A Declarative Framework for Security: Secure Concurrent Constraint Programming

Motivation. Due to technological advances such as the Internet and mobile computing, Security has become a serious challenge involving several disciplines of Computer Science. In recent years, there has been a growing interest in the analysis of security protocols and one promising approach is the development of formalisms that model communicating processes, in particular Process Calculi. The results are so far encouraging although most remains to be done. Concurrent Constraint Programming (CCP) is a well-established formalism which generalizes Logic Programming [Sar93]. In CCP processes interact with each other by telling and asking information represented as constraints in a medium, a so-called store. One of the most appealing and distinct features of CCP is that it combines the traditional operational view of processes calculi with a declarative one of processes based upon logic. This combination allows CCP to benefit from the large body of techniques of both process calculi and logic. Over the last decade, several reasoning techniques and implementations for CCP have been developed: E.g., denotational models [SRP91], specification logics and proof systems [NPV02], Petri Net interpretations [RM94], and CCP-based programming languages [Smo95]. Remarkably, most process calculi for security have strong similarities with CCP. For instance, SPL [CW01], the Spi calculus variants in [ALV03,FA01], and the calculus in [BB02] are all operationally defined in terms of configurations containing information which can only increase during evolution. Such a monotonic evolution of information is akin to the notion of monotonic store, which is central to CCP and a source of its simplicity. Also, the calculi in [ALV03,BB02,FA01] are parametric in the underlying logic much like CCP is parametric an underlying constraint system. Also, the assertion of (protocol) properties [ALV03] can be formalized as CCP processes imposing constraints. Furthermore, the notion of unification, which has been shown useful in [FA01] for the symbolic execution of protocols, is primitive (and more general) in CCP.