发布求助
文献互助 智能选刊 最新文献

Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13最新文献

筛选
英文 中文
TAPS: a first-order verifier for cryptographic protocols 密码协议的一阶验证器
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-15 DOI: 10.1109/CSFW.2000.856933
Ernie Cohen
{"title":"TAPS: a first-order verifier for cryptographic protocols","authors":"Ernie Cohen","doi":"10.1109/CSFW.2000.856933","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856933","url":null,"abstract":"We describe a proof method for cryptographic protocols, based on a strong secrecy invariant that catalogues conditions under which messages can be published. For typical protocols, a suitable first-order invariant can be generated automatically from the program text, independent of the properties being verified, allowing safety properties to be proved by ordinary first-order reasoning. We have implemented the method in an automatic verifier, TAPS, that proves safety properties roughly equivalent to those in published Isabelle verifications, but does so much faster (usually within a few seconds) and with little or no guidance from the user. We have used TAPS to analyze about 60 protocols, including all but three protocols from the Clark and Jacob survey; on average, these verifications each require less than 4 seconds of CPU time and less than 4 bytes of hints from the user.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115366829","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 85
Looking for diamonds in the desert - extending automatic protocol generation to three-party authentication and key agreement protocols 在沙漠中寻找钻石——将自动协议生成扩展到三方认证和密钥协议协议
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856926
A. Perrig, D. Song
{"title":"Looking for diamonds in the desert - extending automatic protocol generation to three-party authentication and key agreement protocols","authors":"A. Perrig, D. Song","doi":"10.1109/CSFW.2000.856926","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856926","url":null,"abstract":"We describe our new results in developing and extending Automatic Protocol Generation (APG), an approach to automatically generate security protocols. We explore two-party mutual authentication and key agreement protocols, with a trusted third party (TTP) which shares a symmetric key with each of the two principals. During the process, we experienced the challenge of a gigantic protocol space. Facing this challenge, we develop more powerful reduction techniques for the protocol generator. We also develop new pruning theorems and probabilistic methods of picking goal orderings for the protocol screener, Athena, which greatly improve the efficiency and worst-case performance of Athena. In our first experiment, APG found new protocols for two-party mutual authentication with a TTP using symmetric keys. In our second experiment, APG also found new protocols for three different sets of security properties for two-party authentication and key agreement. Our new list of security properties for key agreement also uncovered an undocumented deficiency in the Yahalom protocol.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"184 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115114230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 86
C3PO: a tool for automatic sound cryptographic protocol analysis C3PO:一个自动声音密码协议分析工具
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856927
A. Dekker
{"title":"C3PO: a tool for automatic sound cryptographic protocol analysis","authors":"A. Dekker","doi":"10.1109/CSFW.2000.856927","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856927","url":null,"abstract":"We present an improved logic for analysing authentication properties of cryptographic protocols, based on the SVO logic of Syverson and van Oorschot (1994). Such logics are useful in electronic commerce, among other areas. We have constructed this logic in order to simplify automation, and we describe an implementation using the Isabelle theorem-proving system, and a GUI tool based on this implementation. The tool is typically operated by opening a list of propositions intended to be true, and clicking one button. Since the rules form a clean framework, the logic is easily extensible. We also present in detail a proof of soundness, using Kripke possible-worlds semantics.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129926861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Probabilistic noninterference for multi-threaded programs 多线程程序的概率不干扰
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856937
A. Sabelfeld, David Sands
{"title":"Probabilistic noninterference for multi-threaded programs","authors":"A. Sabelfeld, David Sands","doi":"10.1109/CSFW.2000.856937","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856937","url":null,"abstract":"We present a probability-sensitive confidentiality specification-a form of probabilistic noninterference-for a small multi-threaded programming language with dynamic thread creation. Probabilistic covert channels arise from a scheduler which is probabilistic. Since scheduling policy is typically outside the language specification for multi-threaded languages, we describe how to generalise the security condition in order to define how to generalise the security condition in order to define robust security with respect to a wide class of schedulers, not excluding the possibility of deterministic (e.g., round-robin) schedulers and program-controlled thread priorities. The formulation is based on an adaptation of Larsen and Skou's (1991) notion of probabilistic bisimulation. We show how the security condition satisfies compositionality properties which facilitate straightforward proofs of correctness for, e.g., security type systems. We illustrate this by defining a security type system which improves on previous multi-threaded systems, and by proving it correct with respect to our stronger scheduler-independent security condition.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124324989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 342
An executable specification language for planning attacks to security protocols 一种可执行的规范语言,用于计划对安全协议的攻击
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856928
L. Aiello, F. Massacci
{"title":"An executable specification language for planning attacks to security protocols","authors":"L. Aiello, F. Massacci","doi":"10.1109/CSFW.2000.856928","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856928","url":null,"abstract":"We propose AL/sub SP/ a Declarative Executable Specification Language for Planning Attacks to Security Protocols based on logic programming. In AL/sub SP/ we can give a declarative specification of a protocol with the natural semantics of send and receive actions. We view a protocol trace as a plan to reach a goal, so that attacks are just plans reaching goals that correspond to security violations, which can be also declaratively specified. Building on results from logic programming and planning, we map the existence of an attack to a protocol into the existence of a model for the protocol specification that satisfies the specification of an attack. AL/sub SP/ specifications are executable, as we can automatically search for attacks via any efficient model generator (such as smodels), that implements the stable model semantics of normal logic programs. Thus, we come to a specification language which is easy to use (protocol specifications are expressed at a high level of abstraction, and with an intuitive notation close to their traditional description) still keeping the rigor of a formal specification that, in addition, is executable.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130156782","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Secure composition of untrusted code: wrappers and causality types 不可信代码的安全组合:包装器和因果关系类型
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856943
Peter Sewell, J. Vitek
{"title":"Secure composition of untrusted code: wrappers and causality types","authors":"Peter Sewell, J. Vitek","doi":"10.1109/CSFW.2000.856943","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856943","url":null,"abstract":"We consider the problem of assembling concurrent software systems from untrusted or partially trusted off-the-shelf components, using wrapper programs to encapsulate components and enforce security policies. In previous work we introduced the box-/spl pi/ process calculus with constrained interaction to express wrappers and discussed the rigorous formulation of their security properties. This paper addresses the verification of wrapper information flow properties. We present a novel causal type system that statically captures the allowed flows between wrapped possibly-badly-typed components; we use it to prove that an example unidirectional-flow wrapper enforces a causal flow property.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122461091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Reasoning about trust and insurance in a public key infrastructure 关于公钥基础设施中的信任和保险的推理
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856922
J. Millen, R. Wright
{"title":"Reasoning about trust and insurance in a public key infrastructure","authors":"J. Millen, R. Wright","doi":"10.1109/CSFW.2000.856922","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856922","url":null,"abstract":"In the real world, insurance is used to mitigate financial risk to individuals in many settings. Similarly, it has been suggested that insurance can be used in distributed systems, and in particular, in authentication procedures, to mitigate an individual's risks there. We further explore the use of insurance for public-key certificates and other kinds of statements. We also describe an application using threshold cryptography in which insured keys would also have an auditor involved in any transaction using the key, allowing the insurer better control over its liability. We provide a formal yet simple insurance logic that can be used to deduce the amount of insurance associated with statements based on the insurance associated with related statements. Using the logic, we show how trust relationships and insurance can work together to provide confidence.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123669712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Local names in SPKI/SDSI SPKI/SDSI中的本地名称
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856921
Ninghui Li
{"title":"Local names in SPKI/SDSI","authors":"Ninghui Li","doi":"10.1109/CSFW.2000.856921","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856921","url":null,"abstract":"We analyze the notion of \"local names\" in SPKI/SDSI. By interpreting local names as distributed groups, we develop a simple logic program for SPKI/SDSI's linked local-name scheme and prove that it is equivalent to the name-resolution procedure in SDSI 1.1 and the 4-tuple-reduction mechanism in SPKI/SDSI 2.0. This logic program is itself a logic for understanding SDSI's linked local-name scheme and has several advantages over previous logics. We then enhance our logic program to handle authorization certificates, threshold subjects, and certificate discovery. This enhanced program serves both as a logical characterization and an implementation of SPKI/SDSI 2.0's certificate reduction and discovery. We discuss the way SPKI/SDSI uses the threshold subjects and names for the purpose of authorization and show that, when used in a certain restricted way, local names can be interpreted as distributed roles.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129941715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 68
An operational semantics of Java 2 access control Java 2访问控制的操作语义
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856939
G. Karjoth
{"title":"An operational semantics of Java 2 access control","authors":"G. Karjoth","doi":"10.1109/CSFW.2000.856939","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856939","url":null,"abstract":"Java 2 Security enhanced with the Java Authentication and Authorization Service (JAAS) provide sophisticated access control features via a user-configurable authorization policy. Fine-grained access control, code-based as well as user-based authorization, and implicit access rights allow the implementation of real-world policies, but of the cost of increased complexity. We provide a formal specification of the Java 2 and JAAS access control model that helps remove ambiguities of the informal definitions. It defines Java 2 access control in terms of an abstract machine, whose behavior is determined by a small set of transition rules. We illustrate the power of Java 2 access control by showing how commonly encountered authorization requirements can be implemented in Java 2.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133682346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Protocol independence through disjoint encryption 通过分离加密实现协议独立性
Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI: 10.1109/CSFW.2000.856923
J. Guttman, F. Javier, Thayer Fábrega
{"title":"Protocol independence through disjoint encryption","authors":"J. Guttman, F. Javier, Thayer Fábrega","doi":"10.1109/CSFW.2000.856923","DOIUrl":"https://doi.org/10.1109/CSFW.2000.856923","url":null,"abstract":"One protocol (called the primary protocol) is independent of other protocols (jointly called the secondary protocol) if the question whether the primary protocol achieves a security goal never depends on whether the secondary protocol is in use. We use multiprotocol strand spaces to prove that two cryptographic protocols are independent if they use encryption in non-overlapping ways. This theorem applies even if the protocols share public key certificates and secret key \"tickets\". We use the method of Guttman et al. (2000) to study penetrator paths, namely sequences of penetrator actions connecting regular nodes (message transmissions or receptions) in the two protocols. Of special interest are inbound linking paths, which lead from a message transmission in the secondary protocol to a message reception in the primary protocol. We show that bundles can be modified to remove all inbound linking paths, if encryption does not overlap in the two protocols. The resulting bundle does not depend on any activity of the secondary protocol. We illustrate this method using the Neuman-Stubblebine protocol as an example.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131060542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 141
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信