Formal Analysis of Security APIs

An Application Program Interface (API) is considered a security API when it is designed not only to offer access to functionality but also to enforce a security policy, i.e. no matter what commands are sent to the interface, some security properties continue to hold. They are used, for example, as interfaces to cryptographic hardware modules and smartcards. They are very difficult to design, and errors in security APIs have been shown to give rise to critical vulnerabilities in a variety of real world systems, from cash machine PIN processing modules to authentication tokens. Formal analysis of security APIs aims to use techniques from program verification both to find attacks on faulty APIs, and prove security properties of correct ones. This thesis describes some of my work on developing this area from 2004-2010. We focus on APIs for cryptographic key management. We start by defining a Dolev-Yao like model for security APIs, which leads in general to an undecidable security problem. We show decidability for a number of subclasses and soundness for some abstractions. We show how these results have been applied to real commercially available devices, resulting in the unearthing of a number of previously unknown vulnerabilities. We propose a new API for key management which we prove secure in our model. Finally we evaluate the work and give some perspectives.