A Declarative Model for Reasoning about Form Security

Aaron Hunter

2015

Abstract

We introduce a formal methodology for analysing the security of digital forms, by representing form signing procedures in a declarative action formalism. In practice, digital forms are represented as XML documents and the security of information is guaranteed through the use of digital signatures. However, the security of a form can be compromised in many different ways. For example, an honest agent might be convinced to make a commitment that they do not wish to make or they may be fooled into believing that another agent has committed to something when they have not. In many cases, these attacks do not require an intruder to break any form of encryption or digital signature; instead, the intruder simply needs to manipulate the way signatures are applied and forms are passed between agents. In this paper, we demonstrate that form signing procedures can actually be seen as a variation of the message passing systems used in connection with cryptographic protocols. We start with an existing declarative model for reasoning about cryptographic protocols in the Situation Calculus, and we show how it can be extended to identify security issues related to digital signatures, and form signing procedures. We suggest that our results could be used to help users create secure digital forms, using tools such as IBM’s Lotus Forms software.

References

  1. Bertrand, R., Hearn, J., and Lett, B. (1995). The north american pre- and post-processing equipment market: Capturing the benefits and avoiding the pitfalls. Technical report, Strategic Analysis Report, Gartner Group.
  2. Boyer, J. (2005). Enterprise-level web form applications with xfdl and xforms. In Proceedings of XML 2005 Conference and Exposition.
  3. Burrows, M., Abadi, M., and Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1):18-36.
  4. Carlucci Aiello, L. and Massacci, F. (2001). Verifying security protocols as planning in logic programming. ACM Transactions on Computational Logic, 2(4):542-580.
  5. Dolev, D. and Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 2(29):198-208.
  6. Fagin, R., Halpern, J., Moses, Y., and Vardi, M. (1995). Reasoning About Knowledge. MIT Press.
  7. Halpern, J. and Pucella, R. (2003). On the relationship between strand spaces and multi-agent systems. ACM Transactions on Information and System Security (TISSEC), 6(1).
  8. Hernández-Orallo, J. and Pinto, J. (2000). Especificación formal de protocolos criptográficos en cálculo de situaciones. Novatica, 143:57-63.
  9. Hunter, A. (2012). Structured documents: Signatures and deception. In Proceedings of the European Intelligence and Security Informatics Conference (EISIC 2012), pages 274-277.
  10. Hunter, A., Delgrande, J., and McBride, R. (2013). Protocol verification in a theory of action. In Proceedings of the Canadian Conference on AI, pages 52-63.
  11. Levesque, H., Pirri, F., and Reiter, R. (1998). Foundations for the situation calculus. Linköping Electronic Articles in Computer and Inf. Science, 3(18):1-18.
  12. van der Hoek, W. and Wooldridge, M. (2002). Tractable multiagent planning for epistemic goals. In Proceedings of AAMAS-02,.
Download


Paper Citation


in Harvard Style

Hunter A. (2015). A Declarative Model for Reasoning about Form Security . In Proceedings of the International Conference on Agents and Artificial Intelligence - Volume 2: ICAART, ISBN 978-989-758-074-1, pages 420-425. DOI: 10.5220/0005213604200425


in Bibtex Style

@conference{icaart15,
author={Aaron Hunter},
title={A Declarative Model for Reasoning about Form Security},
booktitle={Proceedings of the International Conference on Agents and Artificial Intelligence - Volume 2: ICAART,},
year={2015},
pages={420-425},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005213604200425},
isbn={978-989-758-074-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Agents and Artificial Intelligence - Volume 2: ICAART,
TI - A Declarative Model for Reasoning about Form Security
SN - 978-989-758-074-1
AU - Hunter A.
PY - 2015
SP - 420
EP - 425
DO - 10.5220/0005213604200425