Security-typed languages for implementation of cryptographic protocols: A case study

被引:0
|
作者
Askarov, A [1 ]
Sabelfeld, A [1 ]
机构
[1] Chalmers, Dept Comp Sci, S-41296 Gothenburg, Sweden
来源
COMPUTER SECURITY - ESORICS 2005, PROCEEDINGS | 2005年 / 3679卷
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Security protocols are critical for protecting modem communication infrastructures and are therefore subject to thorough analysis. However practical implementations of these protocols lack the same level of attention and thus may be more exposed to attacks. This paper discusses security assurance provided by security-typed languages when implementing cryptographic protocols. Our results are, based on a case study using Jif, a Java-based security-typed language, for implementing a non-trivial cryptographic protocol that allows playing online poker without a trusted third party. The case study deploys the largest program written in a security-typed language to date and identifies insights ranging from security guarantees to useful patterns of secure programming.
引用
收藏
页码:197 / 221
页数:25
相关论文
共 50 条
  • [1] Integrating SELinux with security-typed languages
    Hicks, Boniface
    Rueda, Sandra
    Jaeger, Trent
    McDaniel, Patrick
    [J]. PROCEEDINGS OF THE THIRD ANNUAL SECURITY ENHANCED LINUX SYMPOSIUM, 2007, : 85 - 92
  • [2] Security-typed languages and distributed computation
    Myers, A
    [J]. STATIC ANALYSIS, PROCEEDINGS, 2001, 2126 : 437 - 437
  • [3] Jifclipse: Development Tools for Security-Typed Languages
    Hicks, Boniface
    King, Dave
    McDaniel, Patrick
    [J]. PLAS'07: PROCEEDINGS OF THE 2007 ACM SIGPLAN WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY, 2007, : 1 - 10
  • [4] Channels: Runtime system infrastructure for security-typed languages
    Hicks, Boniface
    Misiak, Timothy
    McDaniel, Patrick
    [J]. TWENTY-THIRD ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2007, : 443 - +
  • [5] From languages to systems: Understanding practical application development in security-typed languages
    Hicks, Boniface
    Ahmadizadeh, Kiyan
    McDaniel, Patrick
    [J]. 22ND ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2006, : 153 - +
  • [6] A trust management approach for flexible policy management in security-typed languages
    Bandhakavi, Sruthi
    Winsborough, William
    Winslett, Marianne
    [J]. CSF 2008: 21ST IEEE COMPUTER SECURITY FOUNDATIONS SYMPOSIUM, PROCEEDINGS, 2008, : 33 - +
  • [7] Security-Typed Programming within Dependently Typed Programming
    Morgenstern, Jamie
    Licata, Daniel R.
    [J]. ACM SIGPLAN NOTICES, 2010, 45 (09) : 169 - 180
  • [8] Security-Typed Programming within Dependently Typed Programming
    Morgenstern, Jamie
    Licata, Daniel R.
    [J]. ICFP 2010: PROCEEDINGS OF THE 2010 ACM SIGPLAN INTERNATIONAL CONFERENCE ON FUNCTIONAL PROGRAMMING, 2010, : 169 - 180
  • [9] Informal Presentation: A Trust Management Perspective on Managing Policy Updates in Security-Typed Languages
    Bandhakavi, Sruthi
    Winsborough, William
    Winslett, Marianne
    [J]. PLAS'07: PROCEEDINGS OF THE 2007 ACM SIGPLAN WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY, 2007, : 73 - 73
  • [10] Predicting New Attacks: A Case Study in Security Analysis of Cryptographic Protocols
    Bao, Da
    Wagatsuma, Kazunori
    Gao, Hongbiao
    Cheng, Jingde
    [J]. ADVANCED MULTIMEDIA AND UBIQUITOUS ENGINEERING: FUTURETECH & MUE, 2016, 393 : 263 - 270
12345