Results 1 -
7 of
7
Soft Constraint Programming to Analysing Security Protocols
- THEORY AND PRACTICE OF LOGIC PROGRAMMING
, 2004
"... Security protocols stipulate how the remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms, each of different strength. Using soft (rather than crisp) constraints, w ..."
Abstract
-
Cited by 18 (10 self)
- Add to MetaCart
Security protocols stipulate how the remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms, each of different strength. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham-Schroeder protocol (Bella and Bistarelli 2001; Bella and Bistarelli 2002), we have recently discovered a new attack on that protocol as a form of retaliation by principals who have been attacked previously. Having commented on that attack, we then demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos.
Reasoning about secure interoperation using soft constraints
- In Proceedings of FAST-2004 Workshop on Formal Aspects of Security and Trust
, 2004
"... Abstract The security of a network configuration is based not just on the security of its individual components and their direct interconnections, but also on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for c ..."
Abstract
-
Cited by 3 (3 self)
- Add to MetaCart
(Show Context)
Abstract The security of a network configuration is based not just on the security of its individual components and their direct interconnections, but also on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for circuitous paths across a network that violate security. In this paper we propose a constraint-based framework for representing access control configurations of systems. The secure reconfiguration of a system is depicted as a constraint satisfaction problem.
Information Assurance for Security Protocols
"... Security protocols are used pervasively to protect distributed communications in the third Millennium. This motivates the need for a definition of Information Assurance for security protocols, which, to the best of our knowledge, is still missing. Such a definition is advanced in terms of the requir ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Security protocols are used pervasively to protect distributed communications in the third Millennium. This motivates the need for a definition of Information Assurance for security protocols, which, to the best of our knowledge, is still missing. Such a definition is advanced in terms of the requirements that security protocols be analysed at the same time realistically, accurately and formally, notions that the existing literature only favours in separate contexts. The precise meanings of these terms are described by means of general considerations and concrete examples. The main goal of this paper is to draw attention to and raise concern on this novel but significant niche of computer security. 1
Semiring-based soft constraints
"... Abstract. The semiring-based formalism to model soft constraint has been introduced in 1995 by Ugo Montanari and the authors of this paper. The idea was to make constraint programming more flexible and widely applicable. We also wanted to define the extension via a general formalism, so that all its ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract. The semiring-based formalism to model soft constraint has been introduced in 1995 by Ugo Montanari and the authors of this paper. The idea was to make constraint programming more flexible and widely applicable. We also wanted to define the extension via a general formalism, so that all its instances could inherit its properties and be easily compared. Since then, much work has been done to study, extend, and apply this formalism. This papers gives a brief summary of some of these research activities. 1 Before soft constraints: a brief introduction to constraint programming
A Protocol's Life After Attacks. . .
- in Proc. 11th International Workshop on Security Protocols
, 2003
"... In the analysis of security protocols, it is customary to stop as soon as we find an attack. Tons of ink can be spilled on whether an "attack" is really an attack, but it goes without saying that there is no life after that, hence no interest in continuing the analysis. If the protocol is ..."
Abstract
- Add to MetaCart
In the analysis of security protocols, it is customary to stop as soon as we find an attack. Tons of ink can be spilled on whether an "attack" is really an attack, but it goes without saying that there is no life after that, hence no interest in continuing the analysis. If the protocol is broken, then we ought to fix it.
Advancing Assurance for Secure Distributed Communications
, 2002
"... Securing distributed communications from malicious tampering is of capital importance. There exist a number of techniques addressing this issue but, to the best of our knowledge, an account for what Information Assurance means in this context is currently unavailable. A notion is advanced in this pa ..."
Abstract
- Add to MetaCart
Securing distributed communications from malicious tampering is of capital importance. There exist a number of techniques addressing this issue but, to the best of our knowledge, an account for what Information Assurance means in this context is currently unavailable. A notion is advanced in this paper reducing Information Assurance for secure distributed communications to a threefold requirement for the protocols securing the communications. The protocols ought to be analysed accurately, realistically and formally. General considerations and specific examples are presented to enlighten the intuitive meaning of these terms exhaustively. This contribution aims at drawing attention to an important niche in computer security.
D3.3: Attacker Models 2/141
"... This Deliverable describes the attacker models dedicated to trust and secu-rity aspects of service-oriented architectures that we focus on. These attackers extend and refine the standard Dolev-Yao attacker that abstracts from the details of real cryptography (e.g. the factorization problem) and that ..."
Abstract
- Add to MetaCart
(Show Context)
This Deliverable describes the attacker models dedicated to trust and secu-rity aspects of service-oriented architectures that we focus on. These attackers extend and refine the standard Dolev-Yao attacker that abstracts from the details of real cryptography (e.g. the factorization problem) and that is com-monly employed in the formal analysis of security protocols and web services. Structurally, this deliverable is divided according to the main attacker prop-erties and capabilities that the AVANTSSAR project must study and our tools (and, ultimately, the AVANTSSAR Platform) must analyze. Deliverable details Deliverable version: v1.1 Classification: public
