Abstract
Security protocols are critical for protecting modern communication infrastructures and are therefore subject to thorough analysis. However practical implementations of these protocols lack the same level of attention and thus may be more exposed to attacks. This paper discusses security assurance provided by security-typed languages when implementing cryptographic protocols. Our results are based on a case study using Jif, a Java-based security-typed language, for implementing a non-trivial cryptographic protocol that allows playing online poker without a trusted third party. The case study deploys the largest program written in a security-typed language to date and identifies insights ranging from security guarantees to useful patterns of secure programming.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
CERT® advisory CA-2003-26: Multiple vulnerabilities in SSL/TLS implementations (October 2003), http://www.cert.org/advisories/CA-2003-26.html
Jif source code for the mental poker protocol (March 2005), http://www.cs.chalmers.se/~aaskarov/jifpoker
Agat, J.: Transforming out timing leaks. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 40–53 (January 2000)
Anderson, R.: Why cryptosystems fail. In: ACM Conference on Computer and Communications Security, pp. 215–227 (November 1993)
Banerjee, A., Naumann, D.A.: Secure information flow and pointer confinement in a Java-like language. In: Proc. IEEE Computer Security Foundations Workshop, pp. 253–267 (June 2002)
Barnett, A., Smart, N.P.: Mental poker revisited. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 370–383. Springer, Heidelberg (2003)
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with Polymer. In: Proc. ACM Conf. on Programming Language Design and Implementation (June 2005) (to appear)
Castellà-Roca, J., Domingo-Ferrer, J., Riera, A., Borrell, J.: Practical mental poker without a TTP based on homomorphic encryption. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 280–294. Springer, Heidelberg (2003)
Chong, S., Myers, A.C.: Security policies for downgrading. In: ACM Conference on Computer and Communications Security, pp. 198–209 (October 2004)
Chong, S., Myers, A.C.: Language-based information erasure. In: Proc. IEEE Computer Security Foundations Workshop (June 2005) (to appear)
Cinnéide, M.Ó.: Automated refactoring to introduce design patterns. In: Proc. ACM International Conference on Software Engineering, pp. 722–724 (2000)
Crépeau, C.: A secure poker protocol that minimizes the effect of player coalitions. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 73–86. Springer, Heidelberg (1986)
Crépeau, C.: A zero-knowledge poker protocol that achieves confidentiality of the players’ strategy or how to achieve an electronic poker face. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 239–247. Springer, Heidelberg (1987)
Dam, M., Giambiagi, P.: Confidentiality for mobile code: The case of a simple payment protocol. In: Proc. IEEE Computer Security Foundations Workshop, pp. 233–244 (July 2000)
Denning, D.E.: A lattice model of secure information flow. Comm. of the ACM 19(5), 236–243 (1976)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)
Domingo-Ferrer, J.: A new privacy homomorphism and applications. Information Processing Letters 60(5), 277–282 (1996)
Edwards, J.: Implementing electronic poker: A practical exercise in zero-knowledge interactive proofs. Master’s thesis, Dept. of Computer Science, University of Kentucky (1994)
Focardi, R., Gorrieri, R.: Classification of security properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)
Giambiagi, P., Dam, M.: On the secure implementation of security protocols. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 144–158. Springer, Heidelberg (2003)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)
Goldwasser, S., Micali, S.: Probabilistic encryption and how to play mental poker keeping secret all partial information. In: Proc. ACM Symp. Theory of Computing, pp. 365–377 (1982)
Gutmann, P.: Lessons learned in implementing and deploying crypto software. In: Proc. USENIX Security Symp., pp. 315–325 (August 2002)
Hanna, R., Rideout, A., Ziegler, D.: Secure peer-to-peer texas hold’em. Course project, MIT (2003), http://web.mit.edu/ardonite/6.857/
Heintze, N., Riecke, J.G.: The SLam calculus: programming with secrecy and integrity. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 365–377 (January 1998)
Heldal, R., Hultin, F.: Bridging model-based and language-based security. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 235–252. Springer, Heidelberg (2003)
Heldal, R., Schlager, S., Bende, J.: Supporting confidentiality in UML: A profile for the Decentralized Label Model. In: Proc. International Workshop on Critical Systems Development with UML, pp. 56–70 (2004)
Kurosawa, K., Katayama, K., Ogata, W.: Reshufflable and laziness tolerant mental card game protocol. IEICE Transactions E80-A(1), 72–78 (1997)
Kurosawa, K., Katayama, Y., Ogata, W., Tsujii, S.: General public key residue cryptosystems and mental poker protocols. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 374–388. Springer, Heidelberg (1991)
Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 158–170 (January 2005)
Li, P., Zdancewic, S.: Practical information-flow control in web-based information systems. In: Proc. IEEE Computer Security Foundations Workshop (June 2005) (to appear)
Mantel, H., Sands, D.: Controlled declassification based on intransitive noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)
Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 228–241 (January 1999)
Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Proc. ACM Symp. on Operating System Principles, pp. 129–142 (October 1997)
Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: Proc. IEEE Computer Security Foundations Workshop, pp. 172–186 (June 2004)
Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow. Software release (July 2001-2004), Located at http://www.cs.cornell.edu/jif
Pottier, F., Simonet, V.: Information flow inference for ML. ACM TOPLAS 25(1), 117–158 (2003)
Ryan, P.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1–62. Springer, Heidelberg (2001)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)
Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Proc. IEEE Computer Security Foundations Workshop, pp. 200–214 (July 2000)
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. IEEE Computer Security Foundations Workshop (June 2005) (to appear)
Schindelhauer, C.: A toolbox for mental card games (1998), http://citeseer.ist.psu.edu/schindelhauer98toolbox.html
Shamir, A., Rivest, R., Adleman, L.: Mental poker. Mathematical Gardner, 37–43 (1981)
Simonet, V.: The Flow Caml system. Software release. Located at (July 2003), http://cristal.inria.fr/~simonet/soft/flowcaml/
Tse, S., Washburn, G.: Cryptographic programming in Jif. Course project (2003), http://www.cis.upenn.edu/~stse/bank/main.pdf
Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2001)
Zdancewic, S.: Challenges for information-flow security. In: Proc. Programming Language Interference and Dependence (PLID) (August 2004)
Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Untrusted hosts and confidentiality: Secure program partitioning. In: Proc. ACM Symp. on Operating System Principles, pp. 1–14 (October 2001)
Zheng, L., Chong, S., Myers, A.C., Zdancewic, S.: Using replication and partitioning to build secure distributed systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 236–250 (May 2003)
Zheng, L., Myers, A.C.: End-to-end availability policies and noninterference. In: Proc. IEEE Computer Security Foundations Workshop (June 2005) (to appear)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Askarov, A., Sabelfeld, A. (2005). Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study. In: di Vimercati, S.d.C., Syverson, P., Gollmann, D. (eds) Computer Security – ESORICS 2005. ESORICS 2005. Lecture Notes in Computer Science, vol 3679. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11555827_12
Download citation
DOI: https://doi.org/10.1007/11555827_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28963-0
Online ISBN: 978-3-540-31981-8
eBook Packages: Computer ScienceComputer Science (R0)