By Topic

Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13

5-5 July 2000

Filter Results

Displaying Results 1 - 25 of 25
  • Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13

    Publication Year: 2000
    Request permission for commercial reuse | PDF file iconPDF (91 KB)
    Freely Available from IEEE
  • Panel: foundations for intrusion detection

    Publication Year: 2000, Page(s):104 - 106
    Cited by:  Papers (2)
    Request permission for commercial reuse | PDF file iconPDF (101 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 2000, Page(s): 285
    Request permission for commercial reuse | PDF file iconPDF (44 KB)
    Freely Available from IEEE
  • Secure composition of untrusted code: wrappers and causality types

    Publication Year: 2000, Page(s):269 - 284
    Cited by:  Papers (12)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    We consider the problem of assembling concurrent software systems from untrusted or partially trusted off-the-shelf components, using wrapper programs to encapsulate components and enforce security policies. In previous work we introduced the box-π process calculus with constrained interaction to express wrappers and discussed the rigorous formulation of their security properties. This paper ad... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to prevent type flaw attacks on security protocols

    Publication Year: 2000, Page(s):255 - 268
    Cited by:  Papers (26)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (388 KB)

    A type flaw attack on a security protocol is an attack where a field that was originally intended to have one type is subsequently interpreted as having another type. A number of type flaw attacks have appeared in the academic literature. In this paper we prove that type flaw attacks can be prevented using a simple technique of tagging each field with some information indicating its intended type View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Probabilistic noninterference for multi-threaded programs

    Publication Year: 2000, Page(s):200 - 214
    Cited by:  Papers (57)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (440 KB)

    We present a probability-sensitive confidentiality specification-a form of probabilistic noninterference-for a small multi-threaded programming language with dynamic thread creation. Probabilistic covert channels arise from a scheduler which is probabilistic. Since scheduling policy is typically outside the language specification for multi-threaded languages, we describe how to generalise the secu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards automatic verification of authentication protocols on an unbounded network

    Publication Year: 2000, Page(s):132 - 143
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (336 KB)

    Schneider's (1998) work on rank functions provides a formal approach to verification of certain properties of a security protocol. However, he illustrates the approach only with a protocol running on a small network; and no help is given with the somewhat hit-and-miss process of finding the rank function which underpins the central theorem. We develop the theory to allow for an arbitrarily large n... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure introduction of one-way functions

    Publication Year: 2000, Page(s):246 - 254
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (244 KB)

    Conditions are given under which a one-way function can be used safely in a programming language. The security proof involves showing that secrets cannot be leaked easily by any program meeting the conditions unless breaking the one-way function is easy. The result is applied to a password system where passwords are stored in a public file as images under a one-way function View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Possibilistic definitions of security-an assembly kit

    Publication Year: 2000, Page(s):185 - 199
    Cited by:  Papers (41)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (444 KB)

    We present a framework in which different notions of security can be defined in a uniform and modular way. Each definition of security is formalized as a security predicate by assembling more primitive basic security predicates. A collection of such basic security predicates is defined and we demonstrate how well-known concepts like generalized non-interference or separability can be constructed f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Relating strands and multiset rewriting for security protocol analysis

    Publication Year: 2000, Page(s):35 - 51
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (496 KB)

    Formal analysis of security protocols is largely based on an set of assumptions commonly referred to as the Dolev-Yao model. Two formalisms that state the basic assumptions of this model are related here: strand spaces and multiuser rewriting with existential quantification. Although it is fairly intuitive that these two languages should be equivalent in some way, a number of modifications to each... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about secrecy for active networks

    Publication Year: 2000, Page(s):118 - 129
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (480 KB)

    We develop a language of mobile agents called uPLAN for describing the capabilities of active (programmable) networks. We use a formal semantics for uPLAN to demonstrate how capabilities provided for programming the network can affect the potential flows of information between users. In particular, we formalize a concept of security against attacks on secrecy by an `outsider' and show how basic pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Confidentiality for mobile code: the case of a simple payment protocol

    Publication Year: 2000, Page(s):233 - 244
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (340 KB)

    We propose an approach to support confidentiality for mobile implementations of security-sensitive protocols using Java/JVM. An applet which receives and passes on confidential information onto a public network has a rich set of direct and indirect channels available to it. The problem is to constrain applet behaviour to prevent those leakages that are unintended while preserving those that are sp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information flow analysis in a discrete-time process algebra

    Publication Year: 2000, Page(s):170 - 184
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (428 KB)

    Some of the non-interference properties studied in (Focardi, 1998; Focardi and Gorrieri, 1995) for information flow analysis in computer systems, notably BNDC, are reformulated in a real-time setting. This is done by enhancing the Security Process Algebra of (Focardi and Gorrieri, 1997; Focardi and Martinelli, 1999) with some extra constructs to model real-time systems (in a discrete time setting)... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protocol independence through disjoint encryption

    Publication Year: 2000, Page(s):24 - 34
    Cited by:  Papers (28)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (344 KB)

    One protocol (called the primary protocol) is independent of other protocols (jointly called the secondary protocol) if the question whether the primary protocol achieves a security goal never depends on whether the secondary protocol is in use. We use multiprotocol strand spaces to prove that two cryptographic protocols are independent if they use encryption in non-overlapping ways. This theorem ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Lorenz and Colossus [military cryptography]

    Publication Year: 2000, Page(s):216 - 222
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (168 KB)

    The German Army High Command asked the Lorenz company to produce for them a high security teleprinter cipher machine to enable them to communicate by radio in complete secrecy. The Lorenz company designed a cipher machine based on the additive method for enciphering teleprinter messages invented in 1918 by Gilbert Vernam in America. The Vernam system enciphered the message text by adding to it, ch... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TAPS: a first-order verifier for cryptographic protocols

    Publication Year: 2000, Page(s):144 - 158
    Cited by:  Papers (19)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (336 KB)

    We describe a proof method for cryptographic protocols, based on a strong secrecy invariant that catalogues conditions under which messages can be published. For typical protocols, a suitable first-order invariant can be generated automatically from the program text, independent of the properties being verified, allowing safety properties to be proved by ordinary first-order reasoning. We have imp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Optimizing protocol rewrite rules of CIL specifications

    Publication Year: 2000, Page(s):52 - 62
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (316 KB)

    For purposes of security analysis, cryptographic protocols can be translated from a high-level message-list language such as CAPSL into a multiset rewriting (MSR) rule language such as CIL. The natural translation creates two rules per message or computational action. We show how to optimize the natural rule set by about 50% into a form similar to the result of hand encoding, and prove that the tr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analyzing single-server network inhibition

    Publication Year: 2000, Page(s):108 - 117
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (276 KB)

    Network inhibition is a denial-of-service attack where the adversary attempts to disconnect network elements by disabling a limited number of communication links or nodes. We analyze a common variation of network inhibition where the links have infinite capacity and the goal of the attacker is to deny connections from a single server to as many clients as possible. The problem is defined formally ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Local names in SPKI/SDSI

    Publication Year: 2000, Page(s):2 - 15
    Cited by:  Papers (15)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (364 KB)

    We analyze the notion of “local names” in SPKI/SDSI. By interpreting local names as distributed groups, we develop a simple logic program for SPKI/SDSI's linked local-name scheme and prove that it is equivalent to the name-resolution procedure in SDSI 1.1 and the 4-tuple-reduction mechanism in SPKI/SDSI 2.0. This logic program is itself a logic for understanding SDSI's linked local-nam... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An operational semantics of Java 2 access control

    Publication Year: 2000, Page(s):224 - 232
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (260 KB)

    Java 2 Security enhanced with the Java Authentication and Authorization Service (JAAS) provide sophisticated access control features via a user-configurable authorization policy. Fine-grained access control, code-based as well as user-based authorization, and implicit access rights allow the implementation of real-world policies, but of the cost of increased complexity. We provide a formal specifi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Invariant generation techniques in cryptographic protocol analysis

    Publication Year: 2000, Page(s):159 - 167
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (260 KB)

    The growing interest in the application of formal methods of cryptographic protocol analysis has led to the development of a number of different techniques for generating and describing invariants that are defined in terms of what messages an intruder can and cannot learn. These invariants, which can be used to prove authentication as well as secrecy results, appear to be central to many different... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Looking for diamonds in the desert - extending automatic protocol generation to three-party authentication and key agreement protocols

    Publication Year: 2000, Page(s):64 - 76
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (352 KB)

    We describe our new results in developing and extending Automatic Protocol Generation (APG), an approach to automatically generate security protocols. We explore two-party mutual authentication and key agreement protocols, with a trusted third party (TTP) which shares a symmetric key with each of the two principals. During the process, we experienced the challenge of a gigantic protocol space. Fac... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about trust and insurance in a public key infrastructure

    Publication Year: 2000, Page(s):16 - 22
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (220 KB)

    In the real world, insurance is used to mitigate financial risk to individuals in many settings. Similarly, it has been suggested that insurance can be used in distributed systems, and in particular, in authentication procedures, to mitigate an individual's risks there. We further explore the use of insurance for public-key certificates and other kinds of statements. We also describe an applicatio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • C3PO: a tool for automatic sound cryptographic protocol analysis

    Publication Year: 2000, Page(s):77 - 87
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (304 KB)

    We present an improved logic for analysing authentication properties of cryptographic protocols, based on the SVO logic of Syverson and van Oorschot (1994). Such logics are useful in electronic commerce, among other areas. We have constructed this logic in order to simplify automation, and we describe an implementation using the Isabelle theorem-proving system, and a GUI tool based on this impleme... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An executable specification language for planning attacks to security protocols

    Publication Year: 2000, Page(s):88 - 102
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (420 KB)

    We propose ALSP a Declarative Executable Specification Language for Planning Attacks to Security Protocols based on logic programming. In ALSP we can give a declarative specification of a protocol with the natural semantics of send and receive actions. We view a protocol trace as a plan to reach a goal, so that attacks are just plans reaching goals that correspond to security... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.