Hostname: page-component-78c5997874-lj6df Total loading time: 0 Render date: 2024-11-19T16:31:44.316Z Has data issue: false hasContentIssue false
  • English
  • Français

Channel abstractions for network security

Published online by Cambridge University Press:  26 February 2010

MICHELE BUGLIESI  and
RICCARDO FOCARDI
MICHELE BUGLIESI
Affiliation:
Dipartimento di Informatica, Università Ca' Foscari Venezia, Via Torino 155, 30172 Venezia-Mestre, Italy Email: [email protected]; [email protected]
RICCARDO FOCARDI
Affiliation:
Dipartimento di Informatica, Università Ca' Foscari Venezia, Via Torino 155, 30172 Venezia-Mestre, Italy Email: [email protected]; [email protected]
Get access Rights & Permissions [Opens in a new window]

Abstract

Process algebraic techniques for distributed systems are increasingly being targeted at identifying abstractions that are adequate for both high-level programming and specification and security analysis and verification. Drawing on our earlier work in Bugliesi and Focardi, (2008), we investigate the expressive power of a core set of security and network abstractions that provide high-level primitives for specifying the honest principals in a network, while at the same time enabling an analysis of the network-level adversarial attacks that may be mounted by an intruder.

We analyse various bisimulation equivalences for security that arise from endowing the intruder with:

  1. (i) different adversarial capabilities; and

  2. (ii) increasingly powerful control over the interaction among the distributed principals of a network.

By comparing the relative strength of the bisimulation equivalences, we obtain a direct measure of the intruder's discriminating power, and hence of the expressiveness of the corresponding intruder model.

Type
Paper
Information
Mathematical Structures in Computer Science , Volume 20 , Special Issue 1: Expressiveness in Concurrency 2008 , February 2010 , pp. 3 - 44
Copyright
Copyright © Cambridge University Press 2010

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Abadi, M. (1998) Protection in programming-language translations. In: Larsen, K. G., Skyum, S. and Winskel, G. (eds.) ICALP. Springer-Verlag Lecture Notes in Computer Science 1443 868–883.CrossRefGoogle Scholar
Abadi, M. and Fournet, C. (2001) Mobile values, new names, and secure communication. In: POPL 2001: The 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, London 104–115.CrossRefGoogle Scholar
Abadi, M. and Fournet, C. (2004) Private authentication. Theor. Comput. Sci. 322 (3)427476.CrossRefGoogle Scholar
Abadi, M., Fournet, C. and Gonthier, G. (2000) Authentication primitives and their compilation. In: POPL 2000, Proceedings of the 27th ACM SIGPLAN-SIGACT on Principles of Programming Languages, 19-21 January 2000, Boston, Massachusetts 302–315.CrossRefGoogle Scholar
Abadi, M., Fournet, C. and Gonthier, G. (2002) Secure implementation of channel abstractions. Inf. Comput. 174 (1)3783.CrossRefGoogle Scholar
Abadi, M. and Gordon, A. D. (1999) A calculus for cryptographic protocols: The spi calculus. Inf. Comput. 148 (1)170.CrossRefGoogle Scholar
Adão, P. and Fournet, C. (2006) Cryptographically sound implementations for communicating processes. In: Bugliesi, M., Preneel, B., Sassone, V. and Wegener, I. (eds.) ICALP (2). Springer-Verlag Lecture Notes in Computer Science 4052 83–94.CrossRefGoogle Scholar
Bugliesi, M. and Focardi, R. (2008) Language based secure communication. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, 23-25 June 2008, IEEE Computer Society 316.Google Scholar
Bugliesi, M. and Focardi, R. (2009) Security abstractions and intruder models. In: Proceedings of the 15th Workshop on Expressiveness in Concurrency (EXPRESS 2008). Electronic Notes in Theoretical Computer Science 242 99112.CrossRefGoogle Scholar
Corin, R., Deniélou, P.-M., Fournet, C., Bhargavan, K. and Leifer, J. J. (2007) Secure implementations for typed session abstractions. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, 6-8 July 2007, Venice, Italy, IEEE Computer Society 170186.Google Scholar
Fournet, C. and Rezk, T. (2008) Cryptographically sound implementations for typed information-flow security. In: Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008, San Francisco, California 323–335.CrossRefGoogle Scholar
Honda, K. and Yoshida, N. (1995) On reduction-based process semantics. Theor. Comput. Sci. 151 (2)437486.CrossRefGoogle Scholar
Laud, P. (2005) Secrecy types for a simulatable cryptographic library. In Atluri, V., Meadows, C. and Juels, A. (eds.) ACM Conference on Computer and Communications Security, ACM 2635.Google Scholar
Merro, M. and Sangiorgi, D. (1998) On asynchrony in name-passing calculi. In: Proceedings of ICALP 98. Springer-Verlag Lecture Notes in Computer Science 1443.CrossRefGoogle Scholar
Merro, M. and Sangiorgi, D. (2004) On asynchrony in name-passing calculi. Mathematical Structures in Computer Science 14 (5)715767.CrossRefGoogle Scholar
Milner, R., Parrow, J. and Walker, D. (1992) A calculus of mobile processes, Parts I and II. Information and Computation 100 177.CrossRefGoogle Scholar