An IDE for the Design, Verification and Implementation of Security Protocols Rémi Garcia Département Informatique IUT de Bordeaux Bordeaux, France Email: remi.garcia@etu.u-bordeaux.fr Paolo Modesti Faculty of Computer Science University of Sunderland Sunderland, United Kingdom Email: paolo.modesti@sunderland.ac.uk Abstract—Security protocols are critical components for the construction of secure and dependable distributed applications, but their implementation is challenging and error prone. Therefore, tools for formal modelling and analysis of security protocols can be potentially very useful to support software engineers. However, despite such tools having been available for a long time, their adoption outside the research community has been very limited. In fact, most practitioners find such applications too complex and hardly usable for their daily work. In this paper, we present an Integrated Development Environment for the design, verification and implementation of security protocols, aimed at lowering the adoption barrier of formal methods tools for security. In the spirit of Model Driven Development, the environment supports the user in the specification of the model using the simple and intuitive language AnB (and its extension AnBx). Moreover, it provides a push-button solution for the formal verification of the abstract and concrete models, and for the automatic generation of Java implementation. This Eclipse-based IDE leverages on existing languages and tools for the modelling and verification of security protocols, such as the AnBx Compiler and Code Generator, the model checker OFMC and the cryptographic protocol verifier ProVerif. Keywords-Security Protocols; Design; Verification; Imple- mentation; Integrated Development Environment; I. I NTRODUCTION The ubiquitous usage of information and communica- tion technologies offers individuals and organisations an enormous number of opportunities for business and social interaction. However, it also poses significant risks and threats since vulnerabilities can be exploited by attackers to gain access to confidential data, and compromise the integrity of connected systems. Many experts agree that the root cause of vulnerabilities is incorrect software [1]. Security protocols play a key role in protecting user data exchanged over a network infrastructure that can be assumed to be under adversary control, as in the Dolev-Yao attac- ker model [2]. However, programming security protocols is challenging and error-prone, as experience has shown that low-level implementation bugs are discovered even in protocols like TLS and SSH, which are widely used and thoroughly tested. Therefore, tools for formal modelling and analysis of security protocols can be very useful to support software engineers. Formal specification helps to better understand system requirements, and a formal model, suitable for automatic analysis, can detect inconsistencies and requirements errors at an early stage of the development. It is also cost effective as errors discovered at later stages are generally more expensive to fix [3]. However, security requirements are particularly challen- ging because they need to consider the behaviour of an active adversary. To help reasoning about the security pro- perties, the specification of security protocols with high-level programming abstractions, suited for security analysis and automated verification, has been advocated by the formal methods for security research community [4], [5]. This was also one of the reasons for developing tools for the verification of security protocols in the symbolic model [6], [7], [8], and for the automatic generation of security protocols implementations [9], [10], [11]. Despite such tools having been available for a long time, their adoption outside the research community has been very limited. In fact, most practitioners find this kind of applications too complex and hardly usable, including the difficulty to write and understand the formal specification. For these reasons, they are reluctant to use such tools for their daily work. In order to lower the adoption barrier we advocate an approach based on: • a simple and intuitive language for the formal specifi- cation of security protocols; • a Model-Driven Development (MDD) strategy allowing automatic generation of a program, from a simple and abstract model that can be formally verified; • an Integrated Development Environment supporting the developer. To demonstrate this approach, we present the AnBx-IDE 1 , an Integrated Development Environment for the design, verification and implementation of security protocols. This Eclipse-based IDE leverages on existing languages and tools for modelling and verification of security protocols, such as the AnBx Compiler and Code Generator [10], for the automatic generation of Java implementations from a model described in the simple Alice & Bob (AnB) notation [12] (or its extension AnBx [13]), and, for the automated 1 Available at http://www.dais.unive.it/~modesti/anbx/ide/