated
first-order logic for security properties. The translation has been implemented
in a prototype tool which uses the tamarin prover as a backend. We apply the
tool to several case studies among which a simplified fragment of PKCS\#11, the
Yubikey security token, and an optimistic contract signing protocol
Computationally Sound Compositional Logic for Security Protocols
We have been developing a cryptographically sound formal logic for proving protocol security properties without explicitly reasoning about probability, asymptotic complexity, or the actions of a malicious attacker. The approach rests on a probabilistic, polynomial-time semantics for a protocol security logic that was originally developed using nondeterministic symbolic semantics. This workshop presentation will discuss ways in which the computational semantics lead to different reasoning methods and report our progress to date in several directions. One significant difference between the symbolic and computational settings results from the computational difference between efficiently recognizing and efficiently producing a value. Among the more recent developments are a compositional method for proving cryptographically sound properties of key exchange protocols, and some work on secrecy properties that illustrates the computational interpretation of inductive properties of protocol roles
A Constraint-Based Algorithm for Contract-Signing Protocols
Research on the automatic analysis of cryptographic protocols has so far mainly concentrated on reachability properties, such as secrecy and authentication. Only recently it was shown that certain game-theoretic security properties, such as balance for contract-signing protocols, are decidable in a Dolev-Yao style model with a bounded number of sessions but unbounded message size. However, this result does not provide a practical algorithm as it merely bounds the size of attacks. In this paper, we prove that game-theoretic security properties can be decided based on standard constraint solving procedures. This paves the way for extending existing implementations and tools for reachability properties to deal with game-theoretic security properties
Logic of fusion
The starting point of this work is the observation that the Curry-Howard
isomorphism, relating types and propositions, programs and proofs, composition
and cut, extends to the correspondence of program fusion and cut elimination.
This simple idea suggests logical interpretations of some of the basic methods
of generic and transformational programming. In the present paper, we provide a
logical analysis of the general form of build fusion, also known as
deforestation, over the inductive and the coinductive datatypes, regular or
nested. The analysis is based on a novel logical interpretation of
parametricity in terms of the paranatural transformations, introduced in the
paper.Comment: 17 pages, 6 diagrams; Andre Scedrov FestSchrif
The Partnership Paperchase: Structuring Partnership Agreements in Water and Sanitation in Low-income Communities
Tripartite partnerships between water utilities, local government and civil society are often seen as a good way to deliver services to informal urban communities and slums. However, while these 'partnerships' can be seen as benign relationships, they often fail because the incentives and interests of the partners are not well aligned. In this report, the authors argue that the development of robust documentation (in forms which consitute a 'contractual' agreement) can enhance the performance of such partnerships. Aspects of the partnership which should be included in such documentation include roles and responsibilities, financing, objectives and indicators of success and dispute-resolution mechanisms. The report provides practical guidance and examples of good practice to guide the reader through a process of developing such documentation
Digital Inheritance in Web3: A Case Study of Soulbound Tokens and the Social Recovery Pallet within the Polkadot and Kusama Ecosystems
In recent years discussions centered around digital inheritance have
increased among social media users and across blockchain ecosystems. As a
result digital assets such as social media content cryptocurrencies and
non-fungible tokens have become increasingly valuable and widespread, leading
to the need for clear and secure mechanisms for transferring these assets upon
the testators death or incapacitation. This study proposes a framework for
digital inheritance using soulbound tokens and the social recovery pallet as a
use case in the Polkadot and Kusama blockchain networks. The findings discussed
within this study suggest that while soulbound tokens and the social recovery
pallet offer a promising solution for creating a digital inheritance plan the
findings also raise important considerations for testators digital executors
and developers. While further research is needed to fully understand the
potential impacts and risks of other technologies such as artificial
intelligence and quantum computing this study provides a primer for users to
begin planning a digital inheritance strategy and for developers to develop a
more intuitive solution.Comment: To be published in IEEE Acces
- …