Affine Refinement Types for Authentication and Authorization

Refinement type systems have proved very effective for security policy verification in distributed authorization systems. In earlier work [12], we have proposed an extension of existing refinement typing techniques to exploit sub-structural logics and affine typing in the analysis of resource aware authorization, with policies predicating over access counts, usage bounds and resource consumption. In the present paper, we show that the invariants that we enforced by means of ad-hoc typing mechanisms in our initial proposal can be internalized, and expressed directly as proof obligations for the underlying affine logical system. The new characterization leads to a more general, modular design of the system, and is effective in the analysis of interesting classes of authentication protocols and authorization systems.

[1]  Andrew D. Gordon,et al.  Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, USA, 23-25 June 2008 , 2008, CSF.

[2]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[3]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[4]  Jean-Yves Girard,et al.  Linear logic: its syntax and semantics , 1995 .

[5]  Michele Bugliesi,et al.  Analysis of typed analyses of authentication protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[6]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[7]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[8]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2003 .

[9]  Riccardo Focardi,et al.  Types for Security Protocols , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[10]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[11]  David Walker,et al.  An effective theory of type refinements , 2003, ACM SIGPLAN Notices.

[12]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[13]  Bruno Blanchet,et al.  From Secrecy to Authenticity in Security Protocols , 2002, SAS.

[14]  Vincent Danos,et al.  Transactions in RCCS , 2005, CONCUR.

[15]  Andrew D. Gordon,et al.  A Type Discipline for Authorization in Distributed Systems , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[16]  Andrew D. Gordon,et al.  A Type Discipline for Authorization Policies , 2005, ESOP.

[17]  Alan Jeffrey,et al.  Timed Spi-Calculus with Types for Secrecy and Authenticity , 2005, CONCUR.

[18]  Michele Bugliesi,et al.  Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[19]  Michele Bugliesi,et al.  Dynamic types for authentication , 2007, J. Comput. Secur..

[20]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[21]  Lujo Bauer,et al.  Constraining Credential Usage in Logic-Based Access Control , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[22]  A. Troelstra Lectures on linear logic , 1992 .

[23]  Michael Backes,et al.  Type-checking zero-knowledge , 2008, CCS.

[24]  Michele Bugliesi,et al.  Compositional Analysis of Authentication Protocols , 2004, ESOP.

[25]  Benjamin C. Pierce,et al.  Linearity and the pi-calculus , 1999, TOPL.

[26]  Frank Pfenning,et al.  Refinement types for ML , 1991, PLDI '91.

[27]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.