Verifying a delegation protocol for grid systems

Authors:
Benjamin Aziz;Geoff Hamilton
Affiliations:
School of Computing, University of Portsmouth, Portsmouth, UK;School of Computing, Dublin City University, Dublin, Ireland
Venue:
Future Generation Computer Systems
Year:
2011

Citing 10
Cited 3

A calculus for cryptographic protocols: the spi calculus

Proceedings of the 4th ACM conference on Computer and communications security
Mobile values, new names, and secure communication

POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proxy signatures, Revisited

ICICS '97 Proceedings of the First International Conference on Information and Communication Security
The Dolev-Yaho Intruder is the Most Powerful Attacker

LICS '01 Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science
Provably secure delegation-by-certification proxy signature schemes

InfoSecu '04 Proceedings of the 3rd international conference on Information security
On the security of public key protocols

SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Detecting Man-in-the-Middle Attacks by Precise Timing

SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
DToken: A Lightweight and Traceable Delegation Architecture for Distributed Systems

SRDS '09 Proceedings of the 2009 28th IEEE International Symposium on Reliable Distributed Systems
DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers

POLICY '10 Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks
A Delegation Solution for Universal Identity Management in SOA

IEEE Transactions on Services Computing

Correcting a delegation protocol for grids

TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Application of formal analysis to enhancing trust in a complex grid-based operating system

Proceedings of the 3rd international ACM SIGSOFT symposium on Architecting Critical Systems
Model checking grid security

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we design a non-uniform static analysis for formally verifying a protocol used in large-scale Grid systems for achieving delegations from users to critical system services. The analysis reveals a few shortcomings in the protocol, such as the lack of token integrity and the possibility of repudiating a delegation session. It also reveals the vulnerability of non-deterministic delegation chains that was detected as a result of adopting a more precise analysis, which allows for more participants in the protocol than the original protocol designers envisaged.