poster

POSTER: Dynamic Labelling for Analyzing Security Protocols

Authors:

N.V. Narendra Kumar,

R.K. ShyamasundarAuthors Info & Claims

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Pages 1665 - 1667

https://doi.org/10.1145/2810103.2810113

Published: 12 October 2015 Publication History

Get Access

Abstract

Security protocols are essential for establishing trustworthiness of electronic transactions over open networks. Currently used languages and logics for protocol specifications do not facilitate/force the designer to make explicit goals, intentional assumptions or the preceding history across interactions among the stakeholders. Readers-Writers Flow Model (RWFM) is a novel model for information flow control, and has a label structure that explicitly specifies the permissible readers and influencers of a message. RWFM labels succinctly capture the history of a message. In this paper, we sketch an approach to enrich protocol specifications with RWFM labels that overcomes the problem of incomplete protocol specifications, and captures the intensional specifications in a natural way. Our approach tracks information flows in a protocol and makes explicit: (i) the assumptions and goals at each stage of the protocol, (ii) the construction of new messages from components of previous messages, and (iii) the knowledge of roles at various stages. We believe that our approach leads to a robust protocol specification language, including security/cryptographic protocols, that shall be of immense aid to the designer, user and the implementer of protocols.

References

[1]

M. Abadi. Security protocols and their properties. In Foundations of Secure Computation, NATO Science Series, pages 39--60. IOS Press, 2000.

Google Scholar

[2]

M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng., 22(1):6--15, Jan. 1996.

Digital Library

Google Scholar

[3]

D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236--243, 1976.

Digital Library

Google Scholar

[4]

G. Lowe. An attack on the needham-schroeder public-key authentication protocol. Inf. Process. Lett., 56(3):131--133, Nov. 1995.

Digital Library

Google Scholar

[5]

N. V. Narendra Kumar and R. K. Shyamasundar. Realizing purpose-based privacy policies succinctly via information-flow labels. In IEEE 4th BdCloud, pages 753--760, 2014.

Digital Library

Google Scholar

[6]

R. M. Needham and M. D. Schroeder. Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993--999, Dec. 1978.

Digital Library

Google Scholar

[7]

T. Y. C. Woo and S. S. Lam. A lesson on authentication protocol design. SIGOPS Oper. Syst. Rev., 28(3):24--37, July 1994.

Digital Library

Google Scholar

Cited By

View all

Vyas PShyamasundar RPatil BHung CHong JBechini ASong E(2021)App2SecAppProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442102(908-911)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442102
Ghosal SShyamasundar R(2020)Information Flow Security Certification for SPARK ProgramsData and Applications Security and Privacy XXXIV10.1007/978-3-030-49669-2_8(137-150)Online publication date: 18-Jun-2020
https://doi.org/10.1007/978-3-030-49669-2_8
Wu FZhang H(2017)A Dictionary Sequence Model to Analyze the Security of Protocol Implementations at the Source Code LevelTrusted Computing and Information Security10.1007/978-981-10-7080-8_11(126-142)Online publication date: 23-Nov-2017
https://doi.org/10.1007/978-981-10-7080-8_11
Show More Cited By

Index Terms

POSTER: Dynamic Labelling for Analyzing Security Protocols
1. Software and its engineering

Recommendations

Security analysis of efficient (Un-) fair non-repudiation protocols
Abstract
An approach to protocol analysis using asynchronous product automata (APA) and the simple homomorphism verification tool (SHVT) is demonstrated on several variants of the well known Zhou–Gollmann fair non-repudiation protocol and on two more ...
Finite-state analysis of two contract signing protocols

Optimistic contract signing protocols allow two parties to commit to a previously agreed upon contract, relying on a third party to abort or confirm the contract if needed. These protocols are relatively subtle, since there may be interactions between ...
Multi-Stage Key Exchange and the Case of Google's QUIC Protocol
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

The traditional approach to build a secure connection is to run a key exchange protocol and, once the key has been established, to use this key afterwards in a secure channel protocol. The security of key exchange and channel protocols, and to some ...

Comments

Information & Contributors

Information

Published In

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

October 2015

1750 pages

ISBN:9781450338325

DOI:10.1145/2810103

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Christopher Kruegel
University of California, Santa Barbara, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Check for updates

Author Tags

Qualifiers

Poster

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12 - 16, 2015

Colorado, Denver, USA

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
427
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Vyas PShyamasundar RPatil BHung CHong JBechini ASong E(2021)App2SecAppProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442102(908-911)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442102
Ghosal SShyamasundar R(2020)Information Flow Security Certification for SPARK ProgramsData and Applications Security and Privacy XXXIV10.1007/978-3-030-49669-2_8(137-150)Online publication date: 18-Jun-2020
https://doi.org/10.1007/978-3-030-49669-2_8
Wu FZhang H(2017)A Dictionary Sequence Model to Analyze the Security of Protocol Implementations at the Source Code LevelTrusted Computing and Information Security10.1007/978-981-10-7080-8_11(126-142)Online publication date: 23-Nov-2017
https://doi.org/10.1007/978-981-10-7080-8_11
Shrikrishna KNarendra Kumar NShyamasundar R(2017)Security Analysis of EMV Protocol and Approaches for Strengthening ItDistributed Computing and Internet Technology10.1007/978-3-319-72344-0_4(69-85)Online publication date: 29-Nov-2017
https://doi.org/10.1007/978-3-319-72344-0_4
Narendra Kumar NShyamasundar R(2017)Dynamic Labelling to Enforce Conformance of Cross Domain Security/Privacy Policies13th International Conference on Distributed Computing and Internet Technology - Volume 1010910.1007/978-3-319-50472-8_15(183-195)Online publication date: 13-Jan-2017
https://dl.acm.org/doi/10.1007/978-3-319-50472-8_15
Narendra Kumar NShyamasundar R(2017)Analyzing Protocol Security Through Information-Flow Control13th International Conference on Distributed Computing and Internet Technology - Volume 1010910.1007/978-3-319-50472-8_13(159-171)Online publication date: 13-Jan-2017
https://dl.acm.org/doi/10.1007/978-3-319-50472-8_13
Kumar NShyamasundar R(2016)An End-to-End Privacy Preserving Design of a Map-Reduce Framework2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS)10.1109/HPCC-SmartCity-DSS.2016.0209(1469-1476)Online publication date: Dec-2016
https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0209
Shyamasundar RKumar NRajarajan M(2016)Information-Flow Control for Building Security and Privacy Preserving Hybrid Clouds2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS)10.1109/HPCC-SmartCity-DSS.2016.0201(1410-1417)Online publication date: Dec-2016
https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0201
Susheel SNarendra Kumar NShyamasundar R(2015)Enforcing Secure Data Sharing in Web Application Development Frameworks Like Django Through Information Flow ControlProceedings of the 11th International Conference on Information Systems Security - Volume 947810.1007/978-3-319-26961-0_34(551-561)Online publication date: 16-Dec-2015
https://dl.acm.org/doi/10.1007/978-3-319-26961-0_34

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Security analysis of efficient (Un-) fair non-repudiation protocols

Finite-state analysis of two contract signing protocols

Multi-Stage Key Exchange and the Case of Google's QUIC Protocol

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations