Advertisement

Admissible Interference by Typing for Cryptographic Protocols

  • Alaaeddine Fellah
  • John Mullins
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3783)

Abstract

Many security properties of cryptographic protocols can be expressed by using information flow policies as non-interference. But, in general it is very difficult to design a system without interference. For that, many works try to weak the standard definition of the non-interference. For instance, in [21] Mullins defines the admissible interference as an interference that admits flow information only through a dowgrader. Thus, we present in this paper a type system that try to detect process that allow interference. Then, if we can type a process we can say that is free interference. Also, we extend the type system of process with another type system based on a standard message algebra used in the literature of cryptographic protocols. So, we define the theoric characterization, prove the correctness of our type system and present an illustration of our result.

Keywords

Admissible interference Type systems Process Algebra Cryptographic Protocols Security Properties 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Piazza, C., Bossi, A., Rossi, S.: Modelling downgrading in information flow security. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW 2004), p. 187. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  2. 2.
    Sabelfeld, A., Myers, A.C., Zdancewic, S.: Enforcing robust declassification. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop, June 2004, pp. 172–186 (2004)Google Scholar
  3. 3.
    Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. In: Proceedings of the Fourth ACM Conference on Computer and Communications Security, April 1997. ACM Press, New York (1997)Google Scholar
  4. 4.
    Abadi, M.: Secrecy by typing in security protocols. J. ACM 46(5), 749–786 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Bella, G.: Inductive Verification of Cryptographic Protocols. PhD thesis, University of Cambridge (March 2000)Google Scholar
  6. 6.
    Boudol, G.: Asynchrony and the π-calulus. Technical report, INRIA-Sophia Antipolis (1992)Google Scholar
  7. 7.
    Buttyán, L.: Formal methods in the design of cryptographic protocols. Technical Report SSC/1999/038, Institute for computer Communications and Applications (November 1999)Google Scholar
  8. 8.
    Carlsen, U.: Cryptographic Protocol Flaws. In: Proceedings of the IEEE Computer Security Foundations Workshop VII, Franconia, June 1994, pp. 192–200. IEEE, Los Alamitos (1994)CrossRefGoogle Scholar
  9. 9.
    Conchon, S.: Modular information flow analysis for process calculi. In: Proc. of Foundations of Computer Security, pp. 23–34 (2002)Google Scholar
  10. 10.
    Focardi, R., Gorrieri, R.: Classification of Security Properties (Part I: Information Flow). In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: POPL 2004: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 186–197. ACM Press, New York (2004)CrossRefGoogle Scholar
  12. 12.
    Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: Proceedings of the 1982 IEEE Symposium on Research in Security and Privacy, April 1982, pp. 11–20. IEEE press, Los Alamitos (1982)Google Scholar
  13. 13.
    Hennessy, M.: The Security Picalculus and Non-interference. Journal of Logic and Algebraic Programming (2003) (to appear)Google Scholar
  14. 14.
    Hennessy, M., Riely, J.: Information flow vs. resource access in the asynchronous π-calculus. ACM Transactions on Programming Languages and Systems 24(5), 566–591 (2002)CrossRefGoogle Scholar
  15. 15.
    Honda, K., Tokoro, M.: On asynchronous communication semantics. In: Proceedings of the ECOOP 1991 Workshop on Object-Based Concurrent Computing, vol. 612, pp. 21–51. Springer, Heidelberg (1992)Google Scholar
  16. 16.
    Honda, K., Yoshida, N.: A Uniform Type Structure for Secure Information Flow. ACM SIGPLAN Notices 37(1), 81–92 (2002)CrossRefGoogle Scholar
  17. 17.
    Lafrance, S., Mullins, J.: Bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols. In: Harland, J. (ed.) Electronic Notes in Theoretical Computer Science, vol. 61. Elsevier Science Publishers, Amsterdam (2002)Google Scholar
  18. 18.
    Mejri, M., Debbabi, M., Durgin, N.A., Mitchell, J.C.: Security by typing. International Journal on Software Tools for Technology Transfer 4(4), 472–495 (2003)CrossRefGoogle Scholar
  19. 19.
    Meadows, C.: Formal methods for cryptographic protocol analysis: emerging issues and trends (2003)Google Scholar
  20. 20.
    Mejri, M.: From type theory to the verification of security protocols. PhD thesis, Laval University (February 2001)Google Scholar
  21. 21.
    Mullins, J.: Nondeterministic Admissible Interference. Journal of Universal Computer Science 6(11), 1054–1070 (2000)zbMATHGoogle Scholar
  22. 22.
    Sabelfeld, A., Myers, A.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications 21(1) (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Alaaeddine Fellah
    • 1
  • John Mullins
    • 1
  1. 1.Département de génie informatiqueÉcole Polytechnique de MontréalMontréal (Québec)Canada

Personalised recommendations