Reliable evidence: auditability by typing

Authors:
Nataliya Guts;Cédric Fournet;Francesco Zappa Nardelli
Affiliations:
MSR-INRIA Joint Centre;Microsoft Research and MSR-INRIA Joint Centre;INRIA and MSR-INRIA Joint Centre
Venue:
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Year:
2009

Citing 10
Cited 7

Secrecy by typing in security protocols

Journal of the ACM (JACM)
Audit-based compliance control

International Journal of Information Security
A posteriori compliance control

Proceedings of the 12th ACM symposium on Access control models and technologies
A Type Discipline for Authorization in Distributed Systems

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Introducing secure provenance: problems and challenges

Proceedings of the 2007 ACM workshop on Storage security and survivability
Refinement Types for Secure Implementations

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Evidence-Based Audit

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
AURA: a programming language for authorization and audit

Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
A formal implementation of value commitment

ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
An intensive survey of fair non-repudiation protocols

Computer Communications

Accountability: definition and relationship to verifiability

Proceedings of the 17th ACM conference on Computer and communications security
Refinement types for secure implementations

ACM Transactions on Programming Languages and Systems (TOPLAS)
Typechecking higher-order security libraries

APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Cryptographic verification by typing for a sample protocol implementation

Foundations of security analysis and design VI
Secure distributed programming with value-dependent types

Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
A core calculus for provenance

POST'12 Proceedings of the First international conference on Principles of Security and Trust
A core calculus for provenance

Journal of Computer Security - Security and Trust Principles

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many protocols rely on audit trails to allow an impartial judge to verify a posteriori some property of a protocol run. However, in current practice the choice of what data to log is left to the programmer's intuition, and there is no guarantee that it constitutes enough evidence. We give a precise definition of auditability and we show how typechecking can be used to statically verify that a protocol always logs enough evidence. We apply our approach to several examples, including a full-scale auction-like protocol programmed in ML.