Automated Validation of Internet Security Protocols and Applications

Ziel

This project aims to develop a push-button, industrial-strength technology for the analysis of large-scale Internet security-sensitive protocols and applications. This technology will speed the development of the next generation of network protocols, improve their security, and therefore increase the public acceptance of advanced, distributed IT applications based on them. We will achieve this by advancing specification and deduction technology to the point where industry protocols can be specified and automatically analysed. This technology will be integrated into a robust automated tool, tuned on practical, large-scale problems, and migrated to standardization bodies, whose protocol designers are in dire need of such tools.

OBJECTIVES
This project aims to develop techniques and tools for the analysis of security-sensitive protocols, required to support the next generation of distributed, Internet applications. The main objectives are five fold. First, to develop a rich specification language for formalizing protocols, security goals, and threat models of industrial complexity. Second, to advance the state-of-the-art in automated deduction techniques to scale up to this complexity. Third, to build a tool based on these techniques that will allow industry and standardization organizations to automatically validate or detect errors in their products. Fourth, to tune this tool and demonstrate proof-of-concept on a large collection of practically relevant, industrial protocols. And finally, to begin the migration of this technology into industry standardization organizations such as the IETF so that both the scientific and the industrial community can benefit from the advances achieved by this project.

DESCRIPTION OF WORK
The work will be carried out by accomplishing the following tasks: - We will design a high-level language for specifying Internet security protocols, and implement a translator from protocol descriptions to a declarative format amenable to formal analysis. The language will support the description of Internet protocol suites, security goals, and assumptions about the environment; - We will develop a technology for automated protocol error detection based on three automated deduction techniques operating on the translator's output. The first technique, on-the-fly model-checking, uses lazy data-types and specialized algorithms that can automatically handle infinite state spaces; it will be backed up by powerful search heuristics. The second technique, theorem-proving with constraints, provides an efficient way of representing an infinite state-space using a constraint store, and supports the specification of built-in theories for cryptographic operators. The third technique employs model-checking methods based on propositional satisfiability checking that efficiently find errors in protocols by reducing an approximation of the problem to a propositional satisfiability problem. Although each technique can work independently, they will be integrated into a single analysis tool, AVISPA, where they will interact and benefit from each other's strengths; - To verify protocols we will develop techniques for infinite-state verification, like use of abstractions and infinite-state symbolic model-checking, and integrate them in our tool. To avoid combinatorial blow-up in search, for both verification and falsification, we shall exploit the fact that Internet protocols are often built, compositionally from subprotocols and we will develop compositional reasoning techniques; - A set of representative security problems drawn from IETF drafts will be selected and used to thoroughly evaluate the AVISPA tool according to well-defined and measurable criteria.

MILESTONES

Wissenschaftliches Gebiet (EuroSciVoc)

CORDIS klassifiziert Projekte mit EuroSciVoc, einer mehrsprachigen Taxonomie der Wissenschaftsbereiche, durch einen halbautomatischen Prozess, der auf Verfahren der Verarbeitung natürlicher Sprache beruht. Siehe: Das European Science Vocabulary.

• Naturwissenschaften Informatik und Informationswissenschaften Internet Internetprotokoll
• Naturwissenschaften Informatik und Informationswissenschaften künstliche Intelligenz heuristische Programmierung

Programm/Programme

Mehrjährige Finanzierungsprogramme, in denen die Prioritäten der EU für Forschung und Innovation festgelegt sind.

• FP5-IST - Programme for research, technological development and demonstration on a "User-friendly information society, 1998-2002"

Thema/Themen

Aufforderungen zur Einreichung von Vorschlägen sind nach Themen gegliedert. Ein Thema definiert einen bestimmten Bereich oder ein Gebiet, zu dem Vorschläge eingereicht werden können. Die Beschreibung eines Themas umfasst seinen spezifischen Umfang und die erwarteten Auswirkungen des finanzierten Projekts.

• 1.1.2.-6.1.1 - FET O: Open domain

Aufforderung zur Vorschlagseinreichung

Verfahren zur Aufforderung zur Einreichung von Projektvorschlägen mit dem Ziel, eine EU-Finanzierung zu erhalten.

Finanzierungsplan

Finanzierungsregelung (oder „Art der Maßnahme“) innerhalb eines Programms mit gemeinsamen Merkmalen. Sieht folgendes vor: den Umfang der finanzierten Maßnahmen, den Erstattungssatz, spezifische Bewertungskriterien für die Finanzierung und die Verwendung vereinfachter Kostenformen wie Pauschalbeträge.

CSC - Cost-sharing contracts

Koordinator

Beteiligte (3)