Home > Research > Publications & Outputs > Layered Symbolic Security Analysis in DY*

Links

Text available via DOI:

View graph of relations

Layered Symbolic Security Analysis in DY*

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
  • Karthikeyan Bhargavan
  • Abhishek Bichhawat
  • Pedram Hosseyni
  • Ralf Küsters
  • Klaas Pruiksma
  • Guido Schmitz
  • Clara Waldmann
  • Tim Würtele
Close
Publication date12/01/2024
Host publicationComputer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings
EditorsGene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis
Pages3-21
Number of pages19
<mark>Original language</mark>English

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14346 LNCS
ISSN (Print)0302-9743
ISSN (electronic)1611-3349

Abstract

While cryptographic protocols are often analyzed in isolation, they are typically deployed within a stack of protocols, where each layer relies on the security guarantees provided by the protocol layer below it, and in turn provides its own security functionality to the layer above. Formally analyzing the whole stack in one go is infeasible even for semi-automated verification tools, and impossible for pen-and-paper proofs. The DY protocol verification framework offers a modular and scalable technique that can reason about large protocols, specified as a set of F modules. However, it does not support the compositional verification of layered protocols since it treats the global security invariants monolithically. In this paper, we extend DY with a new methodology that allows analysts to modularly analyze each layer in a way that compose to provide security for a protocol stack. Importantly, our technique allows a layer to be replaced by another implementation, without affecting the proofs of other layers. We demonstrate this methodology on two case studies. We also present a verified library of generic authenticated and confidential communication patterns that can be used in future protocol analyses and is of independent interest.