Efficient Java Code Generation of Security Protocols specified in AnB /AnBx Paolo Modesti School of Computing Science, Newcastle University, UK paolo.modesti@newcastle.ac.uk Abstract. The implementation of security protocols is challenging and error-prone. A model-driven development approach allows the automatic generation of an application, from a simpler and abstract model that can be formally verified. Our AnBx compiler is a tool for automatic genera- tion of Java code of security protocols specified in the Alice&Bob nota- tion. In contrast with existing tools, it uses a simpler specification lan- guage and computes the consistency checks that agents have to perform on reception of messages. Moreover, the tool applies various optimization strategies to achieve efficiency both at compile and run time. Keywords: security protocols, code generation, applied formal methods 1 Introduction The implementation of security protocols is challenging and error-prone, as ex- perience has shown [1] that even widely used and heavily tested protocols like TLS and SSH need to be patched every year due to low-level implementation bugs. The critical aspect is that the high-level security properties of a protocol must be hard-coded explicitly, in terms of low-level cryptographic operations and checks of well-formedness. To counter this problem, in this work we con- sider a model-driven development approach that allows automatic generation of an application, from a simpler and abstract model that can be formally veri- fied. We present the AnBx Compiler and Code Generator 1 , a tool for automatic generation of Java code of security protocols specified in the simple Alice&Bob (AnB ) notation [2], suitable for agile prototyping. Despite being intuitive, AnB is semi-formal because it contains a lot of implicit concepts. In particular, it does not say explicitly which (defensive) consistency checks on the received data need to be performed to verify that the protocol is running according to the specification. It is important to recognize that while some checks on reception are trivially derived from the narrations (verification of a digital signature, com- parison of agent’s identities), others are more complex and managing them can be a challenging task even for an expert programmer. In addition to the main contribution of an end-to-end AnB to Java compiler, we also present an improved way to compute the checks on reception with re- spect to a previous solution proposed by Briais and Nestmann [3]. This allows 1 Available at http://www.dais.unive.it/~modesti/anbx/