Secrecy-Preserving Refinement

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2021)


A useful paradigm of system development is that of stepwise refinement. In contrast to other system properties, many security properties proposed in the literature are not preserved under refinement (refinement paradox).

We present work towards a framework for stepwise development of secure systems by showing a notion of secrecy (that follows a standard approach) to be preserved by standard refinement operators in the specification framework Focus (extended with cryptographic primitives). We also give a rely/guarantee version of the secrecy property and show preservation by refinement. We use the secrecy property to uncover a previously unpublished flaw in a proposed variant of TLS, propose a correction and prove it secure. We give an abstract specification of a secure channel satisfying secrecy and re_ne it to a more concrete specification that by the preservation result thus also satisfies secrecy.


Security Property Output Channel Input Channel Input Stream Cryptographic Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Aba00]
    M. Abadi. Security protocols and their properties. In F.L. Bauer and R. Steinbrueggen, editors, Foundations of Secure Computation, pages 39–60. IOS Press, 2000. 20th Int. Summer School, Marktoberdorf, Germany.Google Scholar
  2. [AG99]
    M. Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148(1):1–70, January 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  3. [AJ00]
    M. Abadi and Jan Jürjens. Formal eavesdropping and its computational interpretation, 2000. submitted.Google Scholar
  4. [APS99]
    V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost ? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.Google Scholar
  5. [AR00]
    M. Abadi and P. Rogaway. Reconciling two views of cryptography (invited lecture). In TCS 2000 (IFIP conference), Japan, August 2000.Google Scholar
  6. [Boe81]
    B.W. Boehm. Software Engineering Economics. Prentice-Hall, 1981.Google Scholar
  7. [Bro99]
    M. Broy. A logical basis for component-based systems engineering. In M. Broy and R. Steinbrüggen, editors, Calculational System Design. IOS Press, 1999.Google Scholar
  8. [BS00]
    M. Broy and K. Stølen. Specification and Development of Interactive Systems. Springer, 2000. (to be published).Google Scholar
  9. [CGG00]
    L. Cardelli, G. Ghelli, and A. Gordon. Secrecy and group creation. In CONCUR 2000, pages 365–379, 2000.Google Scholar
  10. [DY83]
    D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198–208, 1983.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [FBGL94]
    S. Fitzgerald, T. M. Brookes, M. A. Green, and P. G. Larsen. Formal and informal specifications of a secure system component: first results in a comparative study. In M. Naftalin, B. T. Denvir, and M. Bertran, editors, FME’94: Industrial Bene_t of Formal Methods, pages 35–44. Springer, 1994.Google Scholar
  12. [HMR+98]_F. Huber, S. Molterer, A. Rausch, B. Schätz, M. Sihling, and O. Slotosch. Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155–164, 1998.Google Scholar
  13. [Jür00a]
    Jan Jürjens. Abstracting from failure probabilities, 2000. submitted.Google Scholar
  14. [Jür00b]
    Jan Jürjens. Composability of secrecy, 2000. submitted.Google Scholar
  15. [Jür00c]
    Jan Jürjens. Secure information flow for concurrent processes. In C. Palamidessi, editor, CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS, pages 395–409, Pennsylvania, 2000. Springer.CrossRefGoogle Scholar
  16. [Jür01]
    Jan Jürjens. Towards development of secure systems using UML. In H. Hußmann, editor, Fundamental Approaches to Software Engineering, LNCS. Springer, 2001. to be published.Google Scholar
  17. [LFBG95]
    P. G. Larsen, S. Fitzgerald, T. M. Brookes, and M. A. Green. Formal modelling and simulation in the development of a security-critical message processing system. In Formal Methods, Modelling and Simulation for Systems Engineering, 1995au].Google Scholar
  18. [Lot00]
    V. Lotz. Formally defining security properties with relations on streams. Electronical Notes in Theoretical Computer Science, 32, 2000.Google Scholar
  19. [Man00]
    H. Mantel. Possibilistic definitions of security-an assembly kit. In IEEE Computer Security Foundations Workshop, 2000.Google Scholar
  20. [McL94]
    J. McLean. Security models. In John Marciniak, editor, Encyclopedia of Software Engineering. Wiley & Sons, Inc., 1994.Google Scholar
  21. [McL96]
    J. McLean. A general theory of composition for a class of “;possibilistic” properties. IEEE Transactions on Software Engineering, 22(1):53–67, 1996.CrossRefGoogle Scholar
  22. [Mea92]
    C. Meadows. Using traces based on procedure calls to reason about composability. In IEEE Symposium on Security and Privacy, pages 177–188, 1992.Google Scholar
  23. [Mea96]
    C. Meadows. Formal verification of cryptographic protocols: A survey. In Asiacrypt 96, 1996.Google Scholar
  24. [Pfi98]
    B. Pfitzmann. Higher cryptographic protocols, 1998. Lecture Notes, Universität des Saarlandes.Google Scholar
  25. [RS98]
    P. Ryan and S. Schneider. An attack on a recursive authentication protocol. Inform. Proc. Letters, 65:7–10, 1998.CrossRefGoogle Scholar
  26. [RS99]
    P. Ryan and S. Schneider. Process algebra and non-interference. In IEEE Computer Security Foundations Workshop, 1999.Google Scholar
  27. [RWW94]
    A. Roscoe, J. Woodcock, and L. Wulf. Non-interference through determinism. In ESORICS 94, volume 875 of LNCS. Springer, 1994.Google Scholar
  28. [Sch96]
    S. Schneider. Security properties and CSP. In IEEE Symposium on Security and Privacy, pages 174–187, 1996.Google Scholar
  29. [SS75]
    J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, September 1975.CrossRefGoogle Scholar
  30. [SV00]
    P. Sewell and J. Vitek. Secure composition of untrusted code: Wrappers and causality types. In CSFW, 2000.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  1. 1.Computing LaboratoryUniversity of OxfordUK

Personalised recommendations