Automated Analysis of Security Protocols with Global State

Steve Kremer 1 Robert Künnemann 2
1 PESTO - Proof techniques for security protocols
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Security APIs, key servers and protocols that need to keep the status of transactions, require to maintain a global, non-monotonic state, e.g., in the form of a database or register. However, most existing automated verification tools do not support the analysis of such stateful security protocols – sometimes because of fundamental reasons, such as the encoding of the protocol as Horn clauses, which are inherently monotonic. A notable exception is the recent tamarin prover which allows specifying protocols as multiset rewrite (msr) rules, a formalism expressive enough to encode state. As multiset rewriting is a " low-level " specification language with no direct support for concurrent message passing, encoding protocols correctly is a difficult and error-prone process. We propose a process calculus which is a variant of the applied pi calculus with constructs for manipulation of a global state by processes running in parallel. We show that this language can be translated to msr rules whilst preserving all security properties expressible in a dedicated first-order logic for security properties. The translation has been implemented in a prototype tool which uses the tamarin prover as a backend. We apply the tool to several case studies among which a simplified fragment of PKCS#11, the Yubikey security token, and an optimistic contract signing protocol.
Type de document :
Article dans une revue
Journal of Computer Security, IOS Press, 2016, 24 (5), 〈10.3233/JCS-160556〉
Liste complète des métadonnées

Littérature citée [35 références]  Voir  Masquer  Télécharger
Contributeur : Steve Kremer <>
Soumis le : mercredi 3 août 2016 - 16:02:34
Dernière modification le : jeudi 11 janvier 2018 - 06:27:43
Document(s) archivé(s) le : mardi 8 novembre 2016 - 20:26:52


Fichiers produits par l'(les) auteur(s)




Steve Kremer, Robert Künnemann. Automated Analysis of Security Protocols with Global State. Journal of Computer Security, IOS Press, 2016, 24 (5), 〈10.3233/JCS-160556〉. 〈hal-01351388〉



Consultations de la notice


Téléchargements de fichiers