Automatic Generation of Security Protocols Implementations

The implementation of security protocols is challenging and error-prone. A model-driven development approach allows the automatic generation of an application, from a simpler and abstract model that can be formally verified. Our AnBx compiler is a tool for automatic generation of Java code of security protocols specified in the Alice&Bob notation. In contrast with existing tools, it uses a simpler specification language and computes the consistency checks that agents have to perform on reception of messages. Moreover, the tool applies various optimization strategies to achieve efficiency both at compile and run time. The implementation of security protocols is challenging and error-prone, as experience has shown that even widely used and heavily tested protocols like TLS and SSH need to be patched every year due to low-level implementation bugs. Moreover, bugs like “Heartbleed” (OpenSSL) [1] and“goto fail” (Apple TLS implementation) [2] have shown that missing (or untested) checks, hidden deep in the code, may have a severe impact. The critical aspect is that the highlevel security properties of a protocol must be hard-coded explicitly, in terms of low-level cryptographic operations and checks of well-formedness. To counter this problem, we propose a model-driven development approach that allows for automatic generation of an application, from a simpler and abstract model that can be formally verified. Our AnBx Compiler and Code Generator [3], is a tool for automatic generation of Java code of security protocols specified in the popular Alice & Bob notation, suitable for agile prototyping. From the design perspective, working on a simplified abstract model has proven to be very effective. It not only allows reasoning about the high-level security property, abstracting from the low-level details of the cryptographic implementation, but it also helps to reduce the problem to a size that can be handled efficiently by automatic verification tools. However, in order to build robust implementations, it is necessary to define explicitly which (defensive) consistency checks on the received data need to be performed to verify that the protocol is running according to the specification. It is important to recognize that while some checks on reception are trivially derived 1 Available at http://www.dais.unive.it/~modesti/anbx/