dkal ⋆ : Constructing Executable Specifications of Authorization Protocols

  • Jean-Baptiste Jeannin
  • Guido de Caso
  • Juan Chen
  • Yuri Gurevich
  • Prasad Naldurg
  • Nikhil Swamy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7781)


Many prior trust management frameworks provide authorization logics for specifying policies based on distributed trust. However, to implement a security protocol using these frameworks, one usually resorts to a general-purpose programming language. To reason about the security of the entire system, one must study not only policies in the authorization logic, but also hard-to-analyze implementation code.

This paper proposes dkal  ⋆ , a language for constructing executable specifications of authorization protocols. Protocol and policy designers can use dkal  ⋆ ’s authorization logic for expressing distributed trust relationships, and its small rule-based programming language to describe the message sequence of a protocol. Importantly, many low-level details of the protocol (e.g., marshaling formats or management of state consistency) are left abstract in dkal  ⋆ , but sufficient details must be provided in order for the protocol to be executable.

We formalize the semantics of dkal  ⋆ , giving it an operational semantics and a type system. We prove various properties of dkal  ⋆ , including type soundness and a decidability property for its underlying logic. We also present an interpreter for dkal  ⋆ , mechanically verified for correctness and security. We evaluate our work experimentally on several examples.


Type System Decision Procedure Operational Semantic Trust Management Execution Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Access control in a core calculus of dependency. SIGPLAN Not. 41(9), 263–273 (2006)CrossRefGoogle Scholar
  2. 2.
    Appel, A., Felten, E.: Proof-carrying authentication. In: CCS 1999, pp. 52–62. ACM (1999)Google Scholar
  3. 3.
    Becker, M., Fournet, C., Gordon, A.: SecPAL: Design and semantics of a decentralized authorization language. Journal of Computer Security 18(4), 619–665 (2010)Google Scholar
  4. 4.
    Beklemishev, L., Blass, A., Gurevich, Y.: What is the logic of information? (in preparation, 2012)Google Scholar
  5. 5.
    Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: CSF (2008)Google Scholar
  6. 6.
    Bhargavan, K., Fournet, C., Corin, R., Zalinescu, E.: Cryptographically verified implementations for TLS. In: ACM Conference on Computer and Communications Security, pp. 459–468 (2008)Google Scholar
  7. 7.
    Bjørner, N., de Caso, G., Gurevich, Y.: From Primal Infon Logic with Individual Variables to Datalog. In: Erdem, E., Lee, J., Lierler, Y., Pearce, D. (eds.) Correct Reasoning. LNCS, vol. 7265, pp. 72–86. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Blanchet, B.: Security Protocol Verification: Symbolic and Computational Models. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 3–29. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Blass, A., Gurevich, Y., Moskal, M., Neeman, I.: Evidential authorization. In: Nanz, S. (ed.) The Future of Software Engineering, pp. 73–99. Springer (2011)Google Scholar
  10. 10.
    CACM Staff: Microsoft’s protocol documentation program: interoperability testing at scale. Commun. ACM 54(7), 51–57 (2011), Google Scholar
  11. 11.
    Chapin, P., Skalka, C., Wang, X.: Authorization in trust management: Features and foundations. ACM Computing Surveys (CSUR) 40(3), 9 (2008)CrossRefGoogle Scholar
  12. 12.
    Gordon, A.D., Jeffrey, A.: Typing correspondence assertions for communication protocols. Theor. Comput. Sci. 300(1-3), 379–409 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Gurevich, Y., Neeman, I.: DKAL: Distributed-knowledge authorization language. In: 21st IEEE Computer Security Foundations Symposium, pp. 149–162. IEEE (2008)Google Scholar
  14. 14.
    Gurevich, Y.: Evolving algebra 1993: Lipari guide. Specification and Validation Methods (1995)Google Scholar
  15. 15.
    Gurevich, Y., Rossman, B., Schulte, W.: Semantic essence of AsmL. Theor. Comput. Sci. 343(3), 370–412 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Jeannin, J.B., de Caso, G., Chen, J., Gurevich, Y., Naldurg, P., Swamy, N.: dkal*: Constructing executable specifications of authorization Protocols (extended version). Tech. rep., Microsoft Research (2012),
  17. 17.
    Jia, L., Vaughan, J., Mazurak, K., Zhao, J., Zarko, L., Schorr, J., Zdancewic, S.: Aura: A programming language for authorization and audit. In: ICFP (2008)Google Scholar
  18. 18.
    Jim, T.: SD3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 106–115. IEEE (2001)Google Scholar
  19. 19.
    Maffeis, S., Abadi, M., Fournet, C., Gordon, A.D.: Code-Carrying Authorization. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 563–579. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Necula, G.C.: Proof-carrying code. In: POPL 1997: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119. ACM Press, New York (1997)CrossRefGoogle Scholar
  21. 21.
    Sheard, T., Jones, S.P.: Template meta-programming for Haskell. In: Proceedings of the 2002 ACM SIGPLAN Workshop on Haskell, Haskell 2002. ACM (2002)Google Scholar
  22. 22.
    Swamy, N., Chen, J., Fournet, C., Strub, P.Y., Bhargavan, K., Yang, J.: Secure distributed programming with value-dependent types. In: ICFP, pp. 266–278 (2011)Google Scholar
  23. 23.
    Vaughan, J., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. In: CSF 2008, pp. 163–176. IEEE (2008)Google Scholar
  24. 24.
    Wang, R., Chen, S., Wang, X., Qadeer, S.: How to shop for free online - security analysis of cashier-as-a-service based web stores. In: IEEE Symposium on Security and Privacy, pp. 465–480 (2011)Google Scholar
  25. 25.
    Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings of the 1993 IEEE Symposium on Security and Privacy, SP 1993, pp. 178–194. IEEE Computer Society, Washington, DC (1993), CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jean-Baptiste Jeannin
    • 1
  • Guido de Caso
    • 2
  • Juan Chen
    • 3
  • Yuri Gurevich
    • 3
  • Prasad Naldurg
    • 3
  • Nikhil Swamy
    • 3
  1. 1.Cornell UniversityUSA
  2. 2.Universidad de Buenos AiresArgentina
  3. 3.Microsoft ResearchUSA

Personalised recommendations