Evolving algebras 1993: Lipari guide
Specification and validation methods
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Template meta-programming for Haskell
Proceedings of the 2002 ACM SIGPLAN workshop on Haskell
Typing correspondence assertions for communication protocols
Theoretical Computer Science
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Theoretical Computer Science - Formal methods for components and objects
Access control in a core calculus of dependency
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
DKAL: Distributed-Knowledge Authorization Language
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
Microsoft's protocol documentation program: interoperability testing at scale
Communications of the ACM
How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
From primal infon logic with individual variables to datalog
Correct Reasoning
Hi-index | 0.00 |
Many prior trust management frameworks provide authorization logics for specifying policies based on distributed trust. However, to implement a security protocol using these frameworks, one usually resorts to a general-purpose programming language. To reason about the security of the entire system, one must study not only policies in the authorization logic, but also hard-to-analyze implementation code. This paper proposes dkal⋆, a language for constructing executable specifications of authorization protocols. Protocol and policy designers can use dkal⋆'s authorization logic for expressing distributed trust relationships, and its small rule-based programming language to describe the message sequence of a protocol. Importantly, many low-level details of the protocol (e.g., marshaling formats or management of state consistency) are left abstract in dkal⋆, but sufficient details must be provided in order for the protocol to be executable. We formalize the semantics of dkal⋆, giving it an operational semantics and a type system. We prove various properties of dkal⋆, including type soundness and a decidability property for its underlying logic. We also present an interpreter for dkal⋆, mechanically verified for correctness and security. We evaluate our work experimentally on several examples.