Abstract
In an optimistic approach to security, one can often simplify protocol design by relying on audit logs, which can be analyzed a posteriori. Such auditing is widely used in practice, but no formal studies guarantee that the log information suffices to reconstruct past runs of the protocol, in order to reliably detect (and provide evidence of) any cheating. We formalize audit logs for a sample optimistic scheme, the value commitment. It is specified in a pi calculus extended with committable locations, and compiled using standard cryptography to implement secure logs. We show that our distributed implementation either respects the abstract semantics of commitments or, using information stored in the logs, detects cheating by a hostile environment.
Chapter PDF
References
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages (POPL 2001) (2001)
Abadi, M., Fournet, C., Gonthier, G.: Secure Implementation of Channel Abstractions. Information and Computation 174(1), 37–83 (2002)
Castellà-Roca, J., Domingo-Ferrer, J., Riera, A., Borrell, J.: Practical Mental Poker Without a TTP Based on Homomorphic Encryption. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 280–294. Springer, Heidelberg (2003)
Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. Int’l Journal of Information Security 6(2), 133–151 (2007)
Chaum, D.: Secret-ballot receipts: True voter-verifiable elections. IEEE Security and Privacy 2(1), 38–47 (2004)
Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical, voter-verifiable election scheme. Technical Report CS-TR-880 (2004)
Corin, R., Denielou, P.-M., Fournet, C., Bhargavan, K., Leifer, J.: Secure implementations for typed session abstractions. In: IEEE Computer Security Foundations Symposium (2007)
Corin, R., Galindo, D., Hoepman, J.H.: Securing data accountability in decentralized systems. In: 1st Int’l Workshop on Information Security (IS 2006), LNCS (2006)
Leroy, X., et al.: Objective caml, http://caml.inria.fr
Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: 12th ACM Symposium on Access Control Models and Technologies (2007)
ISO/IEC. Common criteria for information technology security evaluation (2004), http://www.commoncriteriaportal.org/public/expert/index.php?menu=3
Jha, S., Katzenbeisser, S., Schallhart, C., Veith, H., Chenney, S.: Enforcing semantic integrity on untrusted clients in networked virtual environments. In: IEEE Symposium on Security and Privacy (2007)
Kremer, S., Ryan, M.D.: Analysing the vulnerability of protocols to produce known-pair and chosen-text attacks. In: 2nd Int’l Workshop on Security Issues in Coordination Models, Languages and Systems (SecCo 2004). ENTCS (2005)
NIST Special Publications. Generally accepted principles and practices for securing information technology systems (1996)
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transactions on Information and System Security 2(2), 159–176 (1999)
Shamir, A., Rivest, R., Adleman, L.: Mental poker. Mathematical Gardener (1981)
Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: Network and Distributed System Security Symposium (NDSS) (2004)
Xu, W., Chadwick, D., Otenko, S.: A PKI Based Secure Audit Web Server. In: IASTED Communications, Network and Information and CNIS (2005)
Zheng, L., Chong, S., Myers, A.C., Zdancewic, S.: Using replication and partitioning to build secure distributed systems. In: IEEE Symposium on Security and Privacy (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fournet, C., Guts, N., Nardelli, F.Z. (2008). A Formal Implementation of Value Commitment. In: Drossopoulou, S. (eds) Programming Languages and Systems. ESOP 2008. Lecture Notes in Computer Science, vol 4960. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78739-6_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-78739-6_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78738-9
Online ISBN: 978-3-540-78739-6
eBook Packages: Computer ScienceComputer Science (R0)