This project aims to develop a push-button, industrial-strength technology for the analysis of large-scale Internet security-sensitive protocols and applications. This technology will speed the development of the next generation of network protocols, improve their security, and therefore increase the public acceptance of advanced, distributed IT applications based on them. We will achieve this by advancing specification and deduction technology to the point where industry protocols can be specified and automatically analysed. This technology will be integrated into a robust automated tool, tuned on practical, large-scale problems, and migrated to standardization bodies, whose protocol designers are in dire need of such tools.
This project aims to develop techniques and tools for the analysis of security-sensitive protocols, required to support the next generation of distributed, Internet applications. The main objectives are five fold. First, to develop a rich specification language for formalizing protocols, security goals, and threat models of industrial complexity. Second, to advance the state-of-the-art in automated deduction techniques to scale up to this complexity. Third, to build a tool based on these techniques that will allow industry and standardization organizations to automatically validate or detect errors in their products. Fourth, to tune this tool and demonstrate proof-of-concept on a large collection of practically relevant, industrial protocols. And finally, to begin the migration of this technology into industry standardization organizations such as the IETF so that both the scientific and the industrial community can benefit from the advances achieved by this project.
DESCRIPTION OF WORK
The work will be carried out by accomplishing the following tasks: - We will design a high-level language for specifying Internet security protocols, and implement a translator from protocol descriptions to a declarative format amenable to formal analysis. The language will support the description of Internet protocol suites, security goals, and assumptions about the environment; - We will develop a technology for automated protocol error detection based on three automated deduction techniques operating on the translator's output. The first technique, on-the-fly model-checking, uses lazy data-types and specialized algorithms that can automatically handle infinite state spaces; it will be backed up by powerful search heuristics. The second technique, theorem-proving with constraints, provides an efficient way of representing an infinite state-space using a constraint store, and supports the specification of built-in theories for cryptographic operators. The third technique employs model-checking methods based on propositional satisfiability checking that efficiently find errors in protocols by reducing an approximation of the problem to a propositional satisfiability problem. Although each technique can work independently, they will be integrated into a single analysis tool, AVISPA, where they will interact and benefit from each other's strengths; - To verify protocols we will develop techniques for infinite-state verification, like use of abstractions and infinite-state symbolic model-checking, and integrate them in our tool. To avoid combinatorial blow-up in search, for both verification and falsification, we shall exploit the fact that Internet protocols are often built, compositionally from subprotocols and we will develop compositional reasoning techniques; - A set of representative security problems drawn from IETF drafts will be selected and used to thoroughly evaluate the AVISPA tool according to well-defined and measurable criteria.
Funding SchemeCSC - Cost-sharing contracts
78153 Le Chesnay