Towards the Correctness of Security Protocols

AbstractIn [19], the authors presented a type-theoretic approach to the verification of security protocols. In this approach, a universal type system is proposed to capture in a finite way all the possible computations (internal actions or protocol instrumentations) that could be performed by a smart malicious intruder. This reduces the verification of cryptographic protocols to a typing problem where types are attack scenarios. In this paper, we recall this type system and we prove its completeness i.e. if the intruder can learn a message from a given protocol instrumentation, then this message could be infered from the type system. A significant result of this paper is the presentation of a new transformation that allows us to abstract a non-terminating type inference system into a terminating deductive proof system. We demonstrate how these results could be used to establish the security of cryptographic protocols from the secrecy standpoint. Finally, the usefulness and the efficiency of the whole approach is illustrated by proving the correctness of a new version of the Needham-Shoreder protocol with respect to the secrecy property

Bibliography for computer security, integrity, and safety

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports

On the Practice and Application of Context-Free Language Reachability

The Context-Free Language Reachability (CFL-R) formalism relates to some of the most important computational problems facing researchers and industry practitioners. CFL-R is a generalisation of graph reachability and language recognition, such that pairs in a labelled graph are reachable if and only if there is a path between them whose labels, joined together in the order they were encountered, spell a word in a given context-free language. The formalism finds particular use as a vehicle for phrasing and reasoning about program analysis, since complex relationships within the data, logic or structure of computer programs are easily expressed and discovered in CFL-R. Unfortunately, The potential of CFL-R can not be met by state of the art solvers. Current algorithms have scalability and expressibility issues that prevent them from being used on large graph instances or complex grammars. This work outlines our efforts in understanding the practical concerns surrounding CFL-R, and applying this knowledge to improve the performance of CFL-R applications. We examine the major difficulties with solving CFL-R-based analyses at-scale, via a case-study of points-to analysis as a CFL-R problem. Points-to analysis is fundamentally important to many modern research and industry efforts, and is relevant to optimisation, bug-checking and security technologies. Our understanding of the scalability challenge motivates work in developing practical CFL-R techniques. We present improved evaluation algorithms and declarative optimisation techniques for CFL-R, capitalising on the simplicity of CFL-R to creating fully automatic methodologies. The culmination of our work is a general-purpose and high-performance tool called Cauliflower, a solver-generator for CFL-R problems. We describe Cauliflower and evaluate its performance experimentally, showing significant improvement over alternative general techniques