18th IEEE Computer Security Foundations Workshop (CSFW'05)最新文献

筛选
英文 中文
Language-based information erasure 基于语言的信息擦除
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.19
Stephen Chong, A. Myers
{"title":"Language-based information erasure","authors":"Stephen Chong, A. Myers","doi":"10.1109/CSFW.2005.19","DOIUrl":"https://doi.org/10.1109/CSFW.2005.19","url":null,"abstract":"Real computing systems sometimes need to forget sensitive information. This paper explores the specification and semantics of information erasure policies, which impose a strong, end-to-end requirement that information be either erased or made less accessible. Simple lattice-based information flow policies, corresponding to a noninterference requirement, are augmented with the ability to express explicit erasure and declassification policies. Examples are given of applying this expressive policy language to real systems. The paper gives tools for reasoning about policy enforcement either statically or dynamically. Further, the significance of these policies to security is formally explained in terms of trace-based semantic security properties: generalizations of noninterference that accommodate erasure and declassification.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"261 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124272033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 75
Reconstruction of attacks against cryptographic protocols 重建针对加密协议的攻击
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.25
Xavier Allamigeon, B. Blanchet
{"title":"Reconstruction of attacks against cryptographic protocols","authors":"Xavier Allamigeon, B. Blanchet","doi":"10.1109/CSFW.2005.25","DOIUrl":"https://doi.org/10.1109/CSFW.2005.25","url":null,"abstract":"We study an automatic technique for the verification of cryptographic protocols based on a Horn clause model of the protocol. This technique yields proofs valid for an unbounded number of sessions of the protocol. However, up to now, it gave no definite information when the proof failed. In this paper, we present an algorithm for reconstructing an attack against the protocol when the desired security property does not hold. We have proved soundness, termination, as well as a partial completeness result for our algorithm. We have also implemented it in the automatic protocol verifier ProVerif. As an extreme example, we could reconstruct an attack involving 200 parallel sessions against f/sup 200/g/sup 200/ protocol (Millen, 1999).","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128379849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
End-to-end availability policies and noninterference 端到端可用性策略和不干扰性
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.16
Lantian Zheng, A. Myers
{"title":"End-to-end availability policies and noninterference","authors":"Lantian Zheng, A. Myers","doi":"10.1109/CSFW.2005.16","DOIUrl":"https://doi.org/10.1109/CSFW.2005.16","url":null,"abstract":"This paper introduces the use of static information flow analysis for the specification and enforcement of end-to-end availability policies in programs. We generalize the decentralized label model, which is about confidentiality and integrity, to also include security policies for availability. These policies characterize acceptable risks by representing them as principals. We show that in this setting, a suitable extension of noninterference corresponds to a strong, end-to-end availability guarantee. This approach provides a natural way to specify availability policies and enables existing static dependency analysis techniques to be adapted for availability. The paper presents a simple language in which fine-grained information security policies can be specified as type annotations. These annotations can include requirements for all three major security properties: confidentiality, integrity, and availability. The type system for the language provably guarantees that any well-typed program has the desired noninterference properties, ensuring confidentiality, integrity, and availability.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128035372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Polynomial runtime in simulatability definitions 可模拟性定义中的多项式运行时
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.3233/JCS-2009-0354
D. Hofheinz, J. Müller-Quade, Dominique Unruh
{"title":"Polynomial runtime in simulatability definitions","authors":"D. Hofheinz, J. Müller-Quade, Dominique Unruh","doi":"10.3233/JCS-2009-0354","DOIUrl":"https://doi.org/10.3233/JCS-2009-0354","url":null,"abstract":"We elaborate on the problem of polynomial runtime in simulatability definitions for multiparty computation. First, the need for a new definition is demonstrated by showing which problems occur with common definitions of polynomial runtime. Then, we give a definition which captures in an intuitive manner what it means for a protocol or an adversary to have polynomial runtime. We show that this notion is suitable for simulatability definitions for multiparty computation. In particular, a composition theorem is shown for this notion.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133188856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Type annotations to improve stack-based access control 键入注释以改进基于堆栈的访问控制
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.27
Tian Zhao, J. Boyland
{"title":"Type annotations to improve stack-based access control","authors":"Tian Zhao, J. Boyland","doi":"10.1109/CSFW.2005.27","DOIUrl":"https://doi.org/10.1109/CSFW.2005.27","url":null,"abstract":"Java security architecture uses stack-based access control to protect security-sensitive resources. The architecture implements access control checks by inspecting the call stack to compute permission levels, which are used to decide whether to grant access to these resources. This implementation only considers the direct and indirect callers of sensitive methods that directly accesses the resources. However, it does not check the integrity of the variables used in the calls to these methods, nor does it help protect confidential values that might be returned by these calls. This paper proposes a type-based approach to strengthen stack-based access control. We use type annotations to track values originated from untrusted code such that these values will not be inputs to the sensitive methods when they are executed with high level of trust. We also use the annotations to protect confidential values from being accidentally revealed by trusted code. We give a static type system that checks these properties and augments existing dynamic stack-based checks. The hybrid approach is similar to so-called \"history-based access control\" without its run-time burden.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"324 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127569084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Deciding knowledge in security protocols under (many more) equational theories 在(更多)等式理论下的安全协议中的决定知识
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.14
M. Abadi, V. Cortier
{"title":"Deciding knowledge in security protocols under (many more) equational theories","authors":"M. Abadi, V. Cortier","doi":"10.1109/CSFW.2005.14","DOIUrl":"https://doi.org/10.1109/CSFW.2005.14","url":null,"abstract":"In the analysis of security protocols, the knowledge of attackers is often described in terms of message deducibility and indistinguishability relations. In this paper, we pursue the study of these two relations. We establish general decidability theorems for both. These theorems require only loose, abstract conditions on the equational theory for messages. They subsume previous results for a syntactically defined class of theories that allows basic equations for functions such as encryption, decryption, and digital signatures. They also apply to many other useful theories, for example with blind digital signatures, homomorphic encryption, XOR, and other associative-commutative functions.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131233098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
An encapsulated authentication logic for reasoning about key distribution protocols 用于对密钥分发协议进行推理的封装身份验证逻辑
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.7
I. Cervesato, C. Meadows, Dusko Pavlovic
{"title":"An encapsulated authentication logic for reasoning about key distribution protocols","authors":"I. Cervesato, C. Meadows, Dusko Pavlovic","doi":"10.1109/CSFW.2005.7","DOIUrl":"https://doi.org/10.1109/CSFW.2005.7","url":null,"abstract":"Authentication and secrecy properties are proved by very different methods: the former by local reasoning, leading to matching knowledge of all principals about the order of their actions, the latter by global reasoning towards the impossibility of knowledge of some data. Hence, proofs conceptually decompose in two parts, each encapsulating the other as an assumption. From this observation, we develop a simple logic of authentication that encapsulates secrecy requirements as assumptions. We apply it within the derivational framework to derive a large class of key distribution protocols based on the authentication properties of their components.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"406 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123877697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
Practical information flow control in Web-based information systems 基于web的信息系统中的实用信息流控制
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.23
Peng Li, S. Zdancewic
{"title":"Practical information flow control in Web-based information systems","authors":"Peng Li, S. Zdancewic","doi":"10.1109/CSFW.2005.23","DOIUrl":"https://doi.org/10.1109/CSFW.2005.23","url":null,"abstract":"This paper presents a practical application of language-based information-flow control, namely, a domain-specific Web scripting language designed for interfacing with databases. The primary goal is to provide strong enforcement of confidentiality and integrity policies: confidential data can be released only in permitted ways and trustworthy data must result from expected computations or conform to expected patterns. Such security policies are specified in the database layer and statically enforced for the rest of the system in an end-to-end fashion. In contrast with existing Web-scripting languages, which provide only ad hoc mechanisms for information security, the scripting language described here uses principles based on the well-studied techniques in information-flow type systems. However, because Web scripts often need to downgrade confidential data and manipulated untrusted user input, they require practical and convenient ways of downgrading secure data. To achieve this goal, the language allows safe downgrading according to downgrading policies specified by the programmer. This novel, pattern-based approach provides a practical instance of recent work on delimited release and relaxed noninterference and extends that work by accounting for integrity policies.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129865692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
Enforcing secure service composition 实施安全的服务组合
18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI: 10.1109/CSFW.2005.17
Massimo Bartoletti, P. Degano, G. Ferrari
{"title":"Enforcing secure service composition","authors":"Massimo Bartoletti, P. Degano, G. Ferrari","doi":"10.1109/CSFW.2005.17","DOIUrl":"https://doi.org/10.1109/CSFW.2005.17","url":null,"abstract":"A static approach is proposed to study secure composition of software. We extend the /spl lambda/-calculus with primitives for invoking services that respect given security requirements. Security-critical code is enclosed in policy framings with a possibly nested, local scope. Policy framings enforce safety and liveness properties of execution histories. The actual histories that can occur at runtime are over-approximated by a type and effect system. These approximations are model-checked to verify policy framings within their scopes. This allows for removing any runtime execution monitor, and for selecting those services that match the security requirements.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125889281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 54
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信