Modular Preservation of Safety Properties by Cookie-Based DoS-Protection Wrappers

Current research on verifying security properties of communication protocols has focused on proving integrity and confidentiality using models that include a strong Man-in-the-Middle (MitM) threat. By contrast, protection measures against Denial-of-Service (DoS) must assume a weaker model in which an adversary has only limited ability to interfere with network communications. In this paper we demonstrate a modular reasoning framework in which a protocol P that satisfies certain security properties can be assured to retain these properties after it is “wrapped” in a protocol W[P] that adds DoS protection. This modular wrapping is based on the “onion skin” model of actor reflection. In particular, we show how a common DoS protection mechanism based on cookies can be applied to a protocol while provably preserving safety properties (including confidentiality and integrity) that it was shown to have in a MitM threat model.