Scheduled System Maintenance
On Tuesday, February 28, IEEE Xplore will undergo scheduled maintenance from 1:00-5:00 PM ET (18:00-22:00 UTC).
During this time, there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

20th IEEE Computer Security Foundations Symposium (CSF'07)

6-8 July 2007

Filter Results

Displaying Results 1 - 25 of 32
  • 20th IEEE Computer Security Foundations Symposium-Title

    Publication Year: 2007, Page(s):i - iii
    Request permission for commercial reuse | PDF file iconPDF (31 KB)
    Freely Available from IEEE
  • 20th IEEE Computer Security Foundations Symposium-Copyright

    Publication Year: 2007, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (43 KB)
    Freely Available from IEEE
  • 20th IEEE Computer Security Foundations Symposium - Table of contents

    Publication Year: 2007, Page(s): v
    Request permission for commercial reuse | PDF file iconPDF (39 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2007, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (29 KB) | HTML iconHTML
    Freely Available from IEEE
  • Committees

    Publication Year: 2007, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (32 KB)
    Freely Available from IEEE
  • Design and Semantics of a Decentralized Authorization Language

    Publication Year: 2007, Page(s):3 - 15
    Cited by:  Papers (38)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (242 KB) | HTML iconHTML

    We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated que... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Do As I SaY! Programmatic Access Control with Explicit Identities

    Publication Year: 2007, Page(s):16 - 30
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (522 KB) | HTML iconHTML

    We address the programmatic realization of the access control model of security in distributed systems. Our aim is to bridge the gap between abstract/declarative policies and their concrete/operational implementations. We present a programming formalism (which extends the asynchronous pi-calculus with explicit principals) and a specification logic (which extends Datalog with primitives from author... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Type Discipline for Authorization in Distributed Systems

    Publication Year: 2007, Page(s):31 - 48
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (231 KB) | HTML iconHTML

    We consider the problem of statically verifying the conformance of the code of a system to an explicit authorization policy. In a distributed setting, some part of the system may be compromised, that is, some nodes of the system and their security credentials may be under the control of an attacker. To help predict and bound the impact of such partial compromise, we advocate logic-based policies t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Analysis of Voice-over-IP Protocols

    Publication Year: 2007, Page(s):49 - 63
    Cited by:  Papers (19)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (212 KB) | HTML iconHTML

    The transmission of voice communications as datagram packets over IP networks, commonly known as voice-over-IP (VoIP) telephony, is rapidly gaining wide acceptance. With private phone conversations being conducted on insecure public networks, security of VoIP communications is increasingly important. We present a structured security analysis of the VoIP protocol stack, which consists of signaling ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about Concurrency for Security Tunnels

    Publication Year: 2007, Page(s):64 - 78
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (675 KB) | HTML iconHTML

    There has been excellent progress on languages for rigorously describing key exchange protocols and techniques for proving that the network security tunnels they establish preserve confidentiality and integrity. New problems arise in describing and analyzing establishment protocols and tunnels when they are used as building blocks to achieve high-level security goals for network administrative dom... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Formal Theory of Key Conjuring

    Publication Year: 2007, Page(s):79 - 96
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (301 KB) | HTML iconHTML

    Key conjuring is the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidabl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computationally Sound Mechanized Proofs of Correspondence Assertions

    Publication Year: 2007, Page(s):97 - 111
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (240 KB) | HTML iconHTML

    We present a new mechanized prover for showing correspondence assertions for cryptographic protocols in the computational model. Correspondence assertions are useful in particular for establishing authentication. Our technique produces proofs by sequences of games, as standard in cryptography. These proofs are valid for a number of sessions polynomial in the security parameter, in the presence of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Key-dependent Message Security under Active Attacks--BRSIM/UC-Soundness of Symbolic Encryption with Key Cycles

    Publication Year: 2007, Page(s):112 - 124
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (320 KB) | HTML iconHTML

    Key-dependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. It was mainly motivated by key cycles in Dolev-Yao models, i.e., symbolic abstractions of cryptography by term algebras, and a corresponding soundness result was later shown by Adao et al. However, bot... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Compositional Security for Task-PIOAs

    Publication Year: 2007, Page(s):125 - 139
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (346 KB) | HTML iconHTML

    Task-PIOA is a modeling framework for distributed systems with both probabilistic and nondeterministic behaviors. It is suitable for cryptographic applications because its task-based scheduling mechanism is less powerful than the traditional perfect-information scheduler. Moreover, one can speak of two types of complexity restrictions: time bounds on description of task-PIOAs and time bounds on le... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Approximated Computationally Bounded Simulation Relations for Probabilistic Automata

    Publication Year: 2007, Page(s):140 - 156
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (336 KB) | HTML iconHTML

    We study simulation relations for probabilistic automata that require transitions to be matched up to negligible sets provided that computation lengths are polynomially bounded. These relations are meant to provide rigorous grounds to parts of correctness proofs for cryptographic protocols that are usually carried out by semi-formal arguments. We illustrate our ideas by recasting a correctness pro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing STV securely in Pret a Voter

    Publication Year: 2007, Page(s):157 - 169
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (180 KB) | HTML iconHTML

    Work on electronic voting systems to date has largely focused around first-past-the-post voting. However, the governments of many countries, and many non-governmental organisations, use a single transferable vote system, in which the voter needs to indicate not just a single preferred candidate but a preference ranking of (some or all of) the candidates on offer. This paper investigates the possib... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Implementations for Typed Session Abstractions

    Publication Year: 2007, Page(s):170 - 186
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (644 KB) | HTML iconHTML

    Distributed applications can be structured as parties that exchange messages according to some pre-arranged communication patterns. These sessions (or contracts, or protocols) simplify distributed programming: when coding a role for a given session, each party just has to follow the intended message flow, under the assumption that the other parties are also compliant. In an adversarial setting, re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Library for Secure Multi-threaded Information Flow in Haskell

    Publication Year: 2007, Page(s):187 - 202
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (226 KB) | HTML iconHTML

    Li and Zdancewic have recently proposed an approach to provide information-flow security via a library rather than producing a new language from the scratch. They have shown how to implement such a library in Haskell by using arrow combinators. However, their approach only works with computations that have no side-effects. In fact, they leave as an open question how their library, and the mechanis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic Dependency Monitoring to Secure Information Flow

    Publication Year: 2007, Page(s):203 - 217
    Cited by:  Papers (21)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (262 KB) | HTML iconHTML

    Although static systems for information flow security are well-studied, few works address run-time information flow monitoring. Run-time information flow control offers distinct advantages in precision and in the ability to support dynamically defined policies. To this end, we here develop a new run-time information flow system based on the runtime tracking of indirect dependencies between program... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automaton-based Confidentiality Monitoring of Concurrent Programs

    Publication Year: 2007, Page(s):218 - 232
    Cited by:  Papers (19)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (310 KB) | HTML iconHTML

    Noninterference is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. In contrast to static checking of noninterference, this paper considers dynamic, automaton-based, monitoring of information flow for a single execution of a concurrent program. The monitoring mechanism is based on a combination of dynamic and static analyses.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure information flow and program logics

    Publication Year: 2007, Page(s):233 - 248
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (375 KB) | HTML iconHTML

    We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in binary (e.g. relational) program logics. Treating base-line non-interference, multi-level security and flow sensitivity for a while language, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit fl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A flow-sensitive analysis of privacy properties

    Publication Year: 2007, Page(s):249 - 264
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1655 KB) | HTML iconHTML

    In this paper we consider service oriented architectures where many components interact with one another using a wireless network. We are interested in questions like: ldr Can I be sure that I do not get unsolicited information from some service? - unless I give my permission? ldr Can I be sure that information I send to some service never is leaked to another service? - unless I give my permissio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Collaborative Planning With Privacy

    Publication Year: 2007, Page(s):265 - 278
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (446 KB) | HTML iconHTML

    Collaboration among organizations or individuals is common. While these participants are often unwilling to share all their information with each other, some information sharing is unavoidable when achieving a common goal. The need to share information and the desire to keep it private/ secret are two competing notions which affect the outcome of a collaboration. This paper proposes a formal model... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy and Utility in Business Processes

    Publication Year: 2007, Page(s):279 - 294
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB) | HTML iconHTML

    We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles and responsibilities. We present approaches and algorithms for determining whet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electing the Doge of Venice: Analysis of a 13th Century Protocol

    Publication Year: 2007, Page(s):295 - 310
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (225 KB) | HTML iconHTML

    This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science. For example, it gives some opportunities to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.