A Quantitative Study of Two Attacks

We use a special operational semantics which helps us in predicting quantitative measures on systems describing cryptographic protocols: We also consider a possible attacker. The transitions of the system carry enhanced labels. We assign rates to transitions by only looking at these labels. We then map transition systems to Markov chains and evaluate performance of systems, using standard tools

There are Two Sides to Every Question - Controller Versus Attacker.

We investigate security enforcement mechanisms that run in parallel with a system; the aim is to check and modify the run-time behaviour of a possible attacker in order to guarantee that the system satisfies some security policies. We focus on a CSP-like quantitative process-algebra to model such processes. Weights on actions are modelled with semirings, which represent a parametric structure where to cast different metrics. The basic tools are represented by a quantitative logic and a model checking function. First, the behaviour of the system is removed from the parallel computation with respect to some security property to be satisfied. Secondly, what remains is refined in two formulas with respect to the given operator executed by a controller. The result describes what a controller has to do to prevent a given attack

Abstract WISP 2004 Preliminary Version A Quantitative Study of Two Attacks 1

We use a special operational semantics which helps us in predicting quantitative measures on systems describing cryptographic protocols: We also consider a possible attacker. The transitions of the system carry enhanced labels. We assign rates to transitions by only looking at these labels. We then map transition systems to Markov chains and evaluate performance of systems, using standard tools.