Abstract
Many security architectures make use of layered security protocols, where a special-purpose application protocol is layered on top of a general-purpose secure transport protocol. When analysing such an architecture, it makes sense to abstract away from the implementation details of the secure transport protocol and just model the services it provides. But is this abstraction sound, or might it risk losing attacks? This is the question we consider in this paper. We show that —under certain assumptions— the abstraction is sound, in the sense that it correctly models the application-layer behaviour as seen by honest principals.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Fournet, C., Gonthier, G.: Secure implementation of channel abstractions. In: Proceedings of Logic in Computer Science (LICS 1998), pp. 105–116 (1998)
Andova, S., Cremers, C., Gjøsteen, K., Mauw, S., Mjølsnes, S., Radomirović, S.: A framework for compositional verification of security protocols. Information and Computation 206, 425–459 (2008)
Armando, A., Carbone, R., Compagna, L.: LTL model checking for security protocols. In: 20th IEEE Computer Security Foundations Symposium (2007)
Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of SAML 2.0 web browser single sign-on: Breaking the SAML-based single sign-on for Google Apps. In: The 6th ACM Workshop on Formal Methods in Security Engineering, FMSE 2008 (2008)
Bella, G., Longo, C., Paulson, L.C.: Verifying second-level security protocols. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol. 2758, pp. 352–366. Springer, Heidelberg (2003)
Bugliesi, M., Focardi, R.: Language based secure communication. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (2008)
Canetti, R., Meadows, C., Syverson, P.F.: Environmental requirements for authentication protocols. In: Okada, M., Babu, C. S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 339–355. Springer, Heidelberg (2003)
Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 352–363. Springer, Heidelberg (2007)
Ciobâcă, Ş., Cortier, V.: Protocol composition for arbitrary primitives. In: Proc. 23rd IEEE Computer Security Foundations Symposium, CSF 2010 (2010) (forthcoming)
Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: Secure protocol composition. In: Proc. FMSE 2003, pp. 11–23 (2003)
Dilloway, C.: On the Specification and Analysis of Secure Transport Layers. DPhil thesis, Oxford University (2008)
Dilloway, C., Lowe, G.: Specifying secure transport layers. In: 21st IEEE Computer Security Foundations Symposium, CSF 21 (2008)
Google. Web-based reference implementation of SAML-based SSO for Google Apps. (2008), http://code.google.com/apis/apps/sso/saml_reference_implementation_web.html
Guttman, J.D.: Cryptographic protocol composition via the authentication tests. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 303–317. Springer, Heidelberg (2009)
Guttman, J.D., Thayer, F.J.: Protocol independence through disjoint encryption. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW), Washington, DC, USA. IEEE Computer Society, Los Alamitos (2000)
Guttman, J.D., Thayer, F.J.: Authentication tests and the structure of bundles. Theoretical Computer Science (2001)
Kamil, A.: The Modelling and Analysis of Layered Security Architectures in Strand Spaces. DPhil thesis, Oxford University (2010)
Kamil, A., Lowe, G.: Specifying and modelling secure channels in strand spaces. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 233–247. Springer, Heidelberg (2010)
Kamil, A., Lowe, G.: Analysing TLS in the strand spaces model (2010) (in preparation)
Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: International Workshop on Security Protocols (1997)
Mödersheim, S., Viganò, L.: Secure pseudonymous channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 337–354. Springer, Heidelberg (2009)
OASIS Security Services Technical Committee. Security assertion markup language (SAML) v2.0 technical overview (2005), http://www.oasis-open.org/committees/security/
Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice Hall, Englewood Cliffs (1998)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: IEEE Symposium on Research in Security and Privacy, pp. 160–171. IEEE Computer Society Press, Los Alamitos (1998)
Thomas, S.: SSL and TLS: Securing the Web. Wiley, Chichester (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kamil, A., Lowe, G. (2011). Understanding Abstractions of Secure Channels. In: Degano, P., Etalle, S., Guttman, J. (eds) Formal Aspects of Security and Trust. FAST 2010. Lecture Notes in Computer Science, vol 6561. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19751-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-19751-2_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19750-5
Online ISBN: 978-3-642-19751-2
eBook Packages: Computer ScienceComputer Science (R0)