Formal specification and analysis of security protocols
暂无分享,去创建一个
Security is becoming an increasingly important issue in computing, due to the incredible expansion of concurrent and distributed systems such as databases, world wide web, e-commerce, etc. In this context, information must be protected against mystification, destruction and disclosure. Accordingly, there is widespread interest in the development and the use of security protocols. The major objective of these protocols is to ensure critical security requirements such as authentication, confidentiality, integrity of the data, non-repudiation, anonymity, atomicity of goods and money, etc. The design of security protocols is difficult and extremely complicated. Indeed, if a protocol is not designed carefully enough, it may contain flaws, which can be the ideal starting point for various attacks. It is not surprising, then, that there have been several examples of security protocols that were published, believed to be sound, and later shown to have security flaws. The informal design of security protocols is now widely recognized to be error-prone. Instead, formal methods are better suited for the correct design and automatic validation of such protocols. Our thesis has been elaborated in this optic with the following contributions: (1) The proposition of a taxonomy of formal methods used to the specification and the verification of security protocols. (2) The proposition of a dedicated formal calculus endowed with a categorical game semantics for the specification of security protocols. (3) The proposition of a new dynamic, linear and modal logic dedicated to the specification of security protocol properties and e-commerce properties. (4) The proposition of a tableau-based proof system for our logic that allows an efficient local model checking. (5) The proposition of a new method based on abstract interpretation technique that allows full automatic protocol correction with respect to secrecy properties.