Protocol Speci cation and Analysis in Maude

This paper proposes rewriting logic as an executable speciication formalism for security protocols that ooers some novel advantages. A message-passing object-oriented approach seems particularly natural for communication protocols and can be naturally formalized in rewriting logic. This is illustrated by using the Needham-Schroeder Public-Key protocol as a running example. The rewriting logic-based Maude interpreter CELM96] offers also some useful advantages. EEcient executability allows prototyping and debugging of protocol speciications. But since a concurrent system can have many diierent behaviors, to properly analyze the system it becomes important to explore not just the single execution provided by some default strategy, but many other executions. Maude supports user-deened execution strategies, including strategies such as breadth-rst-search that can exhaustively explore all the executions of a system. This is very helpful in uncovering security aws under unforeseen attack scenarios such as those found for NSPK. We also discuss future developments along of this work, including (1) narrowing using symbolic execution techniques, (2) modularity and compositionality issues in formal reasoning, and (3) combination of rewriting logic and temporal logic.

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[3]  José Meseguer,et al.  A logical theory of concurrent objects and its realization in the Maude language , 1993 .

[4]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  John Rushby,et al.  Critical system properties: survey and taxonomy , 1994 .

[6]  Catherine A. Meadows,et al.  Formal Verification of Cryptographic Protocols: A Survey , 1994, ASIACRYPT.

[7]  Nalini Venkatasubramanian,et al.  Reasoning about meta level activities in open distributed systems , 1995, PODC '95.

[8]  Christian Lengauer,et al.  Modal-µ-Maude: Specification and Properties of Concurrent Objects , 1995, Object Orientation with Parallelism and Persistence.

[9]  James W. Gray,et al.  Using temporal logic to specify and verify cryptographic protocols , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[10]  José Meseguer,et al.  Reflection and strategies in rewriting logic , 1996, WRLA.

[11]  M. Clavel,et al.  Principles of Maude , 1996, WRLA.

[12]  Catherine A. Meadows,et al.  Language generation and verification in the NRL protocol analyzer , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[13]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[14]  Catherine A. Meadows,et al.  Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches , 1996, ESORICS.

[15]  José Meseguer,et al.  Rewriting Logic as a Semantic Framework for Concurrency: a Progress Report , 1996, CONCUR.

[16]  G. Denker,et al.  Specifying distributed information systems: fundamentals of an object-oriented approach using distributed temporal logic , 1997 .

[17]  Gul Agha,et al.  Abstracting Interaction Patterns: A Programming Paradigm for Open Distributed Systems , 1997 .

[18]  Grit Denker From rewrite theories to temporal logic theories , 1998, WRLA.

[19]  Amílcar Sernadas,et al.  Logics for Specifying Concurrent Information Systems , 1998, Logics for Databases and Information Systems.

[20]  Francisco Durán,et al.  An extensible module algebra for Maude , 1998, WRLA.

[21]  J. Meseguer Research Directions in Rewriting Logic , 1999 .

[22]  J. Meseguer,et al.  Building Equational Proving Tools by Reflection in Rewriting Logic , 2000 .