Proceedings 10th Computer Security Foundations Workshop最新文献

{"title":"A different look at secure distributed computation","authors":"P. Syverson","doi":"10.1109/CSFW.1997.596797","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596797","url":null,"abstract":"We discuss various aspects of secure distributed computation and look at weakening both the goals of such computation and the assumed capabilities of adversaries. We present a new protocol for a conditional form of probabilistic coordination and present a model of secure distributed computation in which friendly and hostile nodes are represented in competing interwoven networks of nodes. It is suggested that reasoning about goals, risks, tradeoffs, etc. for this model be done in a game theoretic framework.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125015925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Casper: a compiler for the analysis of security protocols","authors":"G. Lowe","doi":"10.1109/CSFW.1997.596779","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596779","url":null,"abstract":"In recent years, a method for analyzing security protocols using the process algebra CSP (C.A.R. Hoare, 1985) and its model checker FDR (A.W Roscoe, 1994) has been developed. This technique has proved successful, and has been used to discover a number of attacks upon protocols. However the technique has required producing a CSP description of the protocol by hand; this has proved tedious and error prone. We describe Casper, a program that automatically produces the CSP description from a more abstract description, thus greatly simplifying the modelling and analysis process.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132203981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Proving properties of security protocols by induction","authors":"Lawrence Charles Paulson","doi":"10.1109/CSFW.1997.596788","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596788","url":null,"abstract":"Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finite state systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including Needham-Schroeder, Yahalom and Otway-Rees. The method applies to both symmetric key and public key protocols. A new attack has been discovered in a variant of Otway-Rees (already broken by W. Mao and C. Boyd (1993)). Assertions concerning secrecy and authenticity have been proved.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133353591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A hierarchy of authentication specifications","authors":"G. Lowe","doi":"10.1109/CSFW.1997.596782","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596782","url":null,"abstract":"Many security protocols have the aim of authenticating one agent to another. Yet there is no clear consensus in the academic literature about precisely what \"authentication\" means. We suggest that the appropriate authentication requirement will depend upon the use to which the protocol is put, and identify several possible definitions of \"authentication\". We formalize each definition using the process algebra CSP, use this formalism to study their relative strengths, and show how the model checker FDR can be used to test whether a system running the protocol meets such a specification.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134045797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A theory for system security","authors":"Kan Zhang","doi":"10.1109/CSFW.1997.596805","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596805","url":null,"abstract":"Two independent definitions of system security are given through two distinct aspects of a system execution, i.e. state and transform. These two definitions are proven to be equivalent, which gives both confidence to the soundness of our explanation and insight into the internal causality of information flow. Using this definition of information flow security, a general security model for nondeterministic computer systems is presented. On the one hand, our model is based on information flow, which allows it to explain security semantically in terms of other information flow models. On the other hand, our model imposes concrete constraints on the internal system processes, which facilitates implementation and verification in the fashion of access security models. Our model is also more general than previous state-based information flow models, e.g. allowing for concurrency among system processes, which is more suitable for distributed systems.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130900798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On SDSI's linked local name spaces","authors":"M. Abadi","doi":"10.1109/CSFW.1997.596794","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596794","url":null,"abstract":"R.L. Rivest and B. Lampson (1996) have recently introduced SDSI, a Simple Distributed Security Infrastructure. One of the important innovations of SDSI is the use of linked local name spaces. The paper suggests a logical explanation of SDSI's local name spaces, as a complement to the operational explanation given in the SDSI definition.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131867818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Computer Security Foundations Workshop: Ten Years On And Ten Years Ahead","authors":"J. Sinclair","doi":"10.1109/CSFW.1997.596809","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596809","url":null,"abstract":"The Computer Security Foundations Workshop has reached its tenth year. In the midst of the celebrations, this panel takes some time to consider the major achievements of the CSFW so far. We also discuss our hopes and fears for the next ten years and look into our crystal balls to predict the directions which research in computer security is likely to take in the near future. In June 1988 the first CSFW was held at The Franconia Inn, New Hampshire (indeed, the workshop is still sometimes referred to as “Franconia” even by those of us who have never been there). The proceedings [MIT@] of that first workshop are a little elusive to obtain these days, but contain an impressive collection of papers from a variety of authors. The preface, written by the workshop Chair, Jonathan Millen, refers to another workshop on the “Foundations of Secure Computation” which had taken place in 1977, a little over ten years before CSFWl. His comment that “in the decade since then, there has been a great deal of activity and growth in the computer security community” is just as true today, although the research directions have perhaps been somewhat different. In a decade of CSFWs, many papers have been presented and many discussions both formal and informal have taken place. In this panel we consider what areas have provided the most fruitful topics of study and what we can claim to have achieved during this time. The preface from the first proceedings states: “It appears that a consensus on a formal definition of “security” is not imminent, but the objectives of bringing rigorous approaches within the reach of practical applications is much closer”. Is this a comment which could accurately be made today? If so, in what ways have the two become closer? Exactly how closely are theory and practice currently linked? Are there other factors which should also be considered when taking a long hard look at our research? Is ten years (or even twenty) long enough to give a perspective on this? Could we have predicted ten years ago the challenges that have arisen in the past decade? How far are we along the road towards making a foundation for computer security? Are we still producing a collection of disparate bricks, or can the theories be seen as coming together in any way? Given a realistic assessment of the current position, we can go on to consider what the important topics for research will be for the next ten years. What are the current open questions and outstanding problems in the foundations of computer security? What is the likelihood of finding workable solutions for these by the time of the 20th CSFW? Everyone at the CSFW has, by definition, an interest of some sort in computer security research. What will you be pressing to achieve funding for in the next decade? This is a question not just for the panel members, but one to which we can all (and hopefully will) provide equally valid answers. Given that resources are limited, how will you justify your research in th","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126935000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Unreliable intrusion detection in distributed computations","authors":"D. Malkhi, M. Reiter","doi":"10.1109/CSFW.1997.596799","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596799","url":null,"abstract":"Distributed coordination is difficult, especially when the system may suffer intrusions that corrupt some component processes. We introduce the abstraction of a failure detector that a process can use to (imperfectly) detect the corruption (Byzantine failure) of another process. In general, our failure detectors can be unreliable, both by reporting a correct process to be faulty or by reporting a faulty process to be correct. However, we show that if these detectors satisfy certain plausible properties, then the well known distributed consensus problem can be solved. We also present a randomized protocol using failure detectors that solves the consensus problem if either the requisite properties of failure detectors hold or if certain highly probable events eventually occur. This work can be viewed as a generalization of benign failure detectors popular in the distributed computing literature.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121571161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Eliminating covert flows with minimum typings","authors":"D. Volpano, Geoffrey Smith","doi":"10.1109/CSFW.1997.596807","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596807","url":null,"abstract":"A type system is given that eliminates two kinds of covert flows in an imperative programming language. The first kind arises from nontermination and the other from partial operations that can raise exceptions. The key idea is to limit the source of nontermination in the language to constructs with minimum typings, and to evaluate partial operations within expressions of try commands which also have minimum typings. A mutual progress theorem is proved that basically states that no two executions of a well-typed program can be distinguished on the basis of nontermination versus abnormal termination due to a partial operation. The proof uses a new style of programming language semantics which we call a natural transition semantics.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133082690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Provable security for cryptographic protocols-exact analysis and engineering applications","authors":"J. W. Gray, Kin Fai Epsilon Ip, K. Lui","doi":"10.1109/CSFW.1997.596784","DOIUrl":"https://doi.org/10.1109/CSFW.1997.596784","url":null,"abstract":"We develop an approach to deriving concrete engineering advice for cryptographic protocols from provable-security-style proofs of security. The approach is illustrated with a simple, yet useful protocol. The proof is novel and is the first published proof that provides an exact relationship between a high level protocol and multiple cryptographic primitives.","PeriodicalId":305235,"journal":{"name":"Proceedings 10th Computer Security Foundations Workshop","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114592667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}