Senior Lecturer in Cybersecurity

Paolo Modesti

This is the Eclipse Update Site for the AnBx IDE

Authors: Rémi Garcia and Paolo Modesti

This plugin extends the Eclipse IDE for the design, verification and implementation of security protocols. It is aimed at lowering the adoption barrier of formal methods tools for security. In the spirit of Model Driven Development, the environment supports the user in the specification of the model using the simple and intuitive language AnB (and its extension AnBx). Moreover, it provides a push-button solution for the formal verification of the abstract and concrete models, and for the automatic generation of Java implementation. The tools supports also the ProVerif tool and the applied-pi language.

Main features

Installation

Along with Eclipse (we recommend "Eclipse for Java Developers"), there are two components that need to be installed: the Eclipse plugin and the backend tools.

Plugin

The simplest way is to install the plugin from the Eclipse Marketplace. The are 2 ways of doing this:

You can also install the plugin using the Eclipse Update Manager. To learn how to install software from an update site, please carefully read Adding a new software site from Eclipse Online-Help and follow the instructions there. Use the following address https://www.dais.unive.it/~modesti/anbx/ for the update site.
Make sure the the update site is active to receive future updateS (check Help -> Install New Software... -> Manage... and make sure the checkbox on the left of the update site is flagged on).

N.B. The current version of the AnBx IDE, similarly to Eclipse 2020-09+, requires Java 11 or later. A recent version of Eclipse is recommended.

Backend Tools - Quick setup for Windows, Linux and Mac

For your convenience, we provide a zip file with executables, AnBxJ library and Java templates for the most popular Operating Systems:

Unzip the package on a local folder of your system. In most cases, you will just need to configure the plugin in Eclipse.
On Mac and Linux you likely will need to set execution permission to the three binary files: anbxc, ofmc and proverif.
This can be done with the command chmod u+x filename or with the OS GUI. On Mac, you may also need to authorise the execution of the binary files in System Preferences -> Security and Privacy, go to General tab and click Allow.

The current version of the AnBx compiler is .
If the executables are outdated, or you are using another operating system, you will need to build your own executables.
For the procedure to build each tool refer to documentation of the package.

Download and installation of tools from source code

If you are not using any of the redistributable packages, the AnBx IDE requires to download and configure the following software:

Configuration of the plugin

To configure the plugin, in Eclipse select AnBx Tools -> Configuration, and set the paths to the executables of these tools and to the config file anbxc.cfg.
In order to work with this plugin, if you have downloaded the zip file for win or mac with the executable and auxiliary files, you should set the following under AnBx Tools -> Configuration:

  1. AnBxC Exe Path -> /AnBx2/bin/anbxc.exe
  2. AnBxC Config File -> /AnBx2/bin/anbxc.cfg
  3. AnBxC Exe Path -> /ext-tools/ofmc.exe
  4. ProVerif Exe Path -> /ext-tools/proverif.exe

For each tool, the working directory is usually set one where the executable is located.
You can also, optionally, configure a folder for logging the output of tools. For each backend tool, you can enable/disable logging prior launching the tool.

For file with .java and .properties extensions, Eclipse will automatically use the most appropriate editor type (i.e. syntax highlighting and other features).
For the anbxc.cfg file you can enable syntax highlighting by right clicking on the file icon, and selecting "Open With" -> "Other..." -> "Properties File Editor". It is possible to make this selection permanent in the same dialog window.

Installation of Bouncy Castle library

The Bouncy Castle library offers support form many ciphers not included in the standard JDK/JRE. It can be configured as a Java cryptographic provider via static registration by adding an entry to the java.security properties file.
Download the "Provider" library file bcprov-jdk18on-.jar (or later) in the same folder containing the AnBxJ.jar file.
The file is in $JAVA_HOME/conf/security/java.security , where $JAVA_HOME is the location of your JDK/JRE distribution).
You basically need to add a line: security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider
at the end of the list of other security providers and replace <n> with the next available integer (e.g. 14).
However, as recent versions of Eclipse ship a built-in JRE, you will also need to edit the java.security file, for that JRE.
To identify the location, in Eclipse, select Window -> Properties -> Java -> Installed JREs.

Working with existing examples and testing the environment configuration

If you want to check the configuration and experiment with the tools, the most convenient option is to:

Creating a new project or file

  1. Create a new AnBx project in Eclipse
    File -> New -> Project -> AnBx -> AnBx Project
  2. Create your AnBx/AnB files inside the src folder of the project
    File -> New -> Others -> AnBx file
  3. Create your PV files inside the src folder of the project
    File -> New -> Others -> PV file

Note that when you create the project a symbolic link to the configuration file anbxc.cfg is created.

Running the tool - Protocol verification and code generation

When you run the tool, the output will be displayed in the "Console". Be sure you select the right console in Eclipse.
At the first run of any supported tool a  console should open automatically. If you do not see any Console select Window -> Show View -> Console.

OFMC protocol verification (only for AnBx/AnB files)

  1. If your input file has extension .AnBx
    1. Select your AnBx file and click on "AnBxC" button.
    2. Select the output format "AnB (default)" and select "Launch associated validator"
    3. (Only the first time) Configure OFMC (click on the "gear" icon): set the number of session (1,2,3...). If the number (n) is greater then one the tool will verify the protocol for 1 and n session in sequence.
    4. Click "OK". The compiler will translate the file from AnBx to AnB and will run OFMC to verify the protocol specification against the security goals.
  2. If your input file has extension .AnB or .IF
    1. Select your AnB file and click on "OFMC" button.
    2. Configure OFMC: set the number of session (1,2,3...). If the number (n) is greater then one the tool will verify the protocol for 1 and n sessions in sequence.
    3. Click "OK" to verify the protocol.

ProVerif protocol verification (only for AnBx/PV files)

  1. If your input file has extension .AnBx
    1. Select your AnBx file and click on "AnBxC" button. Select the output format "ProVerif (default)" and select "Launch associated validator"
    2. Optionally, click on the "gear" icon to set options for ProVerif
    3. Click "OK". The compiler will translate the file from AnBx to PV and will run ProVerif) to verify the protocol specification against the security goals.
  2. If your input file has extension .PV
    1. Select your PV file and click on "ProVerif" button. Select the options ("pitype" and "solve" by default) and click "OK"

Java code generation (only for AnBx files)

You need to have configured your output directory in the anbxc.cfg file. A link is available in the root of your project.
In particular, you should check the following lines in anbxc.cfg

pathstemplates = <this is the location of the template files (.st)>
pathjavadest = <this is the location where the Java files are generated>

N.B. # on Windows use / as path separator instead of \.     Example: C:/MyWorkspace/genanbx/src/

  1. Select your AnBx file and click on "AnBxC" button. Select the output format "Java"
  2. Click "OK". The compiler will translate the file from AnBx to Java.
  3. If you select "Launch associated validator" it will also run the generated application (using an ant build file).

Build/Run a Java Project (under Eclipse)

Refer to the online help (?) and product documentation for additional options.

Tutorial

Documentation

  1. An IDE for the Design, Verification and Implementation of Security Protocols (R.Garcia, P.Modesti), ISSREW 2017
  2. AnBx: Automatic Generation and Verification of Security Protocols Implementations (P.Modesti), FPS 2015

Questions?