Service Communautaire d'Information sur la Recherche et le Développement - CORDIS

Specification languages for large scale security protocols

In the AVISPA project, we have designed the High-Level Protocol Specification Language (HLPSL), with the objective to get a language that is both sufficiently high-level to be accessible to engineers and protocol designers of standardisation bodies (themselves not necessarily experts in the area of formal methods) and also expressive enough to specify modern Internet protocols.

It has a formal semantics based on Lamport's Temporal Logic of Actions (TLA) that makes it easily translatable into a declarative lower-level term rewriting based language (the Intermediate Format, IF), well-suited to automated analysis tools. HLPSL thus enjoys significant generality, as other tools can easily be made to employ HLPSL by simply adapting them to accept IF specifications as input. HLPSL is modular and allows for the specification of complex control-flow patterns, data-structures, and different intruder models. Using a formal language with a temporal logic semantics to formalise security properties gives us great generality and expressiveness.

Finally, HLPSL is not restricted to logicians, but it is particularly suited for engineers and protocols designers. Indeed, HLPSL has been devised as part of the AVISPA project, with the aim to develop push-button, industrial-strength technology supported by expressive specification languages like HLPSL for the analysis of large-scale Internet security-sensitive protocols and applications. In this context, HLPSL is a good candidate for being use with public domain tools based on formal methods in the design phase at the IETF and other standardisation bodies to hopefully accelerate the standardisation of security protocols and improve their correctness.

In more detail, the AVISPA tool takes as input a HLPSL specification that is automatically translated into a corresponding IF specification. The IF is a tool-independent, low-level protocol specification language that supports the specification of sophisticated typed protocol models and that is suitable for automated deduction. IF specifications are then analysed by invoking state-of-the-art back-ends (currently CL-AtSe, OFMC, SATMC and TA4SP are supported) which returns attacks (if any) to the user in an intuitive and readable output format.

The decision to base HLPSL on TLA affords us a "best of both worlds" situation in which we can take advantage of an existing language with a rich semantics while also augmenting it with constructs specific to protocol modelling that make it a convenient language in practice.

The HLPSL language has already proven itself to be an effective language for modelling security protocols: many protocols of varying levels of complexity from the simple NSPK example to more complex industrial-scale protocols such as IKE and TLS have already been formalised in HLPSL. Features like modularity, control flow patterns, the specification of alternative intruder models, and the generality of temporal-logic based goals give the protocol specifier great flexibility both to construct faithful models and to experiment with different assumptions about the environment in which the protocol should be executed.

In our experience, we have found that HLPSL is powerful yet readable and intuitive to work with. The fact that users from varied backgrounds, including students, have found HLPSL easy to use testifies to the language s accessibility, which was one of our primary design objectives from the outset.

Informations connexes

Reported by

Institut National de Recherche en Informatique et en Automatique
615 rue du Jardin Botanique BP 105
54602 Villers les Nancy, Cedex
See on map