Tentative steps toward a development method for interfering programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Hookup Theorem for Multilevel Security
IEEE Transactions on Software Engineering
Programming language methods in computer security
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Protocol Independence through Disjoint Encryption
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
On the Composition of Secure Systems
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A modular correctness proof of IEEE 802.11i and TLS
Proceedings of the 12th ACM conference on Computer and communications security
A derivation system and compositional logic for security protocols
Journal of Computer Security
Protocol Composition Logic (PCL)
Electronic Notes in Theoretical Computer Science (ENTCS)
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Proofs of Networks of Processes
IEEE Transactions on Software Engineering
Protecting browsers from dns rebinding attacks
Proceedings of the 14th ACM conference on Computer and communications security
Portably solving file TOCTTOU races with hardness amplification
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Forcehttps: protecting high-security web sites from network attacks
Proceedings of the 17th international conference on World Wide Web
A Correctness Proof of a Mesh Security Architecture
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
A Call to Action: Look Beyond the Horizon
IEEE Security and Privacy
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Securing frame communication in browsers
SS'08 Proceedings of the 17th conference on Security symposium
Safely composing security protocols
Formal Methods in System Design
Hoare type theory, polymorphism and separation1
Journal of Functional Programming
Exploiting Unix File-System Races via Algorithmic Complexity Attacks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
A Logic of Secure Systems and its Application to Trusted Computing
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Modular verification of security protocol code by typing
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the relationship between concurrent separation logic and assume-guarantee reasoning
ESOP'07 Proceedings of the 16th European conference on Programming
A hybrid logical framework
Compositional System Security with Interface-Confined Adversaries
Electronic Notes in Theoretical Computer Science (ENTCS)
Man-in-the-middle in tunnelled authentication protocols
Proceedings of the 11th international conference on Security Protocols
Compositional System Security with Interface-Confined Adversaries
Electronic Notes in Theoretical Computer Science (ENTCS)
Hi-index | 0.00 |
This paper presents a formal framework for compositional reasoning about secure systems. A key insight is to view a trusted system in terms of the interfaces that the various components expose: larger trusted components are built by combining interface calls in known ways; the adversary is confined to the interfaces it has access to, but may combine interface calls without restriction. Compositional reasoning for such systems is based on an extension of rely-guarantee reasoning for system correctness [Misra, J. and K.M. Chandy, Proofs of networks of processes, IEEE Transactions on Software Engineering 7 (1981), pp. 417-426; Jones, C.B., Tentative steps toward a development method for interfering programs, ACM Transactions on Programming Languages and Systems (TOPLAS) 5 (1983), pp. 596-619] to a setting that involves an adversary whose exact program is not known. At a technical level, the paper presents an expressive concurrent programming language with recursive functions for modeling interfaces and a logic of programs in which compositional reasoning principles are formalized and proved sound with respect to trace semantics. The methods are illustrated through a small fragment of an idealized file system.