Flow Logic for Dolev-Yao Secrecy in Cryptographic Processes

We introduce the νspi-calculus that strengthens the notion of “perfect symmetric cryptography” of the spi-calculus by making encryption history dependent. We give our calculus an operational and a static semantics. The latter is a control flow analysis (CFA), defined in the form of a flow logic, and it is proved semantically correct. We then apply our CFA to check security properties; in particular, we show that secrecy à la Dolev–Yao can be expressed in terms of the CFA

Control Flow Analysis for the pi-calculus

Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the π-calculus that shows how names will be bound to actual channels at run time. The formulation of the analysis requires no extensions to the π-calculus, except for assigning “channels” to the occurrences of names within restrictions, and assigning “binders” to the occurrences of names within input prefixes. The result of our analysis establishes a super-set of the set of names to which a given name may be bound and of the set of names that may be sent along a given channel. Applications of our analysis include establishing simple security properties of processes. One example is that P has no leaks, i.e. P offers communication through public channels only, and confines its secret names within itself

Static Analysis of Processes for No Read-Up and No Write-Down

We study a variant of the no read-up/no write-down security property of Bell and LaPadula for processes in the -calculus. Once processes are given levels of security clearance, we statically check that a process at a high level never sends names to processes at a lower level. The static check is based on a Control Flow Analysis for the -calculus that establishes a super-set of the set of names to which a given name may be bound and of the set of names that may be sent and received along a given channel, taking into account its directionality. The static check is shown to imply the natural dynamic condition

Static Analysis for the Pi-Calculus with Applications to Security

Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the π-calculus that shows how names will be bound to actual channels at run time. The result of our analysis establishes a super-set of the set of channels to which a given name may be bound and of the set of channels that may be sent along a given channel. Besides a set of rules that permits one to validate a given solution, we also offer a constructive procedure that builds solutions in low polynomial time. Applications of our analysis include establishing two simple security properties of processes. One example is that P has no leaks: P offers communication to the external environment through public channels only and confines its secret channels within itself. The other example is connected to the no read-up/no write-down property of Bell and LaPadula: once processes are given levels of security clearance, we check that a process at a high level never sends channels to processes at a lower level

Static Validation of Security Protocols

We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as Needham–Schroeder symmetric key, Otway–Rees, Yahalom, Andrew Secure RPC, Needham–Schroeder asymmetric key, and Beller–Chang–Yacobi MSR