Typed MSR: Syntax and Examples

Many design flaws and incorrect analyses of cryptographic protoAppeared in the Proceedings of the First International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security — MMM’01 (V. Gorodetski, V. Skormin and L. Popyack, editors), pp.??–??, c Springer-Verlag LNCS ???, St. Petersburg, Russia, 21–23 May 2001 cols can be traced to inadequate specification languages for message components, environment assumptions, and goals. In this paper, we present MSR, a strongly typed specification language for security protocols, which is intended to address the first two issues. Its typing infrastructure, based on the theory of dependent types with subsorting, yields elegant and precise formalizations, and supports a useful array of static check that include type-checking and access control validation. It uses multiset rewriting rules to express the actions of the protocol. The availability of memory predicates enable it to faithfully encode systems consisting of a collection of coordinated subprotocols, and constraints allow tackling objects belonging to complex interpretation domains, e.g. time stamps, in an abstract and modular way. We apply MSR to the specification of several examples.