SPI2F - A Prototype Code Generator for Security Protocols

This thesis describes a new prototype tool that automatically generates a secure F# implementation of any protocol described in the Spi calculus. Type systems were previously proposed for analysing the security of both Spi calculus processes and F# implementations. The thesis investigates a formal translation from the Spi calculus to F# that is proved to preserve typability, and therefore the security properties of the original protocol are preserved.

[1]  Martín Abadi,et al.  Secrecy types for asymmetric communication , 2001, Theor. Comput. Sci..

[2]  Jean Goubault-Larrecq,et al.  Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically , 2005, J. Log. Algebraic Methods Program..

[3]  Olivier Danvy,et al.  Higher-order and symbolic computation: editorial , 2005 .

[4]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[5]  Agostino Cortesi,et al.  A calculus of challenges and responses , 2007, FMSE '07.

[6]  Gérard Boudol,et al.  Asynchrony and the Pi-calculus , 1992 .

[7]  R. Acevedo,et al.  Research report , 1967, Revista odontologica de Puerto Rico.

[8]  Alex Busenius Expi 2 Java – An Extensible Code Generator for Security Protocols submitted by Alex Busenius on October 28 , 2008 , 2008 .

[9]  Michael Backes,et al.  Type-checking zero-knowledge , 2008, CCS.

[10]  Murray Hill,et al.  Yacc: Yet Another Compiler-Compiler , 1978 .

[11]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[12]  M. Felleisen,et al.  Reasoning about programs in continuation-passing style , 1993 .

[13]  Alfredo Pironti,et al.  An Experiment in Interoperable Cryptographic Protocol Implementation Using Automatic Code Generation , 2007, 2007 12th IEEE Symposium on Computers and Communications.

[14]  Luca Durante,et al.  Spi2Java: automatic cryptographic protocol Java code generation from spi calculus , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[15]  Andre Scedrov,et al.  Formal analysis of Kerberos 5 , 2006, Theor. Comput. Sci..

[16]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[17]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[18]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[19]  Jin-Young Choi,et al.  Automatic generation of the C# code for security protocols verified with Casper/FDR , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[20]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[21]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[22]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[23]  Michele Bugliesi,et al.  Dynamic types for authentication , 2007, J. Comput. Secur..

[24]  Andrew D. Gordon,et al.  A Type Discipline for Authorization in Distributed Systems , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[25]  Robert D. Tennent,et al.  Semantics of programming languages , 1991, Prentice Hall International Series in Computer Science.