Obol
A Security Protocol Programming Language (and Runtime)
Obol is part of a project to investigate properties of security
protocols, what they are, how they behave, how they interact, how to deal
with them. The Obol language grew out of a desire to escape the
distractions of low-level implementation efforts, and the need to experiment
and express security protocols as independent programs, closer to the level
on which security protocols are analysed.
NB! Other Obols: If you are looking for the object-oriented
language that was originally designed to introduce the conceptual
foundations of object-oriented programming with minimal fuss, named
Obol, you unfortunately come to the wrong Obol. Please follow this
link instead.
There is also "Obol, A
Language for Open Bio-Ontologies".
|
What's it all about?
Obol is a specialized high-level programming language for security
protocols. The idea is to program closer to the abstractions used to
describe and analyze security protocols, and leave all the nasty details to
the runtime.
The runtime will then handle "mundane" issues such as message
representation, communication, cryptographic transformations and so on.
What's the point of that?
By focusing on the security aspects of the protocol being implemented,
one avoid the typical entanglement of security protocol code, low-level
cryptographic functions, and application logic.
Obol keeps these three aspects separate, resulting in a clean, highly
modular and very flexible security protocol framework.
Think of it as trying to do for security protocols what SQL did for databases.
What's it implemented in?
The most mature (and actively developed) runtime version is implemented
in Java, using ANTLR for the parsing.
Earlier prototypes were implemented in Common Lisp and Python.
What can it be used for?
Security protocols, or any protocol structure that involve composition and
transformation.
Obol is interpreted, and protocols can very easily be upgraded.
The runtime's modular structure allows for new message representation
formats, cryptographic primitives, communication technology and so on, to be
added dynamically.
What does it look like?
As an example, consider the typical way a message in a security
protocol is described:
A → B: A, B, {A, B, Na}Kab
The above means that A sends B a message consisting of the
sender's name, the intended recipient's name, and then encrypts a repetition
of the names along with a nonce Na(random value) using the shared-key
Kab.
We have not made the assumption that Obol must run on both protocol
endpoints, so we must implement both sides (both A and
B):
A side |
(send B A B (encrypt Kab A B Na) |
B side | (receive A A B (decrypt Kab A B *Na)) |
In the above example we assume that A and B know about each
other, and that they share the key Kab.
However, the nonce Na is unknown to B, so B cannot recognize it, but can
assign the unknown datum to a symbol, which is what the *Na construct
does.
How can Obol be used?
Two ways:
- An application must connect to the Obol runtime and request that it
starts an Obol protocol, or script.
The application receives a handle which it can use to communicate
with the script instance, i.e. starting and stopping the protocol
execution, setting and retrieving values the script requires and
provides.
- For experimenting with the language, there's a very simple
command-line interface (ยท la python or lisp). In your shell, just
invoke
or
% java -jar Obol.jar testParser
Using a readline wrapper (eg rlwrap) is strongly
recommended.
Where can I get Obol?
Obol just moved here to friendly SourceForge, and a zip-file can be downloaded via the
project's download page.
This zip-file contains these files:
File | Purpose |
Obol.jar | Jar file containing the Obol classes and packages. |
API.java | Interface describing the Obol runtime. |
ScriptHandle.java | Interface describing a script instance handle. |
ReturnValue.java | Interface describing symbols and values returned via the ScriptHandle interface. |
testScript.java | Example application that invokes any Obol script. |
selftest.obol | Obol interpreter selftest script. |
You will also need the following in your $CLASSPATH:
- ANTLR Jar file (antlr-2.7.5.jar)
- (Optional) Log4J
is required if you use a pre-2007 version.
Newer versions provide a built-in fallback if log4j turns out to be
unavailable at runtime.
- (Optional) Java's default cryptographic abilities might be adaquate
for your use, but for more options please use a decent crypto provider
such as Bouncy Castle, or the
good old Cryptix. Others might
work too (caveat emptor).
To enable and play with the experimental generate-eval callout, you must
place one or more of these interpreters in your classpath:
- Armed Bear Common Lisp
(ABCL), a very nice and complete CL. Installation can be a
little messy, but is well worth it. Alternatively, use the ABCL
embedded in the J-editor, by putting j.jar (found in the binary
distribution of J)
in your classpath.
- Jatha, a common lisp
library. Easy install, hard to use (incomplete subset CL).
- Jython, a.k.a. Python
in Java.
With one of the above, you can do things like
(believe x 2048)
(generate y eval lisp "(expt 2 x)" x)
(generate z eval python "2**x" x)
in your favourite language!
Where is the source code?
Browse the source code in the
SourceForge svn repository, or use svn
checkout:
Documentation?
For a quick tutorial or overview, please see the Dr.Dobbs article in the
list of Publications below.
There's a detailed technical report in the pipeline, which will be
available here Real Soon Nowtm.
The very impatient can get a copy of the rather rough work-in-progress
document by sending me an email.
There's also an informal howto/FAQ available.
Obol-related Publications
- Gaining Flexibility by Security Protocol Transfer,
P.H. Myrvang, T. Stabell-Kulø, The Twelfth IEEE Symposium on
Computers and Communications, Aveiro, Portugal, July 2007.
- Parameterized Communication, P.H. Myrvang, Dr.Dobbs Journal, September 2006.
- The Role of Reflective Middleware in Supporting Flexible Security Policies, Na Xu, G.S. Blair, P.H. Myrvang, T. Stabell-Kulø, P. Grace. To appear in proceedings of Node2006, Erfurt, Germany, September 2006.
- The Obol Protocol Language, P.H. Myrvang, T. Stabell-Kulø, 14th International Workshop on Security Protocols, Cambridge, UK. To appear in Springer LNCS
- Security and Middleware, A. Andersen, G. Blair, P.H. Myrvang, T. Stabell-Kulø, WORDS 2003, Guadalajara, Mexico, January 2003
- Reflective Middleware and Security: OOPP Meets Obol., A. Andersen, G. Blair, P.H. Myrvang, T. Stabell-Kulø, A. Bottoni, and T.A. Nilsen Røst, The 2nd International Workshop on Reflective and Adaptive Middleware, Middleware 2003, Rio de Janeiro, Brazil, June 2003.
There's also an early technical report from the work done on the Lisp-based
prototype (there's been lots of syntax and semantics changes since then):
See also the Pasta Project.
|