A security scheme for resource sharing over a network

The purpose of this paper is to describe a security scheme for a special purpose resource-sharing system for networked computers. The scheme makes use of cryptographic constructs called coupons, issued by a central authority, and representing the right to use a certain amount of resources on a specified machine. The security scheme is described in detail, and an analysis of its security is also given

Slede: a domain-specific verification framework for sensor network security protocol implementations

Finding flaws in security protocol implementations is hard. Finding flaws in the implementations of sensor network security protocols is even harder because they are designed to protect against more system failures compared to traditional protocols. Formal verification techniques such as model checking, theorem proving, etc, have been very successful in the past in detecting faults in security protocol specifications; however, they generally require that a formal description of the protocol, often called model, is developed before the verification can start. There are three factors that make model construction, and as a result, formal verification is hard. First, knowledge of the specialized language used to construct the model is necessary. Second, upfront effort is required to produce an artifact that is only useful during verification, which might be considered wasteful by some, and third, manual model construction is error prone and may lead to inconsistencies between the implementation and the model. The key contribution of this work is an approach for automated formal verification of sensor network security protocols. Technical underpinnings of our approach includes a technique for automatically extracting a model from the nesC implementations of a security protocol, a technique for composing this extracted model with models of intrusion and network topologies, and a technique for translating the results of the verification process to domain terms. Our approach is sound and complete within bounds, i.e. if it reports a fault scenario for a protocol, there is indeed a fault and our framework terminates for a network topology of given size; otherwise no faults in the protocol are present that can be exploited in the network topology of that size or less using the given intrusion model. Our approach also does not require upfront model construction, which significantly decreases the cost of verification

Verifying sensor network security protocol implementations

Verifying sensor network security protocol implementations using testing/simulation might leave some flaws undetected. Formal verification techniques have been very successful in detecting faults in security protocol specifications; however, they generally require building a formal description (model) of the protocol. Building accurate models is hard, thus hindering the application of formal verification. In this work, a framework for automating formal verification of sensor network security protocols is presented. The framework Slede extracts models from protocol implementations and verifies them against generated intruder models. Slede was evaluated by verifying two sensor network security protocol implementations. Security flaws in both protocols were detected

Bibliography for computer security, integrity, and safety

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports