Abstract
We adapt the Strand Spaces model to reason abstractly about layered security protocols, where an Application Layer protocol is layered on top of a secure transport protocol. The model abstracts away from the implementation of the secure transport protocol and just captures the properties that it provides to the Application Layer. We illustrate the usefulness of the model by using it to verify a small single sign-on protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Armando, A., Carbone, R., Compagna, L.: LTL model checking for security protocols. In: 20th IEEE Computer Security Foundations Symposium (2007)
Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of SAML 2.0 web browser single sign-on: Breaking the SAML-based single sign-on for Google Apps. In: The 6th ACM Workshop on Formal Methods in Security Engineering, FMSE 2008 (2008)
Bugliesi, M., Focardi, R.: Language based secure communication. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (2008)
Bella, G., Longo, C., Paulson, L.: Verifying second-level security protocols. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol. 2758, pp. 352–366. Springer, Heidelberg (2003)
Creese, S.J., Goldsmith, M.H., Roscoe, A.W., Zakiuddin, I.: The attacker in ubiquitous computing environments: formalising the threat model. In: Proceedings of the 1st International Workshop on Formal Aspects in Security and Trust, FAST (2003)
Dilloway, C.: On the Specification and Analysis of Secure Transport Layers. DPhil thesis, Oxford University (2008)
Dilloway, C., Lowe, G.: Specifying secure transport layers. In: 21st IEEE Computer Security Foundations Symposium, CSF 21 (2008)
Google. Web-based reference implementation of SAML-based SSO for Google Apps (2008), http://code.google.com/apis/apps/sso/saml_reference_implementation_web.html
Guttman, J.D., Thayer, F.J.: Authentication tests. In: IEEE Symposium on Security and Privacy, pp. 96–109 (2000)
Guttman, J.D., Thayer, F.J.: Authentication tests and the structure of bundles. Theoretical Computer Science (2001)
Hansen, S.M., Skriver, J., Nielson, H.R.: Using static analysis to validate the SAML single sign-on protocol. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, WITS 2005 (2005)
Kamil, A.: The Modelling and Analysis of Layered Security Architectures in Strand Spaces. DPhil thesis, Oxford University, Forthcoming (2009)
Kamil, A., Lowe, G.: Analysing TLS in the Strand Spaces model (2009) (Submitted for publication)
OASIS Security Services Technical Committee. Security assertion markup language (SAML) v2.0 technical overview (2005), http://www.oasis-open.org/committees/security/
Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice Hall, Englewood Cliffs (1998)
Javier Thayer, F., Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: IEEE Symposium on Research in Security and Privacy, pp. 160–171. IEEE Computer Society Press, Los Alamitos (1998)
Thomas, S.: SSL and TLS: Securing the Web. Wiley, Chichester (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kamil, A., Lowe, G. (2010). Specifying and Modelling Secure Channels in Strand Spaces. In: Degano, P., Guttman, J.D. (eds) Formal Aspects in Security and Trust. FAST 2009. Lecture Notes in Computer Science, vol 5983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12459-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-12459-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12458-7
Online ISBN: 978-3-642-12459-4
eBook Packages: Computer ScienceComputer Science (R0)