Formally based semi-automatic implementation of an open security protocol

Alfredo Pironti; Barthe; Basin; Bengtson; Bhargavan; Bhargavan; Bhargavan; Bhargavan; Bhargavan; Bhargavan; Blanchet; Blanchet; Blanchet; Blanchet; Davide Pozza; Dolev; Durante; Escobar; Grandy; Hubbers; Jeon; Jürjens; Jürjens; Kiyomoto; Lowe; Lowe; Marché; McDermott; Moebius; Mödersheim; O’Shea; Pironti; Pironti; Pironti; Pozza; Riccardo Sisto; Song; Tobler

research

Formally based semi-automatic implementation of an open security protocol

Authors: Alfredo Pironti
Barthe
Basin
Bengtson
Bhargavan
Bhargavan
Bhargavan
Bhargavan
Bhargavan
Bhargavan
Blanchet
Blanchet
Blanchet
Blanchet
Davide Pozza
Dolev
Durante
Escobar
Grandy
Hubbers
Jeon
Jürjens
Jürjens
Kiyomoto
Lowe
Lowe
Marché
McDermott
Moebius
Mödersheim
O’Shea
Pironti
Pironti
Pironti
Pozza
Riccardo Sisto
Song
Tobler
Publication date: 1 January 2012
Publisher: Elsevier Science
Doi

Abstract

International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation