Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security Protocols

Security Protocols 2006: Security Protocols pp 62–84Cite as

Cordial Security Protocol Programming

The Obol Protocol Language

  • Conference paper

  • 574 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5087))

Abstract

Obol is a protocol programming language. The language is domain specific, and has been designed to facilitate error-free implementation of security protocols.

Selecting the primitives of the language is, basically, concerned with determining which issues needs to be visible to the protocol programmer, and which can be left to the runtime without further ado.

The basic abstractions of Obol has been modelled after the ones offered by the ban logic of authentication. By building on these abstractions Obol makes it less hard to bridge the gap between logical analysis and implementation.

Obol has been designed with the implementation of security protocols in mind, but the language can be used to implement also other types of protocols.

At the core of the design and implementation is pattern-matching machinery enabling the runtime to parse packets as they arrive in order to free the programmer from a wide range of low-level issues know to foster all sorts of implementation difficulties.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R., Needham, R.: Programming satan’s computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, pp. 426–440. Springer, Heidelberg (1996)

    Google Scholar 

  2. Barak, B., Halevi, S., Herzberg, A., Naor, D.: Clock synchronization with faults and recoveries (extended abstract). In: Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, pp. 133–142. ACM Press, New York (2000)

    Chapter  Google Scholar 

  3. Zhou, L., Schneider, F.B., Renesse, R. V.: Coca: A secure distributed online certification authority. ACM Trans. Comput. Syst. 20(4), 329–368 (2002)

    Article  Google Scholar 

  4. Department of Defense: DoD 5200.28-STD: Department of defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC), The Orange Book (1985)

    Google Scholar 

  5. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distribued systems: theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)

    Article  Google Scholar 

  6. Thompson, K.: Reflections on trusting trust. Communications of the ACM 27(8), 761–763 (1984); Also appears in ACM Turing Award Lectures: The First Twenty Years 1965-1985. ACM press, New York (1987), and Computers Under Attack: Intruders, Worms, and Viruses. ACM press, New York (1990)

    Google Scholar 

  7. Simmons, G.J.: Cryptanalysis and protocol failures. Communications of the ACM 37(11), 56–65 (1994)

    Article  Google Scholar 

  8. Stubblefield, A., Ioannidis, J., Rubin, A.D.: A key recovery attack on the 802.11b wired equivalent privacy protocol (wep). ACM Transactions of Information Systems Security 7(2), 319–332 (2004)

    Article  Google Scholar 

  9. Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering 22(1), 6–15 (1996); A preliminery version appeared in the Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy (1994)

    Google Scholar 

  10. Harris, J., Henderson, D.: A better mythology for system design. In: ACM Conference on Human Factors in Computing Systems, pp. 88–95 (1999)

    Google Scholar 

  11. Anderson, R., Needham, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995)

    Google Scholar 

  12. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)

    Article  Google Scholar 

  13. Abbott, M.B., Peterson, L.L.: A language-based approach to protocol implementation. IEEE/ACM Transactions on Networking 1(1), 4–19 (1993)

    Article  Google Scholar 

  14. Durgin, N., Lincoln, P., Mitchell, J., Scedro, A.: Undevidability of bounded security protocols. In: Heintze, N., Clark, E. (eds.) Proceedings of the Workshop on Formal Methods and Security Protocols, Trento, Italy (1999)

    Google Scholar 

  15. Syverson, P.F.: Knowledge, belief, and semantics in the analysis of cryptographic protocols. Journal of Computer Security 1(3), 317–334 (1992)

    Google Scholar 

  16. Parnas, D.: Software aging. In: Proceedings of the 16th international conference on Software engineering, Sorrento, Italy, pp. 279–287 (1994)

    Google Scholar 

  17. Blum, J.R., Goldwasser, S.: An efficient probabilistic public-key encryption scheme which hides all partial information. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 289–302. Springer, Heidelberg (1985)

    Chapter  Google Scholar 

  18. Goldwasser, S., Micali, S.: Probabilistic encryption and hos to play mental poker. In: Proceedings of the 14th ACM Symposium on the Theory of Computing (1982)

    Google Scholar 

  19. Halpern, J.Y., van der Meyden, R.: A logical reconstruction of spki. Journal of Computer Security 11(4), 581–613 (2004)

    Google Scholar 

  20. Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering 22(1), 6–15 (1996)

    Article  Google Scholar 

  21. Halpern, J.Y., van der Meyden, R.: A logic for SDSI’s linked local name spaces. In: PCSFW: Proceedings of The 12th Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

  22. Myrvang, P.H.: An infrastructure for authentication, authorization and delegation. Cand. scient. thesis, Dept. Computer Science, University of Tromsø, Norway (2000)

    Google Scholar 

  23. Abadi, M., Tuttle, M.: A Semantics for a Logic of Authentication. In: Proceedings of the 10th Annual ACM Symposium on Principles of Distributed Computing, pp. 201–216 (1991)

    Google Scholar 

  24. Andersen, A., Blair, G.S., Eliassen, F.: A reflective component-based middleware with quality of service management. In: PROMS 2000, Protocols for Multimedia Systems, Cracow, Poland (2000)

    Google Scholar 

  25. Burrows, M., Abadi, M., Needham, R.: A logic of authentication, from proceedings of the royal society. In: Stallings, W. (ed.) Practical Cryptography for Data Internetworks, vol. 426(1871). IEEE Computer Society Press, Los Alamitos (1989)

    Google Scholar 

  26. Bellovin, S., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland (1992)

    Google Scholar 

  27. Rankl, W., Effing, W.: Smart Card Handbook, 2nd edn. John Wiley & Sons, Chichester (2000), ISBN 0-471-98875-8

    Google Scholar 

  28. Abadi, M., Burrows, M., Kaufman, C., Lampson, B.: Authentication and delegation with smart-cards. Science of Computer Programming 21(2), 93–113 (1993)

    Article  MATH  Google Scholar 

  29. Stabell-Kulø, T., Arild, R., Myrvang, P.H.: Providing authentication to messages signed with a smart card in hostile environments. In: Proceedings from the USENIX Workshop on Smartcard Technology, pp. 93–99 (1999)

    Google Scholar 

  30. Meadows, C.: Formal Verification of Cryptographic Protocols: A Survey. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 133–150. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  31. Meadows, C.: The NRL Protocol Analyzer: An Overview. The Journal of Logic Programming 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  32. Gong, L., Needham, R., Yahalom, R.: Reasoning about Belief in Cryptographic Protocols. In: Proceedings of the IEEE 1990 Symposium on Security and Privacy, Oakland, California, pp. 234–248 (1990)

    Google Scholar 

  33. Syverson, P.F., van Oorschot, P.C.: A unified cryptographic protocol logic. CHACS Report 5540-227, Naval Research Laboratory, Washington, USA (1996); Parts of this paper appeared in preliminary form in [52] and [53]

    Google Scholar 

  34. Brickin, S.H.: Automatically detecting most vulnerabilities in cryptographic protocols. In: DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC, USA (2000)

    Google Scholar 

  35. Bolognesi, T., Brinksma, E.: Introduction to the ISO specification language LOTOS. In: van Eijk, P.H.J., Visser, C.A., Diaz, M. (eds.) The formal description technique LOTOS, pp. 23–73. North-Holland, Amsterdam (1989)

    Google Scholar 

  36. ISO: Information processing systems — Open systems interconnection — Estelle — a formal description technique based on an extended state transition model (1989)

    Google Scholar 

  37. Ehrig, H., Mahr, B.: Fundamentals of Algebraic Specification 1: Equations and Initial Semantics. Springer, Heidelberg (1985)

    MATH  Google Scholar 

  38. Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)

    MATH  Google Scholar 

  39. Boussinot, F., de Simone, R.: The ESTEREL language. IEEE Transactions on Software Engineering 9(79), 1293–1304 (1991)

    Google Scholar 

  40. Berry, G., Gonthier, G.: The ESTREL synchronous programming language: Design, semantics, implementation. Science of Computer Programming 2(19) (1992)

    Google Scholar 

  41. Mengual, L., Barcia, N., Jiménez, E., Menasalvas, E., Setién, J., Yágüez, J.: Automatic implementation system of security protocols based on formal description techniques. In: Corradi, A., Daneshmand, M. (eds.) Proceedings of the Seventh IEEE Symposium on Computers and Communications, pp. 355–360. IEEE Computer Society, Los Alamitos (2002)

    Chapter  Google Scholar 

  42. Brackin, S., Meadows, C., Millen, J.: Capsl interface for the nrl protocol analyzer. In: Proceedings of the Symposium on Application - Specific Systems and Software Engineering and Technology, pp. 64–73. IEEE, Los Alamitos (1999)

    Google Scholar 

  43. Millen, J., Muller, F.: Cryptograpic protocol generation from capsl. SRI Techical Report SRI-CSL-07-01, Computer Science Laboratory, SRI international (2001)

    Google Scholar 

  44. Perrig, A., Phan, D., Song, D.X.: ACG-automatic code generation. Automatic implementation of a security protocol. Techical Report 00-1120, UC Berkeley (2000); This technical report was never issued

    Google Scholar 

  45. Perrig, A., Song, D.: A first step towards the automatic generation of security protocols. In: Network and Distributed System Security Symposium, NDSS 2000, pp. 73–84 (2000)

    Google Scholar 

  46. Millen, J., Denker, G.: Mucapsl. In: DISCEX III, DARPA Information Survivability Conference and Exposition, pp. 238–249. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  47. Kohler, E., Kaashoek, M.F., Montgomery, D.R.: A readable TCP in the Prolac protocol language. In: ACM SIGCOMM, pp. 3–13 (1999)

    Google Scholar 

  48. MacKenzie, P., Oprea, A., Reiter, M.K.: Automatic generation of two-party computations. In: Proceedings of the 10th ACM conference on Computer and communication security, Washington D.C., USA, pp. 210–219 (2003)

    Google Scholar 

  49. van Renesse, R., Birman, K.P., Maffeis, S.: Horus: A flexible group communication system. Communications of the ACM 39(4), 76–83 (1996)

    Article  Google Scholar 

  50. McDaniel, P.D., Prakash, A., Honeyman, P.: Antigone: A flexible framework for secure group communication. In: Proceedings of the 8th USENIX Security Symposium, pp. 99–114 (1999)

    Google Scholar 

  51. Stiller, B., Class, C., Waldvogel, M., Caronni, G., Bauer, D., Plattner, B.: A flexible middleware for multimedia communication: Design implementation, and experience. IEEE JSAC: Special Issue on Middleware 17(9), 1614–1631 (1999)

    Google Scholar 

  52. van Oorschot, P.C.: Extending cryptographic logics of beliefs to key agreement protocols (extended abstract). In: Proceedings of the First ACM Conference on Computer and Communication Security, pp. 232–243 (1993)

    Google Scholar 

  53. Syverson, P.F., van Oorschot, P.C.: On unifying some cryptographic protocol logics. In: Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, California, USA, pp. 14–28. IEEE Computer Society Press, Los Alamitos (1994)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Bodø Graduate School of Business, University College of Bodø, Norway

    Per Harald Myrvang

  2. Department of Computer Science, University of Tromsø, Norway

    Tage Stabell-Kulø

Authors
  1. Per Harald Myrvang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tage Stabell-Kulø
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, AL10 9AB, Hatfield, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. Faculty of Science, Department of Computer Systems, Vrije Universiteit, De Boelelaan 1081a, 1081 HV, Amsterdam, The Netherlands

    Bruno Crispo

  3. Microsoft Research Ltd., Roger Needham Building, 7 JJ Thomson Avenue, CB3 0FB, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Myrvang, P.H., Stabell-Kulø, T. (2009). Cordial Security Protocol Programming. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2006. Lecture Notes in Computer Science, vol 5087. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04904-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04904-0_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04903-3

  • Online ISBN: 978-3-642-04904-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation