Abstract
We show how to combine trust management theories with nonce-based cryptographic protocols. The strand space framework for protocol analysis is extended by associating formulas from a trust management logic with the transmit and receive actions of the protocol principals. The formula on a transmission is a guarantee; the sender must ensure that this formula is true before sending the message. The formula on a receive event is an assumption that the recipient may rely on in deducing future guarantee formulas. The strand space framework allows us to prove that a protocol is sound, in the sense that when a principal relies on a formula, another principal has previously guaranteed it. We explain the ideas in reference to a simple new electronic commerce protocol, in which a customer obtains a money order from a bank to pay a merchant to ship some goods.
Supported by the MITRE-Sponsored Research Program.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. In: Proceedings of 1994 IEEE Symposium on Research in Security and Privacy, pp. 122–136. IEEE Computer Society Press, Los Alamitos (1994)
Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: 6th ACM Conference on Computer and Communications Security (November 1999)
Aristotle: Nicomachean Ethics. Oxford University Press, Oxford (1953)
Balacheff, B., Chen, L., Pearson, S. (eds.), Plaquin, D., Proudler, G.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2003)
Blaze, M., Feigenbaum, J., Lacy, J.: Distributed trust management. In: Proceedings of 1996 IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proceedings of the Royal Society, Series A 426(1871), 233–271 (1989); Also appeared as SRC Research Report 39 and, in a shortened form, in ACM Transactions on Computer Systems 8, 1, 18–36 (February 1990)
Carbone, M., Nielsen, M., Sassone, V.: A formal model for trust in dynamic networks. In: Cerone, A. (ed.) International Conference on Software Engineering and Formal Methods, September 2003. IEEE CS Press, Los Alamitos (2003)
Durgin, N., Mitchell, J., Pavlovic, D.: A compositional logic for proving security properties of protocols. Journal of Computer Security 11(4), 677–721 (2003)
Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning about Knowledge. MIT Press, Cambridge (1995)
Guttman, J.D.: Authentication tests and disjoint encryption: a method for security protocol design. Journal of Computer Security (2004) (forthcoming)
Guttman, J.D., Javier Thayer, F.: Protocol independence through disjoint encryption. In: Proceedings of 13th Computer Security Foundations Workshop, July 2000, IEEE Computer Society Press, Los Alamitos (2000)
Guttman, J.D., Javier Thayer, F.: Authentication tests and the structure of bundles. Theoretical Computer Science 283(2), 333–380 (2002)
Guttman, J.D., Javier Thayer, F., Zuck, L.D.: The faithfulness of abstract protocol analysis: Message authentication. Journal of Computer Security (2004) (forthcoming)
Halpern, J.Y., Pucella, R.: On the relationship between strand spaces and multi-agent systems. ACM Transactions on Information and System Security 6(1), 43–70 (2003)
Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. In: Proceedings of 13th Computer Security Foundations Workshop, July 2000. IEEE Computer Society Press, Los Alamitos (2000)
Herzog, J., Sniffen, B., Carlson, J., Guttman, J.D., Ramsdell, J.D.: Trust management with cryptographic hardware assistance. MTR 03B0082, The MITRE Corp., Bedford, MA (September 2003)
Jones, C.B.: Tentative steps toward a development method for interfering programs. ACM Transactions on Programming Languages and Systems (1983)
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of 2002 IEEE Symposium on Security and Privacy, May 2002, pp. 114–130. IEEE CS Press, Los Alamitos (2002)
Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond proof-ofcompliance: Safety and availability analysis on trust management. In: Proceedings of 2003 IEEE Symposium on Security and Privacy, May 2003. IEEE CS Press, Los Alamitos (2003)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12) (1978)
Perrig, A., Song, D.X.: Looking for diamonds in the desert: Extending automatic protocol generation to three-party authentication and key agreement protocols. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop, July 2000. IEEE Computer Society Press, Los Alamitos (2000)
Fábrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(2/3), 191–230 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guttman, J.D., Thayer, F.J., Carlson, J.A., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T. (2004). Trust Management in Strand Spaces: A Rely-Guarantee Method. In: Schmidt, D. (eds) Programming Languages and Systems. ESOP 2004. Lecture Notes in Computer Science, vol 2986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24725-8_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-24725-8_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21313-0
Online ISBN: 978-3-540-24725-8
eBook Packages: Springer Book Archive