短文:安全协议的模块化黑盒运行时验证

Proceedings of the 15th Workshop on Programming Languages and Analysis for Security Pub Date : 2020-10-01 DOI:10.1145/3411506.3417596

Kevin Morio, Dennis Jackson, Marco Vassena, R. Künnemann

{"title":"短文:安全协议的模块化黑盒运行时验证","authors":"Kevin Morio, Dennis Jackson, Marco Vassena, R. Künnemann","doi":"10.1145/3411506.3417596","DOIUrl":null,"url":null,"abstract":"Verification techniques have been applied to the design of secure protocols for decades. However, relatively few efforts have been made to ensure that verified designs are also implemented securely. Static code verification techniques offer one way to bridge the verification gap between design and implementation, but require substantial expertise and manual labor to realize in practice. In this short paper, we propose black-box runtime verification as an alternative approach to extend the security guarantees of protocol designs to their implementations. Instead of instrumenting the complete protocol implementation, our approach only requires instrumenting common cryptographic libraries and network interfaces with a runtime monitor that is automatically synthesized from the protocol specification. This lightweight technique allows the effort for instrumentation to be shared among different protocols and ensures security with presumably minimal performance overhead.","PeriodicalId":110751,"journal":{"name":"Proceedings of the 15th Workshop on Programming Languages and Analysis for Security","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Short Paper: Modular Black-box Runtime Verification of Security Protocols\",\"authors\":\"Kevin Morio, Dennis Jackson, Marco Vassena, R. Künnemann\",\"doi\":\"10.1145/3411506.3417596\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Verification techniques have been applied to the design of secure protocols for decades. However, relatively few efforts have been made to ensure that verified designs are also implemented securely. Static code verification techniques offer one way to bridge the verification gap between design and implementation, but require substantial expertise and manual labor to realize in practice. In this short paper, we propose black-box runtime verification as an alternative approach to extend the security guarantees of protocol designs to their implementations. Instead of instrumenting the complete protocol implementation, our approach only requires instrumenting common cryptographic libraries and network interfaces with a runtime monitor that is automatically synthesized from the protocol specification. This lightweight technique allows the effort for instrumentation to be shared among different protocols and ensures security with presumably minimal performance overhead.\",\"PeriodicalId\":110751,\"journal\":{\"name\":\"Proceedings of the 15th Workshop on Programming Languages and Analysis for Security\",\"volume\":\"93 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 15th Workshop on Programming Languages and Analysis for Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3411506.3417596\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3411506.3417596","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

验证技术已经应用于安全协议的设计几十年了。然而，相对较少的努力已经作出，以确保验证的设计也安全实现。静态代码验证技术提供了一种弥合设计和实现之间验证差距的方法，但是需要大量的专业知识和手工劳动才能在实践中实现。在这篇短文中，我们提出黑盒运行时验证作为一种替代方法，将协议设计的安全保证扩展到它们的实现。我们的方法只需要使用从协议规范自动合成的运行时监视器来检测公共加密库和网络接口，而不是检测完整的协议实现。这种轻量级技术允许在不同的协议之间共享检测工作，并以最小的性能开销确保安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Short Paper: Modular Black-box Runtime Verification of Security Protocols

Verification techniques have been applied to the design of secure protocols for decades. However, relatively few efforts have been made to ensure that verified designs are also implemented securely. Static code verification techniques offer one way to bridge the verification gap between design and implementation, but require substantial expertise and manual labor to realize in practice. In this short paper, we propose black-box runtime verification as an alternative approach to extend the security guarantees of protocol designs to their implementations. Instead of instrumenting the complete protocol implementation, our approach only requires instrumenting common cryptographic libraries and network interfaces with a runtime monitor that is automatically synthesized from the protocol specification. This lightweight technique allows the effort for instrumentation to be shared among different protocols and ensures security with presumably minimal performance overhead.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 15th Workshop on Programming Languages and Analysis for Security

自引率

0.00%

发文量