CAPSL and MuCAPSL, Journal of Telecommunications and Information Technology, 2002, nr 4

Secure communication generally begins with a connection establishment phase in which messages are exchanged by client and server protocol software to generate, share, and use secret data or keys. This message exchange is referred to as an authentication or key distribution cryptographic protocol. CAPSL is a formal language for specifying cryptographic protocols. It is also useful for addressing the correctness of the protocols on an abstract level, rather than the strength of the underlying cryptographic algorithms. We outline the design principles of CAPSL and its integrated specification and analysis environment. Protocols for secure group management are essential in applications that are concerned with confidential authenticated communication among coalition members, authenticated group decisions, or the secure administration of group membership and access control. We will also discuss our progress on designing a new extension of CAPSL for multicast protocols, called MuCAPSL

MINA: A reflective middleware for managing dynamic multinetwork environments

The networking landscape of today is characterized by diverse access technologies including cellular, WiFi, Ethernet, MANETs, and ZigBee, and properly managing this heterogeneous networking infrastructure is a key challenge to take full advantage of its many opportunities. In this paper, we propose MINA (Multinetwork INformation Architecture), a reflective (self-observing and adapting) middleware approach to realize and manage dynamic and heterogeneous multi-networks in pervasive environments. A novel aspect of MINA is that it embodies an Observe-Analyze-Adapt (OAA) loop to i) achieve a reasonably accurate, centralized global view of the multi-network through the design of novel techniques for overlay structuring, network state collection and formal methods-based analysis, and ii) take advantage of the global view for adapting multi-network structure by reallocating application flows across networks and proactively planning and deploying additional network resources

From Rewrite Theories to Temporal Logic Theories

The work presented here aims at bridging the gap between executable specifications and formal verification. In this paper we combine two levels of description without changing the framework. The operational level of Maude/rewriting logic and the property-oriented level of temporal logics are combined. The combination is done by an embedding. We propose a distributed temporal logic as an extension of rewriting logic. Rewriting logic is primarily a logic of change in which the deduction directly corresponds to the computation. In contrast to that, temporal logic is a logic to talk about change in a global way. Especially, more complex system properties such as safety and liveness can be regarded in a temporal logic setting. In our approach we maintain the possibility of executing Maude specifications on the rewrite machine for validation purposes, and add the possibility of formally reasoning about Maude specifications in a temporal logic setting. The work presented focuses on objectorie..

Design of a CIL Connector to Maude

The CAPSL Integrated Protocol Environment effort aims at providing an intuitive and expressive language for specifying cryptographic authentication and key distribution protocols and supporting interfaces to various analysis tools. The CAPSL Intermediate Language CIL has been designed with the emphasis on simplifying translators from CIL to other analysis tools. In this paper we describe the design of a CIL-to-Maude connector. Maude is a rewriting logic based, efficiently executable specification language that has been extended by a model checking tool. We describe how CIL concepts are translated in Maude and propose several optimization techniques in order to achieve protocol specifications that are efficiently executable and analyzable with the Maude model checker. A prototype connector has been implemented in Java

Cross-Domain Access Control via PKI

can be managed on a large scale over the Internet and across organizational boundaries. We take a PKI approach, in which users are identified using public key certificates, as are the servers. The main features of our approach are: access control by (client, role) pair; implied revocation based on the role hierarchy; automatic generation of certificate validity tickets; and certificate chains to prove a client role hierarchy to a server

SRI International

The focus of this paper is developing ontologies that can be used to annotate web services represented by DAML-S. We propose several security-related ontologies that are designed to represent security standards such as XML Signatures in terms of their characteristics like credentials, mechanisms supported, notations used, etc. These ontologies are used to describe security properties of web services, agents and users. These properties can be specific by stating the particular standards/protocols supported or more general in terms of the security mechanisms used, the credentials required or notations specified. The security properties associated with registered web services as well as requests (originating from other services, agents and human operators) for web services are security requirements and capabilities. A reasoning engine decides whether a web service satisfies a request by comparing security characteristics. The requirements of the request need to be satisfied by the capabilities of the potentially matching web service, whose requirements need to be satisfied by the capabilities specified in the request (which could represent the capabilities of the agent which makes the request). Our prototypical implementation uses JTP, the Java Theorem Prover from Stanford, for deciding the degree to which the requirements and capabilities match based on our matching algorithm.

MuCAPSL

Secure group communication protocols have been designed to meet needs such as secure management of group membership, confidential group communication, and access control. New languages and models are necessary to appropriately capture the concepts of such protocols and make them amenable to formal analysis

Cross-Domain Access Control via PKI£

In this note we consider how role-based access control can be managed on a large scale over the Internet and across organizational boundaries. We take a PKI approach, in which users are identified using public key certificates, as are the servers. The main features of our approach are: access control by (client, role) pair; implied revocation based on the role hierarchy; automatic generation of certificate validity tickets; and certificate chains to prove a client role hierarchy to a server.