Verified interoperable implementations of security protocols

ACM Transactions on Programming Languages and Systems

Volumn 31, Issue 1, 2008, Pages

  Bhargavan, Karthikeyan ^a   Fournet, Cédric ^a   Gordon, Andrew D ^a   Tse, Stephen ^b  

^a MICROSOFT RESEARCH   (United States)

^b UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

Functional programming; Pi calculus; Web services; XML security

Indexed keywords

COMPUTATIONAL METHODS; COMPUTER PROGRAMMING; CONCRETE TESTING; CRYPTOGRAPHY; FUNCTIONAL PROGRAMMING; FUNCTIONS; INTEROPERABILITY; MARKUP LANGUAGES; NETWORK ARCHITECTURE; SECURITY OF DATA; WEB SERVICES; WORLD WIDE WEB; XML;

CRYPTOGRAPHIC ALGORITHMS; CRYPTOGRAPHIC PROTOCOLS; FORMAL VERIFICATIONS; INTEROPERABILITY TESTING; INTEROPERABLE; PI CALCULUS; SECURITY PROTOCOLS; XML SECURITY;

INTERNET PROTOCOLS;

EID: 57849126802     PISSN: 01640925     EISSN: 15584593     Source Type: Journal    
DOI: 10.1145/1452044.1452049     Document Type: Article

References (55)

1. ABADI, M. AND FOURNET, C. 2001, Mobile values, new names, and secure communication. In Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL'01). 104-115.
2. ABADI, M. AND GORDON, A. D. 1999. A calculus for cryptographic protocols: The spi calculus. Inform. Comput. 148, 1-70.
3. ABADI, M. AND ROGAWAY, P. 2002. Reconciling two views of cryptography (the computational soundness of formal encryption). J. Cryptol. 15, 2, 103-127.
4. ALLAMIGEON, X. AND BLANCHES B. 2005. Reconstruction of attacks against cryptographic protocols. In Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'OS). 140-154.
5. Apache Software Foundation 2006. Apache WSS4J. Apache Software Foundation. http://ws.apache.org/ws s4j/.
6. ASKAROV, A. AND SABELFELD, A. 2005. Security-typed languages for implementation of cryptographic protocols: A case study. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS'05). Lecture Notes in Computer Science, vol. 3679. Springer, 197-221.
7. BACKES, M., PFITZMANN, B., AND WAIDNER, M. 2003. A composable cryptographic library with nested operations. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). ACM Press, 220-230.
8. BERRY, G. AND BODDOL, G. 1990. The chemical abstract machine. In Proceedings of the 17th ACM Symposium on Principles of Programming Languages (POPE90). 81-94.
9. BHARGAVAN, K., CORIN, R., FOURNET, C., AND GORDON, A. D. 2007c. Secure sessions for Web services. ACM Trans. Inform. Syst. Secur. 10, 2, Article 8.
10. BHARGAVAN, K., FOURNET, C., CORIN, R., AND ZǍLINESCU, E. 2008b. Cryptographically verified implementations for TLS. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08). 459-468.
11. BHARGAVAN, K., FOURNET, C., AND GORDON, A. D., 2004b. Verifying policy-based security for Web services. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS'04). 268-277.
12. BHARGAVAN, K., FOURNET, C., AND GORDON, A. D. 2005. A semantics for Web services authentication. Theor. Comput. Sci. 340, 1, 102-153.
13. BHARGAVAN, K., FOURNET, C., AND GORDON, A. D. 2006b. Verified reference implementations of WS-Security protocols. In Proceedings of the 3rd International Workshop on Web Services and Formal Methods (WS-FM 2006). Lecture Notes in Computer Science, vol. 4184. Springer, 88-106.
14. BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND PUCELLA, R. 2004a. TulaFale: A security tool for Web services. In Proceedings of the International Symposium on Formal Methods for Components and. Objects (FMCO'03). Lecture Notes in Computer Science, vol. 3188. Springer, 197-222.
15. BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND SWAMY, N. 2008a. Verified implementations of the Information Card federated identity-management protocol. In Proceedings of the ACM Symposium on Information, Computer and. Communications Security (ASIACCS'08). 123-135.
16. BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND TSE, S. 2006a. Verified interoperable implementations of security protocols. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06). 139-152.
17. BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND TSE, S. 2007a. Verified interoperable implementations of security protocols. In Software System Reliability and Security. IOS Press, 87-115.
18. BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND TSE, S. 2007b. Verified interoperable implementations of security protocols. Tech. rep. MSR-TR-2006-46, Microsoft Research.
19. BLANCHET B. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). 82-96.
20. BLANCHET, B. 2007. Computationally sound mechanized proofs of correspondence assertions. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF'07). 97-111.
21. BLANCHET, B., Abadi, M., and Fournet, C. 2005. Automated verification of selected equivalences for security protocols. In Proceedings of the 20th IEEE Symposium on Logic in Computer Science (LICS'05). 331-340.
22. BLANCHET, B. AND PODELSKI, A. 2005. Verification of cryptographic protocols: Tagging enforces termination. Theor. Comput. Sci. 333, 1-2, 67-90.
23. BODEI, C., BUCHHOLTZ, M., DEGANO, P., AND NIELSON, F. 2003. Automatic validation of protocol narration. In Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW'03) 126-140.
24. DOLEV, D. AND YAO, A. 1983. On the security of public key protocols. IEEE Trans. Inform. Theor. IT-29, 2, 198-208.
25. EASTLAKE, D., REAGLE, J., IMAMURA, T., DILLAWAY, B., AND SIMON, E. 2002. XML Encryption Syntax and Processing. W3C. W3C Recommendation.
26. EASTLAKE, D., REAGLE, J., SOLO, D., BARTEL, M., BOYER, J., FOX, B., LAMACCHIA, B., AND SIMON, E. 2002. XML-Signature Syntax and Processing. W3C. W3C Recommendation.
27. FOURNET, C. AND GONTHIER, G. 2005. A hierarchy of equivalences for asynchronous calculi. J. Logic Algeb. Program. 63, 131-173.
28. GALOIS CONNECTIONS. 2005. Cryptol Reference Manual. Galois Connections.
29. GIAMBIAGI, P. AND DAM, M. 2004. On the secure implementation of security protocols. Sci. Comput. Program. 50, 73-99.
30. GORDON, A. D. AND PUCELLA, R. 2002. Validating a Web service security abstraction by typing. In Proceedings of the ACM workshop on XML Security. 18-29.
31. GOUBAULT-LARRECQ, J. AND PARRENNES, F. 2005. Cryptographic protocol analysis on real C code. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05). Lecture Notes in Computer Science, vol. 3385. Springer, 363-379.
32. GUTTMAN, J. D., HERZOG, J. C, RAMSDELL, J. D., AND SNIFFEN, B. T. 2005. Programming cryptographic protocols. In Proceedings of the Conference Trusted. Global Computing (TGC'05). Lecture Notes in Computer Science, vol. 3705. Springer, 116-145.
33. IBM CORPORATION. 2006. IBM WebSphere Application Server. IBM Corporation. http://www.ibm.com/software/websphere/.
34. KLEINER, E. AND ROSCOE, A. W. 2004. Web services security: A preliminary study using Casper and FDR. In Proceedings of the Conference Automated Reasoning for Security Protocol Analysis (ARSPA 04).
35. KLEINER, E. AND ROSCOE, A. W. 2005. On the relationship between Web services security and traditional protocols. In Proceedings of the Conference Mathematical Foundations of Programming Semantics (MFPS).
36. LUKELL, S., VELDMAN, C., AND HUTCHISON, A. C. M. 2003. Automated attack analysis and code generation in a multi-dimensional security protocol engineering framework. In Proceedings of the Southern African Telecommunication Networks and Applications Conference (SATNAC).
37. MERRO, M. AND SANGIORGI, D. 1998. On asynchrony in name-passing calculi. In Proceedings of the Conference Automata, Languages and Programming (ICALP'98). Lecture Notes in Computer Science, vol. 1443. Springer, 856-867.
38. MICROSOFT CORPORATION. 2004. Web Services Enhancements (WSE) 2.0. Microsoft Corporation. http://msdn.microsoft.com/ webservices/building/wse/default.aspx.
39. MICROSOFT CORPORATION. 2005. F#. Microsoft Corporation. http://research.microsoft.com/fsharp/.
40. MICROSOFT CORPORATION. 2006. Windows Communication Foundation (WCF). Microsoft Corporation. http://wcf.netfx3.com/.
41. MICROSOFT CORPORATION. 2007. FS2PV: A Cryptographic-Protocol Verifier for F#. Microsoft Corporation. http://research.microsoft.com/projects/samoa/.
42. MILNER, R. 1992. Functions as processes. Math. Struct. Comput. Sci. 2, 2, 119-141.
43. MILNER, R. 1999. Communicating and Mobile Systems: The π-Calculus. CUP.
44. MULLER, F. AND MILLEN, J. 2001. Cryptographic protocol generation from CAPSL. Tech. rep. SRI-CSL-01-07, SRI.
45. NEEDHAM, R. AND SCHROEDER, M. 1978. Using encryption for authentication in large networks of computers. Comm. ACM 21, 12, 993-999.
46. OASIS 2004. Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). OASIS Standard.
47. O'SHEA, N. 2006. Elyjah: A security analyzer for Java implementations of communications protocols. Fourth year project report, Computer Science, Division of Informatics, University of Edinburgh.
48. OTWAY, D. AND REES, O. 1987. Efficient and timely mutual authentication. Oper. Syst. Rev. 21, 1, 8-10.
49. PERRIG, A., SONG, D., AND PHAN, D. 2001. AGVI - automatic generation, verification, and implementation of security protocols. In Proceedings of the 13th Conference on Computer Aided Verification (CAV). Lecture Notes in Computer Science. Springer, 241-245.
50. POZZA, D., SISTO, R., AND DURANTE, L. 2004. Spi2Java: automatic cryptographic protocol Java code generation from spi calculus. In Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA 2004). Vol. 1. 400-405.
51. SUMII, E. AND PIERCE, B. C. 2001. Logical relations for encryption. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). 256-269.
52. SUMII, E. AND PIERCE, B. C. 2004. A bisimulation for dynamic sealing. In Proceedings of the 31st ACM Symposium on Principles of Programming Languages (POPL'04). 161-172.
53. W3C 2003. SOAP Version 1.2. W3C. W3C Recommendation.
54. W3C 2004. Web Services Addressing (WS-Addressing). W3C. W3C Member Submission.
55. WOO, T. AND LAM, S. 1993. A semantic model for authentication protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 178-194.