Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: 20th IEEE Computer Security Foundations Symposium (CSF)
Guest editors: Andrei Sabelfeld
Article type: Research Article
Authors: Corin, Ricardoa; b; c; * | Deniélou, Pierre-Maloa; b | Fournet, Cédrica; b | Bhargavan, Karthikeyana; b | Leifer, Jamesa
Affiliations: [a] MSR-INRIA Joint Centre, Orsay, France | [b] Microsoft Research, Cambridge, UK | [c] University of Twente, Enschede, The Netherlands
Correspondence: [*] Corresponding author: Centre de Recherche Commun INRIA–Microsoft Research, Parc Orsay Université, 28 rue Jean Rostand, 91893 Orsay Cedex, France. Tel.: +33 1 69 35 69 84; Fax: +33 1 69 35 69 69; E-mail: [email protected].
Abstract: Distributed applications can be structured as parties that exchange messages according to some pre-arranged communication patterns. These sessions (or contracts, or protocols) simplify distributed programming: when coding a role for a given session, each party just has to follow the intended message flow, under the assumption that the other parties are also compliant. In an adversarial setting, remote parties may not be trusted to play their role. Hence, defensive implementations also have to monitor one another, in order to detect any deviation from the assigned roles of a session. This task involves low-level coding below session abstractions, thus giving up most of their benefits. We explore language-based support for sessions. We extend the ML language with session types that express flows of messages between roles, such that well-typed programs always play their roles. We compile session type declarations to cryptographic communication protocols that can shield programs from any low-level attempt by coalitions of remote peers to deviate from their roles. Our main result is that, when reasoning about programs that use our session implementation, one can safely assume that all session peers comply with their roles – without trusting their remote implementations.
Keywords: Security, session types, ML, cryptographic protocol generation
DOI: 10.3233/JCS-2008-0334
Journal: Journal of Computer Security, vol. 16, no. 5, pp. 573-636, 2008
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]