Security protocol deployment risk
read more
Citations
A Formal Methodology Applied to Secure Over-the-Air Automotive Applications
References
On the security of public key protocols
Semirings for Soft Constraint Solving and Programming
API-level attacks on embedded systems
Formal Correctness of Security Protocols
Related Papers (5)
Frequently Asked Questions (12)
Q2. What is the lower bound in the confidence c-semiring?
The lower bound ⊥ in the confidence c-semiring is interpreted as no flow restriction and thus, if k ≤ k′, then minConf(k, k′) = ⊥ in the confidence c-semiring, since, in this case, the flow is permitted.
Q3. What is the definition of a cascade vulnerability problem?
△The cascade vulnerability problem [9, 8] is concerned with secure interoperation, and considers the assurance risk of composing multilevel secure systems that are evaluated to different levels of assurance according to the criteria specified in [9].
Q4. What are the characteristics of a security protocol?
Security protocol participants are software and/or hardware agents that are—as with any system—potentially vulnerable to failure.
Q5. What is the role of the login manager?
The login manager is responsible for properly using the client’s long-term key to obtain the session key and then handing this key off to the client’s session manager.
Q6. What is the degree of confidence in the protocol?
On the other hand, and in the absense of further information, their degree of confidence that an open-access workstation running freeware follows the protocol and/or cannot be compromised, is low as it may be subject to a variety of attacks ranging from Trojan Horses in the protocol implementation to vulnerabilities such as buffer overflows in the underlying system.
Q7. What is the definition of a protocol?
The deployment of a protocol is a collection of interacting software/hardware components that collectively implement the protocol in its environment.
Q8. What is the definition of a key class?
Key class ⊤ represents the most security-critical key (aggregate of the longterm keys) and the authors define:minConf([⊤, public]) = hi minConf([⊤, Kab]) = hi minConf([⊤, Ka]) = med minConf([⊤, Kb]) = medAn authorization server that manages both long-term keys and the session key (interval [Kab,⊤] requires greater confidence (hi) in its protection than its clients (confidence med) that manage one long-term key and session key; in the former, the authors require greater confidence that the keys cannot be leaked.
Q9. What is the confidence rating of a component?
In practice, the rating of a component should depend on the keys it protects: the authors might have a high degree of confidence that B does not write Kb information to the public channel while have a medium degree of confidence that it does not write Kb to Kab.
Q10. What is the degree of confidence of a component?
The degree of confidence of a component can be based on evidence (a ‘correct’ protocol running on a bastion host) and/or subjective views (the administrator of this system is considered to be incompetent).
Q11. What is the confidence rating for a protocol component?
In the case of the authentication server the authors are confident that keys will not be leaked nor messages encrypted/decrypted in a way that does not follow the protocol specification.
Q12. What is the minimum confidence for each component?
△Definition 1 Each protocol component must meet the minimum required confidence, that is, for every component c then∀x, y : K | int⊥(c) ≤ x ≤ int⊤(c) ∧ int⊥(c) ≤ y ≤ int⊤(c) ⇒ minConf(x, y) ≤ rating(c)that is, the component achieves the required degree of confidence for every pair of keys that it manages.