Skip to main content
SpringerLink
Log in

A Type and Effect Analysis of Security Protocols

  • Conference paper
  • First Online:
Static Analysis (SAS 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2126))

Included in the following conference series:

Abstract

We propose a new method to check authenticity properties of cryptographic protocols. First, code up the protocol in the spi-calculus of Abadi and Gordon. Second, specify authenticity properties by annotating the code with correspondence assertions in the style of Woo and Lam. Third, figure out types for the keys, nonces, and messages of the protocol. Fourth, check that the spi-calculus code is well-typed according to a novel type and effect system. Our main theorem guarantees that any well-typed protocol is robustly safe, that is, its correspondence assertions are true in the presence of any opponent expressible in spi. It is feasible to apply this method by hand to several well-known cryptographic protocols. It requires little human effort per protocol, puts no bound on the size of the opponent, and requires no state space enumeration. Moreover, the types for protocol data provide some intuitive explanation of how the protocol works. Our method has led us to the independent rediscovery of flaws in existing protocols and to the design of improved protocols. My talk will describe our method and give some simple examples. Papers describing the method in detail appear elsewhere [1,2].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. A.D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In 14th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 2001. To appear.

    Google Scholar 

  2. A.D. Gordon and A. Jeffrey. Typing correspondence assertions for communication protocols. In Mathematical Foundations of Programming Semantics 17, Electronic Notes in Theoretical Computer Science. Elsevier, 2001. To appear.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, USA

    Andrew D. Gordon

  2. DePaul University, USA

    Alan Jeffrey

Authors
  1. Andrew D. Gordon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alan Jeffrey
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département d’Informatique, École Normale Supérieure, 45 rue d’Ulm, 75230, Paris Cedex 05, France

    Patrick Cousot

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gordon, A.D., Jeffrey, A. (2001). A Type and Effect Analysis of Security Protocols. In: Cousot, P. (eds) Static Analysis. SAS 2001. Lecture Notes in Computer Science, vol 2126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47764-0_26

Download citation

  • DOI: https://doi.org/10.1007/3-540-47764-0_26

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42314-0

  • Online ISBN: 978-3-540-47764-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation