Secure Enforcement for Global Process Specifications

  • Authors:

  • Jérémy Planul;Ricardo Corin;Cédric Fournet

  • Affiliations:

  • MSR-INRIA,;MSR-INRIA,;MSR-INRIA, and Microsoft Research,

  • Venue:
  • CONCUR 2009 Proceedings of the 20th International Conference on Concurrency Theory
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Distributed applications may be specified as parallel compositions of processes that summarize their global interactions and hide local implementation details. These processes define a fixed protocol (also known as a contract, or a session) which may be used for instance to compile or verify code for these applications. Security is a concern when the runtime environment for these applications is not fully trusted. Then, parts of their implementation may run on remote, corrupted machines, which do not comply with the global process specification. To mitigate this concern, one may write defensive implementations that monitor the application run and perform cryptographic checks. However, hand crafting such implementations is ad hoc and error-prone. We develop a theory of secure implementations for process specifications. We propose a generic defensive implementation scheme, relying on history-tracking mechanisms, and we identify sufficient conditions on processes, expressed as a new type system, that ensure that our implementation is secure for all integrity properties. We illustrate our approach on a series of examples and special cases, including an existing implementation for sequential multiparty sessions.