Composability of Secrecy

  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2052)


Modularity has been seen to be very useful in system development. Unfortunately, many security properties proposed in the literature are not composable (in contrast to other system properties), which is required to reason about them in a modular way. We present work supporting modular development of secure systems by showing a standard notion of secrecy to be composable wrt. the standard composition in the specification framework Focus (extended with cryptographic primitives). Additionally, the property is preserved under the standard refinement. We consider more fine-grained conditions useful in modular verification of secrecy. Keywords. Network security, cryptographic protocols, secrecy, modularity, composability, refinement, formal specification, computer aided software engineering.


Security Protocol Security Property Input Channel Cryptographic Protocol Local Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Abadi, M.: Security protocols and their properties. In: Bauer, F. and Stein-brueggen, R., (eds.): Foundations of Secure Computation. IOS Press, 2000Google Scholar
  2. [2]
    Abadi, M. and Gordon, A.D.: A calculus for cryptographic protocols: The spificalculus. Information and Computation, 148(1):1–70 (January 1999)zbMATHCrossRefMathSciNetGoogle Scholar
  3. [3]
    Abadi, M. and Jan Jürjens: Formal eavesdropping and its computational interpretation, 2000. SubmittedGoogle Scholar
  4. [4]
    Apostolopoulos, V., Peris, V., and Saha, D.: Transport layer security: How much does it really cost? In: Conference on Computer Communications (IEEE Infocom). New York (March 1999)Google Scholar
  5. [5]
    Broy, M. and Stølen, K.: Specification and Development of Interactive Systems. Springer (2000) (to be published)Google Scholar
  6. [6]
    Cardelli, L., Ghelli, G., and Gordon, A.: Secrecy and group creation. In: CONCUR 2000. (2000) 365–379Google Scholar
  7. [7]
    Dolev, D. and Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198–208 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  8. [8]
    Huber, F., Molterer, S., Rausch, A., Schätz, B., Sihling, M., and Slotosch, O.: Tool supported Specification and Simulation of Distributed Systems. In: International Symposium on Software Engineering for Parallel and Distributed Systems. (1998) 155–164Google Scholar
  9. [9]
    Jan Jürjens: Secure information flow for concurrent processes. In: CONCUR 2000 (11th International Conference on Concurrency Theory), Vol. 1877 of LNCS. Pennsylvania, Springer (2000) 395–409CrossRefGoogle Scholar
  10. [10]
    Jan Jürjens: Object-oriented modelling of audit security for smart-card payment schemes. In: Paradinas, P., (ed.): IFIP/SEC 2001 — 16th International Conference on Information Security, Paris, (11–13 June 2001) KluwerGoogle Scholar
  11. [11]
    Jan Jürjens: Secrecy-preserving refinement. In: Formal Methods Europe (International Symposium), LNCS. Springer (2001)Google Scholar
  12. [12]
    Jan Jürjens: Towards development of secure systems using UML. In: Huffmann, H., (ed.): Fundamental Approaches to Software Engineering (FASE/ETAPS, International Conference), LNCS. Springer (2001)Google Scholar
  13. [13]
    Jan Jürjens and Guido Wimmel: Specification-based testing of firewalls. Submitted (2001)Google Scholar
  14. [14]
    Lotz, V.: Threat scenarios as a means to formally develop secure systems. Journal of Computer Security 5 (1997) 31–67Google Scholar
  15. [15]
    McLean, J.: A general theory of composition for a class of “possibilistic” properties. IEEE Transactions on Software Engineering, 22(1):53–67 (1996)CrossRefGoogle Scholar
  16. [16]
    Meadows, C.: Using traces based on procedure calls to reason about composability. In: IEEE Symposium on Security and Privacy. (1992)Google Scholar
  17. [17]
    Meadows, C.: Applying the dependability paradigm to computer security. In: New Security Paradigms Workshop. (1995)Google Scholar
  18. [18]
    Meadows, C.: Formal verification of cryptographic protocols: A survey. In: Asiacrypt 96. (1996)Google Scholar
  19. [19]
    Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: DISCEX. IEEE (2000)Google Scholar
  20. [20]
    Millen, J.: Hookup security for synchronous machines. In: Computer Security Foundations Workshop III. IEEE Computer Society (1990)Google Scholar
  21. [21]
    Pitzmann, B.: Higher cryptographic protocols, 1998. Lecture Notes, Universität des SaarlandesGoogle Scholar
  22. [22]
    Pohl, H. and Weck G., (eds.): Internationale Sicherheitskriterien. Oldenbourg Verlag (1993)Google Scholar
  23. [23]
    Ryan, P. and Schneider, S.: Process algebra and non-interference. In: IEEE Computer Security Foundations Workshop. (1999)Google Scholar
  24. [24]
    Sewell, P. and Vitek, J.: Secure composition of untrusted code: Wrappers and causality types. In: CSFW. (2000)Google Scholar
  25. [25]
    Varadharajan, V.: Hook-up property for information flow secure nets. In: CSFW. (1991)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Computing LaboratoryUniversity of Oxford, GBUSA

Personalised recommendations