Performing Security Proofs of Stateful Protocols

Andreas V. Hess; Sebastian Mödersheim; Achim D. Brucker; Anders Schlichtkrull

doi:10.1109/CSF51468.2021.00006

Performing Security Proofs of Stateful Protocols

Andreas V. Hess, Sebastian Mödersheim, Achim D. Brucker, Anders Schlichtkrull

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

1 Citation (Scopus)

24 Downloads (Pure)

Abstract

In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. The latter provide overwhelmingly high assurance of the correctness, which automated methods often cannot: due to their complexity, bugs in such automated verification tools are likely and thus the risk of erroneously verifying a flawed protocol is non-negligible. There are a few works that try to combine advantages from both ends of the spectrum: a high degree of automation and assurance. We present here a first step towards achieving this for a more challenging class of protocols, namely those that work with a mutable long-term state. To our knowledge this is the first approach that achieves fully automated verification of stateful protocols in an LCF-style theorem prover. The approach also includes a simple user-friendly transaction-based protocol specification language embedded into Isabelle, and can also leverage a number of existing results such as soundness of a typed model

Original language	English
Title of host publication	2021 IEEE 34th Computer Security Foundations Symposium (CSF)
Number of pages	16
Publisher	IEEE
Publication date	2021
Pages	1-16
Article number	9505200
ISBN (Print)	978-1-7281-7608-6
ISBN (Electronic)	978-1-7281-7607-9
DOIs	https://doi.org/10.1109/CSF51468.2021.00006
Publication status	Published - 2021
Event	2021 IEEE 34th Computer Security Foundations Symposium (CSF) - Duration: 21 Jun 2021 → 25 Jun 2021

Conference

Conference	2021 IEEE 34th Computer Security Foundations Symposium (CSF)
Period	21/06/2021 → 25/06/2021

Series	Proceedings of the IEEE Computer Security Foundations Symposium
ISSN	1940-1434

Access to Document

10.1109/CSF51468.2021.00006

Accepted author manuscriptAccepted author manuscript, 1.45 MB

Cite this

@inproceedings{f4f8791ff0804e3083cdc69a214f8926,

title = "Performing Security Proofs of Stateful Protocols",

abstract = "In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. The latter provide overwhelmingly high assurance of the correctness, which automated methods often cannot: due to their complexity, bugs in such automated verification tools are likely and thus the risk of erroneously verifying a flawed protocol is non-negligible. There are a few works that try to combine advantages from both ends of the spectrum: a high degree of automation and assurance. We present here a first step towards achieving this for a more challenging class of protocols, namely those that work with a mutable long-term state. To our knowledge this is the first approach that achieves fully automated verification of stateful protocols in an LCF-style theorem prover. The approach also includes a simple user-friendly transaction-based protocol specification language embedded into Isabelle, and can also leverage a number of existing results such as soundness of a typed model",

author = "Hess, {Andreas V.} and Sebastian M{\"o}dersheim and Brucker, {Achim D.} and Anders Schlichtkrull",

year = "2021",

doi = "10.1109/CSF51468.2021.00006",

language = "English",

isbn = "978-1-7281-7608-6",

series = "Proceedings of the IEEE Computer Security Foundations Symposium",

publisher = "IEEE",

pages = "1--16",

booktitle = "2021 IEEE 34th Computer Security Foundations Symposium (CSF)",

address = "United States",

note = "null ; Conference date: 21-06-2021 Through 25-06-2021",

}

Hess, AV, Mödersheim, S, Brucker, AD & Schlichtkrull, A 2021, Performing Security Proofs of Stateful Protocols. in 2021 IEEE 34th Computer Security Foundations Symposium (CSF)., 9505200, IEEE, Proceedings of the IEEE Computer Security Foundations Symposium, pp. 1-16, 2021 IEEE 34th Computer Security Foundations Symposium (CSF), 21/06/2021. https://doi.org/10.1109/CSF51468.2021.00006

Performing Security Proofs of Stateful Protocols. / Hess, Andreas V.; Mödersheim, Sebastian; Brucker, Achim D. et al.

2021 IEEE 34th Computer Security Foundations Symposium (CSF). IEEE, 2021. p. 1-16 9505200 (Proceedings of the IEEE Computer Security Foundations Symposium).

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

TY - GEN

T1 - Performing Security Proofs of Stateful Protocols

AU - Hess, Andreas V.

AU - Mödersheim, Sebastian

AU - Brucker, Achim D.

AU - Schlichtkrull, Anders

PY - 2021

Y1 - 2021

N2 - In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. The latter provide overwhelmingly high assurance of the correctness, which automated methods often cannot: due to their complexity, bugs in such automated verification tools are likely and thus the risk of erroneously verifying a flawed protocol is non-negligible. There are a few works that try to combine advantages from both ends of the spectrum: a high degree of automation and assurance. We present here a first step towards achieving this for a more challenging class of protocols, namely those that work with a mutable long-term state. To our knowledge this is the first approach that achieves fully automated verification of stateful protocols in an LCF-style theorem prover. The approach also includes a simple user-friendly transaction-based protocol specification language embedded into Isabelle, and can also leverage a number of existing results such as soundness of a typed model

AB - In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. The latter provide overwhelmingly high assurance of the correctness, which automated methods often cannot: due to their complexity, bugs in such automated verification tools are likely and thus the risk of erroneously verifying a flawed protocol is non-negligible. There are a few works that try to combine advantages from both ends of the spectrum: a high degree of automation and assurance. We present here a first step towards achieving this for a more challenging class of protocols, namely those that work with a mutable long-term state. To our knowledge this is the first approach that achieves fully automated verification of stateful protocols in an LCF-style theorem prover. The approach also includes a simple user-friendly transaction-based protocol specification language embedded into Isabelle, and can also leverage a number of existing results such as soundness of a typed model

UR - https://dblp.org/rec/conf/csfw/HessMBS21

U2 - 10.1109/CSF51468.2021.00006

DO - 10.1109/CSF51468.2021.00006

M3 - Article in proceeding

SN - 978-1-7281-7608-6

T3 - Proceedings of the IEEE Computer Security Foundations Symposium

SP - 1

EP - 16

BT - 2021 IEEE 34th Computer Security Foundations Symposium (CSF)

PB - IEEE

Y2 - 21 June 2021 through 25 June 2021

ER -

Performing Security Proofs of Stateful Protocols

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this