Advertisement

A Formal Implementation of Value Commitment

  • Cédric Fournet
  • Nataliya Guts
  • Francesco Zappa Nardelli
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4960)

Abstract

In an optimistic approach to security, one can often simplify protocol design by relying on audit logs, which can be analyzed a posteriori. Such auditing is widely used in practice, but no formal studies guarantee that the log information suffices to reconstruct past runs of the protocol, in order to reliably detect (and provide evidence of) any cheating. We formalize audit logs for a sample optimistic scheme, the value commitment. It is specified in a pi calculus extended with committable locations, and compiled using standard cryptography to implement secure logs. We show that our distributed implementation either respects the abstract semantics of commitments or, using information stored in the logs, detects cheating by a hostile environment.

References

  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages (POPL 2001) (2001)Google Scholar
  2. 2.
    Abadi, M., Fournet, C., Gonthier, G.: Secure Implementation of Channel Abstractions. Information and Computation 174(1), 37–83 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Castellà-Roca, J., Domingo-Ferrer, J., Riera, A., Borrell, J.: Practical Mental Poker Without a TTP Based on Homomorphic Encryption. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 280–294. Springer, Heidelberg (2003)Google Scholar
  4. 4.
    Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. Int’l Journal of Information Security 6(2), 133–151 (2007)CrossRefGoogle Scholar
  5. 5.
    Chaum, D.: Secret-ballot receipts: True voter-verifiable elections. IEEE Security and Privacy 2(1), 38–47 (2004)CrossRefGoogle Scholar
  6. 6.
    Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical, voter-verifiable election scheme. Technical Report CS-TR-880 (2004)Google Scholar
  7. 7.
    Corin, R., Denielou, P.-M., Fournet, C., Bhargavan, K., Leifer, J.: Secure implementations for typed session abstractions. In: IEEE Computer Security Foundations Symposium (2007)Google Scholar
  8. 8.
    Corin, R., Galindo, D., Hoepman, J.H.: Securing data accountability in decentralized systems. In: 1st Int’l Workshop on Information Security (IS 2006), LNCS (2006)Google Scholar
  9. 9.
    Leroy, X., et al.: Objective caml, http://caml.inria.fr
  10. 10.
    Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: 12th ACM Symposium on Access Control Models and Technologies (2007)Google Scholar
  11. 11.
    ISO/IEC. Common criteria for information technology security evaluation (2004), http://www.commoncriteriaportal.org/public/expert/index.php?menu=3
  12. 12.
    Jha, S., Katzenbeisser, S., Schallhart, C., Veith, H., Chenney, S.: Enforcing semantic integrity on untrusted clients in networked virtual environments. In: IEEE Symposium on Security and Privacy (2007)Google Scholar
  13. 13.
    Kremer, S., Ryan, M.D.: Analysing the vulnerability of protocols to produce known-pair and chosen-text attacks. In: 2nd Int’l Workshop on Security Issues in Coordination Models, Languages and Systems (SecCo 2004). ENTCS (2005)Google Scholar
  14. 14.
    NIST Special Publications. Generally accepted principles and practices for securing information technology systems (1996)Google Scholar
  15. 15.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transactions on Information and System Security 2(2), 159–176 (1999)CrossRefGoogle Scholar
  16. 16.
    Shamir, A., Rivest, R., Adleman, L.: Mental poker. Mathematical Gardener (1981)Google Scholar
  17. 17.
    Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: Network and Distributed System Security Symposium (NDSS) (2004)Google Scholar
  18. 18.
    Xu, W., Chadwick, D., Otenko, S.: A PKI Based Secure Audit Web Server. In: IASTED Communications, Network and Information and CNIS (2005)Google Scholar
  19. 19.
    Zheng, L., Chong, S., Myers, A.C., Zdancewic, S.: Using replication and partitioning to build secure distributed systems. In: IEEE Symposium on Security and Privacy (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Cédric Fournet
    • 2
    • 1
  • Nataliya Guts
    • 1
  • Francesco Zappa Nardelli
    • 3
    • 1
  1. 1.MSR-INRIA Joint Centre 
  2. 2.Microsoft Research 
  3. 3.INRIA 

Personalised recommendations