Security Abstractions and Intruder Models (Extended Abstract)

Process algebraic specifications of distributed systems are increasingly being targeted at identifying security primitives well-suited as high-level programming abstractions, and at the same time adequate for security analysis and verification. Drawing on our earlier work along these lines [Bugliesi, M. and R. Focardi, Language based secure communication, in: Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, 23-25 June 2008 (2008), pp. 3-16], we investigate the expressive power of a core set of security and network abstractions that provide high-level primitives for the specifications of the honest principals in a network as well as the lower-level adversarial primitives that must be assumed available to an attacker. We analyze various bisimulation equivalences for security, arising from endowing the intruder with (i) different adversarial capabilities and (ii) increasingly powerful control on the interaction among the distributed principals of a network. By comparing the relative strength of the bimimulation equivalences we obtain a direct measure of the discriminating power of the intruders, hence of the expressiveness of the corresponding models.

[1]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[2]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[3]  Cédric Fournet,et al.  Cryptographically Sound Implementations for Communicating Processes , 2006, ICALP.

[4]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[5]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[6]  Nobuko Yoshida,et al.  On Reduction-Based Process Semantics , 1995, Theor. Comput. Sci..

[7]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[8]  Martín Abadi,et al.  Private authentication , 2004, Theor. Comput. Sci..

[9]  Cédric Fournet,et al.  Cryptographically sound implementations for typed information-flow security , 2008, POPL '08.

[10]  Davide Sangiorgi,et al.  On asynchrony in name-passing calculi , 1998, Mathematical Structures in Computer Science.

[11]  Cédric Fournet,et al.  Secure Implementations for Typed Session Abstractions , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[12]  Michele Bugliesi,et al.  Language Based Secure Communication , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[13]  Peeter Laud,et al.  Secrecy types for a simulatable cryptographic library , 2005, CCS '05.