END2ENDSECURITY · Practical design and analysis of certifiably secure protocols - theory and tools for end-to-end security

State-of-the-art technologies struggle to keep pace with possible security vulnerabilities. The lack of a consistent methodology and tools for analyzing security protocols throughout the various stages of their design hinders the detection and prevention of vulnerabilities and comprehensive protocol analysis. Moreover, state-of-the-art verification tools typically only address particular narrow aspects of a protocol's security and require expert knowledge; hence they do not help protocol designers. The challenge is to guarantee end-to-end security - from high-level specifications of the desired security requirements, to a specification of a security protocol that relies on innovative cryptographic primitives, to a secure, executable program. This proposal addresses key steps of this challenge: our goal is to develop a general methodology for automatically devising security protocols and programs based on high-level specifications of selected security requirements and protocol tasks. This includes developing a user-friendly interface for specifying the protocol's intended behavior and high-level security requirements, devising suitable abstract protocols, selecting suitable cryptographic instantiations, and generating a secure, streamlined implementation. This methodology will also include novel verification techniques that complement all design phases along with a theory which propagates verification results from phase to phase with the ultimate goal of certified end-to-end security. This includes developing type systems for analyzing abstract protocols, a general framework for conducting cryptographic proofs, and techniques for reasoning about executable code. The tools we develop should be automated and usable by non-experts.