Skip to Main content Skip to Navigation
Journal articles

Intruder deducibility constraints with negation. Decidability and application to secured service compositions

Tigran Avanesov 1 Yannick Chevalier 2, 3 Michael Rusinowitch 4 Mathieu Turuani 4
1 SnT - Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg]
2 IRIT-LILaC - Logique, Interaction, Langue et Calcul
IRIT - Institut de recherche en informatique de Toulouse
3 UT3 - Université Toulouse III - Paul Sabatier
4 PESTO - Proof techniques for security protocols
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : We consider a problem of automated orchestration of security-aware services under additional constraints. The problem of finding a mediator to compose secured services has been reduced in previous works to the problem of solving deducibility constraints similar to those employed for cryptographic protocol analysis. We extend in this paper the mediator synthesis procedure (i.e. a solution for the orchestration problem) by allowing additional non-disclosure policies that express the fact that some data is not accessible to the mediator at a given point of its execution. We present a decision procedure that answers the question whether a mediator satisfying these policies can be effectively synthesized. The approach presented in this work extends the constraint solving procedure for cryptographic protocol analysis in a significant way as to be able to handle negation of deducibility constraints. It applies to all subterm convergent theories and therefore covers several interesting theories in formal security analysis including encryption, hashing, signature and pairing; it is also expressive enough for some RBAC policies. A variant of this procedure for Dolev Yao theory has been implemented in Cl-Atse, a protocol analysis tool based on constraint solving.
Keywords : Deducibility constraints Separation of duty Security policy Orchestration Web services Automated verification Cryptographic protocols Formal methods Synthesis
Document type :
Journal articles
Complete list of metadata

Cited literature [30 references]  Display  Hide  Download
https://hal.inria.fr/hal-01405851
Contributor : Michaël Rusinowitch Connect in order to contact the contributor
Submitted on : Thursday, December 1, 2016 - 9:45:49 AM
Last modification on : Wednesday, November 3, 2021 - 6:52:55 AM
Long-term archiving on: : Tuesday, March 21, 2017 - 6:55:18 AM

File

Vignette du document
main.pdf
Files produced by the author(s)

Identifiers

Collections

CNRS | INRIA | SMS | UNIV-TLSE2 | LORIA-FM | LORIA | UNIV-LORRAINE | UNIV-TLSE3 | UT1-CAPITOLE | IRIT | IRIT-LILAC | IRIT-IA | IRIT-UT3

Citation

Tigran Avanesov, Yannick Chevalier, Michael Rusinowitch, Mathieu Turuani. Intruder deducibility constraints with negation. Decidability and application to secured service compositions. Journal of Symbolic Computation, Elsevier, 2017, 80, pp.4 - 26. ⟨10.1016/j.jsc.2016.07.008⟩. ⟨hal-01405851⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Les métriques sont temporairement indisponibles

 

Contact                    Legal Notice                    Personal Data