posted on 2010-07-01, 00:00authored byIliano Cervesato
Many design flaws and incorrect analyses of cryptographic proto-
cols can be traced to inadequate specification languages for message components,
environment assumptions, and goals. In this paper, we present MSR, a strongly
typed specification language for security protocols, which is intended to address
the first two issues. Its typing infrastructure, based on the theory of dependent
types with subsorting, yields elegant and precise formalizations, and supports a
useful array of static check that include type-checking and access control validation.
It uses multiset rewriting rules to express the actions of the protocol. The
availability of memory predicates enable it to faithfully encode systems consisting
of a collection of coordinated subprotocols, and constraints allow tackling
objects belonging to complex interpretation domains, e.g. time stamps, in an abstract
and modular way. We apply MSR to the specification of several examples.