A Program Logic for Verifying Secure Routing Protocols

The Internet, as it stands today, is highly vulnerable to attacks. However, little has been done to understand and verify the formal security guarantees of proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In this paper, we develop a sound program logic for SANDLog-a declarative specification language for secure routing protocols for verifying properties of these protocols. We prove invariant properties of SANDLog programs that run in an adversarial environment. As a step towards automated verification, we implement a verification condition generator (VCGen) to automatically extract proof obligations. VCGen is integrated into a compiler for SANDLog that can generate executable protocol implementations; and thus, both verification and empirical evaluation of secure routing protocols can be carried out in this unified framework. To validate our framework, we encoded several proposed secure routing mechanisms in SANDLog, verified variants of path authenticity properties by manually discharging the generated verification conditions in Coq, and generated executable code based on SANDLog specification and ran the code in simulation.

[1]  Mark-Oliver Stehr,et al.  Formal prototyping in early stages of protocol design , 2005, WITS '05.

[2]  Limin Jia,et al.  Maintaining distributed logic programs incrementally , 2011, Comput. Lang. Syst. Struct..

[3]  Chen Chen,et al.  Reduction-based security analysis of Internet routing protocols , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[4]  José Meseguer,et al.  A rewriting-based inference system for the NRL protocol analyzer: grammar generation , 2005, FMSE '05.

[5]  Véronique Cortier,et al.  Deciding Security for Protocols with Recursive Tests , 2011, CADE.

[6]  John C. Mitchell,et al.  A modular correctness proof of IEEE 802.11i and TLS , 2005, CCS '05.

[7]  Véronique Cortier,et al.  Modeling and Verifying Ad Hoc Routing Protocols , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[8]  Prithwish Basu,et al.  Declarative Network Verification , 2009, PADL.

[9]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[10]  Carl A. Gunter,et al.  Formal verification of standards for distance vector routing protocols , 2002, JACM.

[11]  Johan Anthory Willem Kamp,et al.  Tense logic and the theory of linear order , 1968 .

[12]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Ion Stoica,et al.  Declarative routing: extensible routing with declarative queries , 2005, SIGCOMM '05.

[15]  Hao Xu,et al.  A Program Logic for Verifying Secure Routing Protocols , 2014, FORTE.

[16]  Dawson R. Engler,et al.  Model Checking Large Network Protocol Implementations , 2004, NSDI.

[17]  Dilsun Kirli Kaynar,et al.  Compositional System Security with Interface-Confined Adversaries , 2010, MFPS.

[18]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[19]  John C. Mitchell,et al.  A Security Evaluation of DNSSEC with NSEC3 , 2010, NDSS.

[20]  Jean-Pierre Seifert,et al.  Secrecy Analysis in Protocol Composition Logic , 2006, ASIAN.

[21]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[22]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[23]  John C. Mitchell,et al.  Protocol Composition Logic (PCL) , 2007, Computation, Meaning, and Logic.

[24]  Véronique Cortier,et al.  Analysing Routing Protocols: Four Nodes Topologies Are Sufficient , 2012, POST.

[25]  Lawrence C. Paulson,et al.  Mechanized proofs for a recursive authentication protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[26]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[27]  Ion Stoica,et al.  Declarative networking , 2009, Commun. ACM.

[28]  Ion Stoica,et al.  Declarative networking: language, execution and optimization , 2006, SIGMOD Conference.

[29]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.