Representing the MSR cryptoprotocol specification language in an extension of rewriting logic with dependent types

Article

Abstract

This paper presents a shallow and efficient embedding of the security protocol specification language MSR into an extension of rewriting logic with dependent types. The latter is an instance of the open calculus of constructions which integrates key concepts from equational logic, rewriting logic, and type theory. MSR is based on a form of first-order multiset rewriting extended with existential name generation and a flexible type infrastructure centered on dependent types with subsorting. The encoding presented in this paper has served as the basis for the implementation of an MSR specification and analysis environment using the first-order rewriting engine Maude.

Keywords

Security protocol Multiset rewriting Specification Dependent types 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. J. ACM 52(1), 102–146 (2005)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The spi calculus. Inf. Comput. 148(1), 1–70 (1999)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Barendregt, H.P.: Lambda-calculi with types. In: Abramsky, S., Gabbay, D.M., Maibaum, T.S.E. (eds.) Background: Computational Structures, vol. 2 Handbook of Logic in Computer Science. Claredon Press, Oxford (1992)Google Scholar
  4. 4.
    Berry, G., Boudol, G.: The chemical abstract machine. Theor. Comp. Sci. 96(1), 217–248 (1992)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: 14th IEEE Computer Security Foundations Workshop, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  6. 6.
    Blanchet, B.: ProVerif Automatic Cryptographic Protocol Verifier user Manual. CNRS, Département dInformatique, École Normale Supérieure, Paris (2005)Google Scholar
  7. 7.
    Bouhoula, A., Jouannaud, J.-P., Meseguer, J.: Specification and proof in membership equational logic. Theor. Comp. Sci. 236, 35–132 (2000)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Brackin, S., Meadows, C., Millen, J.: CAPSL interface for the NRL protocol analyzer. In: 2nd IEEE Workshop on Application-Specific Software Engineering and Technology (ASSET ’99). IEEE Computer Society (1999)Google Scholar
  9. 9.
    Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A.: A formal analysis of some properties of kerberos 5 using MSR. In: Fifteenth Computer Security Foundations Workshop, pp. 175–190. IEEE Computer Society Press (2002)Google Scholar
  10. 10.
    Cervesato, I.: A specification language for crypto-protocols based on multiset rewriting, dependent types and subsorting. In: Workshop on Specification, Analysis and Validation for Emerging Technologies, pp. 1–22 (2001)Google Scholar
  11. 11.
    Cervesato, I.: Typed MSR: Syntax and examples. In: 1st International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, pp. 159–177. Springer-Verlag LNCS 2052 (2001)Google Scholar
  12. 12.
    Cervesato, I.: Data access specification and the most powerful symbolic attacker in MSR. In: Software Security, Theories and Systems, volume 2609 of Lecture Notes in Computer Science, pp. 384–416. Springer-Verlag (2003)Google Scholar
  13. 13.
    Cervesato, I.: MSR: Language definition and programming environment Nov. (2003). Draft available from http://theory.stanford.edu/ iliano/MSR/Google Scholar
  14. 14.
    Cervesato, I., Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Relating strands and multiset rewriting for security protocol analysis. In: 13th IEEE Computer Security Foundations Workshop. IEEE Computer Society (2000)Google Scholar
  15. 15.
    Cervesato, I., Durgin, N., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: 12th Computer Security Foundations Workshop, pp. 55–69. IEEE Computer Society Press (1999)Google Scholar
  16. 16.
    Cervesato, I.: The logical meeting point of multiset rewriting and process algebra: Progress report. Technical Memo CHACS-5540-153, Center for High Assurance Computer Systems, Naval Research Laboratory, Washington, DC (Sep. 2004)Google Scholar
  17. 17.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Quesada, J.F.: Maude: Specification and programming in rewriting logic. Theor. Comp. Sci. 285(2), 187–243 (2002)CrossRefGoogle Scholar
  18. 18.
    Denker, G.: Design of a CIL connector to Maude. In: Veith, H., Heintze, N., Clarke, E. (eds.) Workshop on Formal Methods and Computer Security (2000)Google Scholar
  19. 19.
    Denker, G., Millen, J.K.: CAPSL intermediate language. In: Heintze, N., Clarke, E. (eds.) Proceedings of the Workshop on Formal Methods and Security Protocols—FMSP, Trento, Italy (1999)Google Scholar
  20. 20.
    Escobar, S., Meadows, C., Meseguer J.: A rewriting-based inference system for the NRL Protocol Analyzer: Grammar generation. In: Küsters, R., Mitchell, J. (eds.) Proceedings of the 2005 ACM Workshop on Formal Methods in Security Engineering—FMSE 2005. Alexandria, VA, ACM. To appear (Nov. 2005)Google Scholar
  21. 21.
    Holzmann, G.J.: The Spin Model Checker—Primer and Reference Manual. Addison-Wesley (2003)Google Scholar
  22. 22.
    Lowe, G.: Breaking and fixing the needham-schroeder public-key protocol using FDR. In: Proceedings of TACAS, vol. 1055 of Lecture Notes in Computer Science, pp. 147–166. Springer-Verlag (1996)Google Scholar
  23. 23.
    Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Progr. 26(2), 113–131 (1996)CrossRefGoogle Scholar
  24. 24.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comp. Sci. 96, 73–155 (1992)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Millen, J.: A CAPSL connector to Athena. In: Veith, H., Heintze, N., Clarke, E. (eds.) Workshop of Formal Methods and Computer Security (2000)Google Scholar
  26. 26.
    Millen, J., Denker, G.: CAPSL and MuCAPSL. J. Telecommun. Info. Technol. (4), 16–27 (2002)Google Scholar
  27. 27.
    Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: 8th ACM Conference on Computer and Communication Security, pp. 166–175. ACM SIGSAC (2001)Google Scholar
  28. 28.
    Milner, R.: Communicating and Mobile Systems: The Pi-Calculus. Cambridge University Press (1999)Google Scholar
  29. 29.
    Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using murφ. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 141–153. IEEE Computer Society Press (1997)Google Scholar
  30. 30.
    Otway, D., Rees, O.: Efficient and timely mutual authentication. Oper. Sys. Rew. 21(1), 8–10 (1987)CrossRefGoogle Scholar
  31. 31.
    Paulson, L.: The inductive approach to verifying cryptographic protocols. J. Comp. Security 6(1), 85–128 (1998)Google Scholar
  32. 32.
    Reich, S.: Implementing and Extending the MSR Crypto-Protocol Specification Language. Diplomarbeit. Universität Hamburg, Fachbereich Informatik (April 2006)Google Scholar
  33. 33.
    Stehr, M.-O.: CINNI—A generic calculus of explicit substitutions and its application to λ-, σ- and π-calculi. In: Futatsugi, K. (ed.) 3rd International Workshop on Rewriting Logic and its Applications, vol. 36 of ENTCS, pp. 71–92. Elsevier (2000) http//www.elsevier.nl/locate/entcs/volume36.htmlGoogle Scholar
  34. 34.
    Stehr, M.-O.: Programming, Specification, and Interactive Theorem Proving—Towards a Unified Language based on Equational Logic, Rewriting Logic, and Type Theory. Doctoral Thesis, Universität Hamburg, Fachbereich Informatik, Germany (2002), http://www.sub.uni-hamburg.de/disse/810/Google Scholar
  35. 35.
    Stehr, M.-O.: The open calculus of constructions (part i): An equational type theory with dependent types for programming, specification, and interactive theorem proving. Fundamenta Informaticae 68(1–2), 131–174 (2005)MATHGoogle Scholar
  36. 36.
    Stehr, M.-O.: The open calculus of constructions (part ii): An equational type theory with dependent types for programming, specification, and interactive theorem proving. Fundamenta Informaticae 68(3), 249–288 (2005)Google Scholar
  37. 37.
    Stehr, M.-O., Meseguer, J.: Pure type systems in rewriting logic. In: From Object-Orientation to Formal Methods: Essays in Memory of Ole-Johan Dahl, vol. 2635 of LNCS. Springer-Varlag (2004)Google Scholar
  38. 38.
    Thayer, J., Herzog, J., Guttman, J.: Strand spaces: Why is a security protocol correct? In: 1998 IEEE Symposium on Security and Privacy, pp. 160–171. IEEE Computer Society (1998)Google Scholar
  39. 39.
    Watkins, K., Cervesato, I., Pfenning, F., Walker, D.: A concurrent logical framework I: Judgments and properties. Technical Report CMU-CS-02-101, Department of Computer Science, Carnegie Mellon University (2003)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2007

Authors and Affiliations

  1. 1.Carnegie Mellon UniversityDohaQatar
  2. 2.Computer Science LaboratorySRI InternationalMenlo ParkUSA

Personalised recommendations