Preliminary Proceedings 5 th International Workshop on Security Issues in Concurrency ( SecCo ’ 07 )

We consider the problem of statically verifying the conformance of the code of a system to an explicit authorization policy. In a distributed setting, some part of the system may be compromised, that is, some nodes of the system and their security credentials may be under the control of an attacker. To help predict and bound the impact of such partial compromise, we advocate logic-based policies that explicitly record dependencies between principals. We propose a conformance criterion, ”safety despite compromised principals”, such that an invalid authorization decision at an uncompromised node can arise only when nodes on which the decision logically depends are compromised. We formalize this criterion in the setting of a process calculus, and present a verification technique based on a type system. Hence, we can verify policy conformance of code that uses a wide range of the security mechanisms found in distributed systems, ranging from secure channels down to cryptographic primitives, including secure hashes, encryption, and public-key signatures. 1 Joint work with Andrew Gordon and Sergio Maffeis. Symbolic bisimulation for the applied pi calculus (extended abstract) ? Stéphanie Delaune, Steve Kremer, Mark Ryan a LORIA, CNRS & INRIA, Nancy, France b LSV, CNRS & ENS de Cachan & INRIA, France c School of Computer Science, University of Birmingham, UK