Data Access Specification and the Most Powerful Symbolic Attacker in MSR

  • Iliano Cervesato
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2609)


Most systems designed for the symbolic verification of security protocols operate under the unproved assumption that an attack can only result from the combination of a fixed number of message transformations, which altogether constitute the capabilities of the so-called Dolev-Yao intruder. In this paper,we show that the Dolev-Yao intruder can indeed emulate the actions of an arbitrary symbolic adversary. In order to do so, we extend MSR, a flexible specification framework for security protocols based on typed multiset rewriting, with a static check called data access specification and aimed at catching specification errors such as a principal trying to use a key that she is not entitled to access.


Security Protocol Role State Cryptographic Protocol Knowledge Context Typing Context 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AC96]
    David Aspinall and Adriana Compagnoni. Subtyping dependent types. In E. Clarke, editor, Proceedings of the 11th Annual Symposium on Logic in Computer Science, pages 86–97, New Brunswick, New Jersey, July 1996. IEEE Computer Society Press.Google Scholar
  2. [AG99]
    M. Abadi and A. Gordon. A calculus for cryptographic protocols: the spi calculus. Information and Computation, 148(1):1–70, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  3. [AN94]
    Martin Abadi and Roger Needham. Prudent engineering practice for cryptographic protocols. Research Report 125, DEC, System Research Center, 1994.Google Scholar
  4. [BAN89]
    M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proceedings of the Royal Society, Series A, 426(1871):233–271, 1989.zbMATHMathSciNetGoogle Scholar
  5. [Bra00]
    Stephen Brackin. Automatically detecting most vulnerabilities in cryptographic protocols. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition-DISCEX’00, volume 1, pages pp. 222–236, Hilton Head, SC, 2000.Google Scholar
  6. [CDL+99]
    Iliano Cervesato, Nancy A. Durgin, Patrick D. Lincoln, John C. Mitchell, and Andre Scedrov. A meta-notation for protocol analysis. In P. Syverson, editor, Proceedings of the 12th IEEE Computer Security Foundations Workshop-CSFW’99, pages 55–69, Mordano, Italy, June 1999.Google Scholar
  7. [Cer]
    Iliano Cervesato. Typed multiset rewriting specifications of security protocols. Unpublished manuscript.Google Scholar
  8. [Cer00]
    Iliano Cervesato. Typed multiset rewriting specifications of security protocols. In A. Seda, editor, Proceedings of the First Irish Conference on the Mathematical Foundations of Computer Science and Information Technology-MFCSIT’00, Cork, Ireland, 19-21 July 2000. Elsevier ENTCS.Google Scholar
  9. [Cer01a]
    Iliano Cervesato. A specification language for crypto-protocol based on multiset rewriting, dependent types and subsorting. In G. Delzanno, S. Etalle, and M. Gabbrielli, editors, Workshop on Specification, Analysis and Validation for Emerging Technologies-SAVE’01, Paphos, Cyprus, 2001.Google Scholar
  10. [Cer01b]
    Iliano Cervesato. Typed MSR: Syntax and examples. In V. Gorodetski, V. Skormin, and L. Popyack, editors, Proceedings of the First International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security-MMM’01, pages 159–177, St. Petersburg, Russia, 2001. Springer-Verlag LNCS 2052.Google Scholar
  11. [Cer02]
    Iliano Cervesato. The wolf within. In J. Guttman, editor, Second Workshop on Issues in the Theory of Security-WITS’02, Portland, OR, 2002.Google Scholar
  12. [dG95]
    Ph. de Groote, editor. The Curry-Howard Isomorphism, volume 8 of Cahiers du Centre de Logique, Département de Philosophie, Université Catholique de Louvain. Academia, 1995.Google Scholar
  13. [DM99]
    Grit Denker and Jonathan K. Millen. CAPSL Intermediate Language. In N. Heintze and E. Clarke, editors, Proceedings of the Workshop on Formal Methods and Security Protocols-FMSP, Trento, Italy, July 1999.Google Scholar
  14. [DMGF00]
    Grit Denker, Jonathan Millen, A. Grau, and J. Filipe. Optimizing protocol rewrite rules of CIL specifications. In 13th IEEE Computer Security Foundations Workshop-CSFW’00, pages 52–62, Cambrige, UK, July 2000.Google Scholar
  15. [DY83]
    Danny Dolev and Andrew C. Yao. On the security of public-key protocols. IEEE Transactions on Information Theory, 2(29):198–208, 1983.CrossRefMathSciNetGoogle Scholar
  16. [FHG98]
    F. Javier Thayer Fábrega, Jonathan C. Herzog, and Joshua D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 160–171, Oakland, CA, May 1998.Google Scholar
  17. [GJ02]
    Andrew Gordon and Alan Jeffrey. Types and effects for asymmetric cryptographic protocols. In 15th IEEE Computer Security Foundations Workshop-CSFW’02, pages 77–91, Cape Breton, Canada, 2002.Google Scholar
  18. [HHP93]
    Robert Harper, Furio Honsell, and Gordon Plotkin. A framework for defining logics. Journal of the Association for Computing Machinery, 40(1):143–184, January 1993.zbMATHMathSciNetGoogle Scholar
  19. [Low98]
    Gavin Lowe. Casper: A compiler for the analysis of security protocols. Journal of Computer Security, 6:53–84, 1998.Google Scholar
  20. [MCJ97]
    Will Marrero, Edmund M. Clarke, and Somesh Jha. Model checking for security protocols. In Proceedings of the 1997 DIMACS Workshop on Design and Formal Verification of Security Protocols, 1997. A Preliminary version appeared as Technical Report TR-CMU-CS-97-139, Carnegie Mellon University, May 1997.Google Scholar
  21. [Mea96]
    C. Meadows. The NRL protocol analyzer: an overview. J. Logic Programming, 26(2):113–131, 1996.zbMATHCrossRefGoogle Scholar
  22. [NS78]
    R.M. Needham and M.D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, 1978.zbMATHCrossRefGoogle Scholar
  23. [Pau97]
    Laurence Paulson. Proving properties of security protocols by induction. In Proceedings of the 10th Computer Security Foundations Workshop, pages 70–83, 1997.Google Scholar
  24. [Pfe93]
    Frank Pfenning. Refinement types for logical frameworks. In Herman Geuvers, editor, Informal Proceedings of the Workshop on Types for Proofs and Programs, pages 285–299, Nijmegen, The Netherlands, May 1993.Google Scholar
  25. [SMC00]
    Paul Syverson, Catherine Meadows, and Iliano Cervesato. Dolev-Yao is no better than Machiavelli. In P. Degano, editor, First Workshop on Issues in the Theory of Security-WITS’00, pages 87–92, Geneva, Switzerland, 7-8 July 2000.Google Scholar
  26. [Son99]
    Dawn Song. Athena: a new efficient automatic checker for security protocol analysis. In Proceedings of the Twelth IEEE Computer Security Foundations Workshop, pages 192–202, Mordano, Italy, June 1999.Google Scholar
  27. [SS98]
    Vitaly Shmatikov and Ulrich Stern. Efficient finite-state analysis for large security protocols. In Proceedings of the 11th Computer Security Foundations Workshop, pages 106–115, Rockport, MA, 1998.Google Scholar
  28. [Syv97]
    Paul F. Syverson. A different look at secure distributed computation. In Tenth IEEE Computer Security Foundations Workshop-CSFW-10, pages 109–115, June 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Iliano Cervesato
    • 1
  1. 1.Advanced Engineering and Sciences DivisionITT Industries, Inc.AlexandriaUSA

Personalised recommendations