Logical Foundations of Secure Resource Management in Protocol Implementations

Recent research has shown that it is possible to leverage general-purpose theorem proving techniques to develop powerful type systems for the verification of a wide range of security properties on application code. Although successful in many respects, these type systems fall short of capturing resource-conscious properties that are crucial in large classes of modern distributed applications. In this paper, we propose the first type system that statically enforces the safety of cryptographic protocol implementations with respect to authorization policies expressed in affine logic. Our type system draws on a novel notion of "exponential serialization" of affine formulas, a general technique to protect affine formulas from the effect of duplication. This technique allows to formulate an expressive logical encoding of the authentication mechanisms underpinning distributed resource-aware authorization policies. We further devise a sound and complete type checking algorithm. We discuss the effectiveness of our approach on a case study from the world of e-commerce protocols.

[1]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[2]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2011, Journal of Functional Programming.

[3]  Andrew D. Gordon,et al.  A Type Discipline for Authorization Policies , 2005, ESOP.

[4]  David Walker,et al.  An effective theory of type refinements , 2003, ICFP '03.

[5]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[6]  Joshua D. Guttman,et al.  Trust Management in Strand Spaces: A Rely-Guarantee Method , 2004, ESOP.

[7]  Michele Bugliesi,et al.  Dynamic types for authentication , 2007, J. Comput. Secur..

[8]  Riccardo Pucella,et al.  Stateful Contracts for Affine Types , 2010, ESOP.

[9]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[10]  Xiaoyang Sean Wang,et al.  Authorization in trust management: Features and foundations , 2008, CSUR.

[11]  Pierre-Yves Strub,et al.  Modular code-based cryptographic verification , 2011, CCS '11.

[12]  Catuscia Palamidessi,et al.  Theory of Security and Applications , 2011, Lecture Notes in Computer Science.

[13]  Martin Hofmann,et al.  Type inference in intuitionistic linear logic , 2010, PPDP.

[14]  Michael Backes,et al.  Union and Intersection Types for Secure Protocol Implementations , 2011, TOSCA.

[15]  Jonathan Aldrich,et al.  A type system for borrowing permissions , 2012, POPL '12.

[16]  Jonathan Aldrich,et al.  Modular typestate checking of aliased objects , 2007, OOPSLA.

[17]  Andrew D. Gordon,et al.  A Type Discipline for Authorization in Distributed Systems , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[18]  Robin Milner,et al.  Functions as processes , 1990, Mathematical Structures in Computer Science.

[19]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[20]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[21]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[22]  Jean-Yves Girard,et al.  Linear logic: its syntax and semantics , 1995 .

[23]  Éric Tanter,et al.  First-class state change in plaid , 2011, OOPSLA '11.

[24]  Cédric Fournet,et al.  Cryptographic Protocol Synthesis and Verification for Multiparty Sessions , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[25]  Lujo Bauer,et al.  A Linear Logic of Authorization and Knowledge , 2006, ESORICS.

[26]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[27]  de Ng Dick Bruijn Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem , 1972 .

[28]  A. Troelstra Lectures on linear logic , 1992 .

[29]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[30]  Michele Bugliesi,et al.  Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[31]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[32]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[33]  Benjamin C. Pierce,et al.  A bisimulation for dynamic sealing , 2004, Theor. Comput. Sci..

[34]  James H. Morris Protection in programming languages , 1973, CACM.

[35]  Lujo Bauer,et al.  Consumable Credentials in Linear-Logic-Based Access-Control Systems , 2007, NDSS.