Scribd Logo
Upload

Welcome to Scribd!

  • FormalSecurityAnalysis 1

    Uploaded by

    Surya Gupta
    11 views1 page
    This document summarizes a course on formally analyzing the security of cryptographic protocol code. The course is divided into two parts: 1) analyzing security of programs written in a functional programming language using a concurrent lambda calculus, and 2) translating these programs to applied pi-calculus processes and verifying security using an automated prover. By the end of the course, students will understand the theory underlying security analysis of distributed programs and gain experience using a leading security verification tool.

    Original Description:

    Original Title

    FormalSecurityAnalysis-1

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a course on formally analyzing the security of cryptographic protocol code. The course is divided into two parts: 1) analyzing security of programs written in a functional programming language using a concurrent lambda calculus, and 2) translating these programs to applied pi-calculus processes and verifying security using an automated prover. By the end of the course, students will understand the theory underlying security analysis of distributed programs and gain experience using a leading security verification tool.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views1 page

    FormalSecurityAnalysis 1

    Uploaded by

    Surya Gupta
    This document summarizes a course on formally analyzing the security of cryptographic protocol code. The course is divided into two parts: 1) analyzing security of programs written in a functional programming language using a concurrent lambda calculus, and 2) translating these programs to applied pi-calculus processes and verifying security using an automated prover. By the end of the course, students will understand the theory underlying security analysis of distributed programs and gain experience using a leading security verification tool.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Formal Security Analysis of Cryptographic Protocol Code

    Karthikeyan Bhargavan

    Fall 2010, IIT Delhi

    Developing formal proofs of correctness for security-critical software has been


    a long-cherished goal both for cryptographers and for the program verification
    community. Recent advances in the state of automated theorem-proving has
    brought this goal within reach. In this course, we shall learn how to use a special-
    purpose cryptographic prover to verify the security of protocol implementations
    written in the functional programming language F#, a dialect of OCaml. The
    course proceeds in two parts.

    1. We begin by studying the syntax and semantics of a concurrent call-by-


    value lambda calculus, called F, a subset of F#. We formalize the notion
    of an attacker against F programs and learn how to specify protocol se-
    curity goals, such as authentication and secrecy. Through small protocol
    examples, we learn how to prove these security goals by reasoning about
    the traces of an F program when composed with an arbitrary attacker.

    2. We then study the syntax and semantics of the applied pi-calculus, a vari-
    ant of the pi-calculus designed specifically for the modelling and proof
    of cryptographic protocols. We study a translation from F programs to
    applied pi-calculus processes and formalize the correctness of this trans-
    lation. We learn how to automatically verify the security of F programs
    by translating them using the compiler FS2PV and then verifying the
    resulting processes using the cryptographic prover ProVerif. We evalu-
    ate the strengths and weaknesses of this technique over large verification
    case studies of standard protocols, such as the Transport Layer Security
    protocol (TLS).

    By the end of the course, the student will have been exposed to the theory
    underlying the security analysis of distribured programs and gained some ex-
    perience in the use of a leading security verification tool. The course will be
    accessible to students with some background in programming language theory,
    specifically some working knowledge of the syntax and semantics of foundational
    calculi such as the lambda calculus and pi calculus, and some basic type theory.

    Course webpage. For further information and course materials, see:


    http://moscova.inria.fr/∼karthik/FormalSecurityAnalysis.html

    You might also like