Efficient Java Code Generation of Security Protocols Specified in AnB/AnBx

The implementation of security protocols is challenging and error-prone. A model-driven development approach allows the automatic generation of an application, from a simpler and abstract model that can be formally verified. Our AnBx compiler is a tool for automatic generation of Java code of security protocols specified in the Alice&Bob notation. In contrast with existing tools, it uses a simpler specification language and computes the consistency checks that agents have to perform on reception of messages. Moreover, the tool applies various optimization strategies to achieve efficiency both at compile and run time.

[1]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[2]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[3]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[4]  Frank Henrik Muller,et al.  Cryptographic protocol generation from capsl , 2001 .

[5]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[6]  Sebastian Mödersheim,et al.  OFMC: A Symbolic Model-Checker for Security Protocols , 2004 .

[7]  Alfredo Pironti,et al.  Formal verification of security protocol implementations: a survey , 2012, Formal Aspects of Computing.

[8]  Sebastian Mödersheim,et al.  Algebraic Properties in Alice and Bob Notation , 2009, 2009 International Conference on Availability, Reliability and Security.

[9]  Andrew Hutchison,et al.  GENERATING NETWORK SECURITY PROTOCOL IMPLEMENTATIONS FROM FORMAL SPECIFICATIONS , 2004 .

[10]  Michele Bugliesi,et al.  Security protocol specification and verification with AnBx , 2016, J. Inf. Secur. Appl..

[11]  Michael Backes,et al.  On the Development and Formalization of an Extensible Code Generator for Real Life Security Protocols , 2012, NASA Formal Methods.

[12]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[13]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[14]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[15]  Uwe Nestmann,et al.  A formal semantics for protocol narrations , 2005, Theor. Comput. Sci..

[16]  Kim G. Larsen,et al.  Memory Efficient Data Structures for Explicit Verification of Timed Systems , 2014, NASA Formal Methods.

[17]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[18]  Terence Parr A Functional Language For Generating Structured Text , 2006 .

[19]  Alfredo Pironti,et al.  The Java SPI Framework for Security Protocol Implementation , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[20]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[21]  Fabio Massacci,et al.  Verifying the SET Purchase Protocols , 2005, Journal of Automated Reasoning.

[22]  Sebastian Mödersheim,et al.  The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures , 2012, TACAS.

[23]  Paolo Modesti,et al.  Verified security protocol modeling and implementation with AnBx , 2012 .

[24]  G. Denker,et al.  CAPSL integrated protocol environment , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[25]  Alfredo Pironti,et al.  JavaSPI: A Framework for Security Protocol Implementation , 2011, Int. J. Secur. Softw. Eng..

[26]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[27]  Fabio Massacci,et al.  An overview of the verification of SET , 2005, International Journal of Information Security.

[28]  Luca Durante,et al.  Spi2Java: automatic cryptographic protocol Java code generation from spi calculus , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[29]  Erik Poll,et al.  Verifying an implementation of SSH , 2007 .

[30]  Gavin Lowe,et al.  Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security , 2010, Lecture Notes in Computer Science.

[31]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[32]  Jin-Young Choi,et al.  Automatic generation of the C# code for security protocols verified with Casper/FDR , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[33]  Michele Bugliesi,et al.  AnBx - Security Protocols Design and Verification , 2010, ARSPA-WITS.

[34]  Marco Pistoia,et al.  Enterprise Java 2 Security: Building Secure and Robust J2EE Applications , 2004 .

[35]  Dawn Xiaodong Song,et al.  AGVI - Automatic Generation, Verification, and Implementation of Security Protocols , 2001, CAV.

[36]  Mihir Bellare,et al.  iKP - A Family of Secure Electronic Payment Protocols , 1995, USENIX Workshop on Electronic Commerce.

[37]  Terence John Parr,et al.  Enforcing strict model-view separation in template engines , 2004, WWW '04.

[38]  Peri L. Tarr,et al.  Model-driven development : The good , the bad , and the ugly & , 2006 .