A Machine-Checked Proof of Security for AWS Key Management Service
| Title | A Machine-Checked Proof of Security for AWS Key Management Service |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Almeida, José Bacelar, Barbosa, Manuel, Barthe, Gilles, Campagna, Matthew, Cohen, Ernie, Grégoire, Benjamin, Pereira, Vitor, Portela, Bernardo, Strub, Pierre-Yves, Tasiran, Serdar |
| Conference Name | Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |
| Date Published | November 2019 |
| Publisher | Association for Computing Machinery |
| Conference Location | London, United Kingdom |
| ISBN Number | 978-1-4503-6747-9 |
| Keywords | Human Behavior, human factors, Key Management, machine-checked proof, Metrics, provable-security, pubcrawl, resilience, Resiliency, Scalability |
| Abstract | We present a machine-checked proof of security for the domain management protocol of Amazon Web Services' KMS (Key Management Service) a critical security service used throughout AWS and by AWS customers. Domain management is at the core of AWS KMS; it governs the top-level keys that anchor the security of encryption services at AWS. We show that the protocol securely implements an ideal distributed encryption mechanism under standard cryptographic assumptions. The proof is machine-checked in the EasyCrypt proof assistant and is the largest EasyCrypt development to date. |
| URL | https://dl.acm.org/doi/10.1145/3319535.3354228 |
| DOI | 10.1145/3319535.3354228 |
| Citation Key | almeida_machine-checked_2019 |