9 research outputs found
Abstract State Machines 1988-1998: Commented ASM Bibliography
An annotated bibliography of papers which deal with or use Abstract State
Machines (ASMs), as of January 1998.Comment: Also maintained as a BibTeX file at http://www.eecs.umich.edu/gasm
Quo Vadis Abstract State Machines? J.UCS Special Issue
In introducing this special ASM issue of J.UCS we point out the particular role this Journal played in the short history of the ASM method and add some reflections on its current status
Soft Constraint Programming to Analysing Security Protocols
Security protocols stipulate how the remote principals of a computer network
should interact in order to obtain specific security goals. The crucial goals
of confidentiality and authentication may be achieved in various forms, each of
different strength. Using soft (rather than crisp) constraints, we develop a
uniform formal notion for the two goals. They are no longer formalised as mere
yes/no properties as in the existing literature, but gain an extra parameter,
the security level. For example, different messages can enjoy different levels
of confidentiality, or a principal can achieve different levels of
authentication with different principals.
The goals are formalised within a general framework for protocol analysis
that is amenable to mechanisation by model checking. Following the application
of the framework to analysing the asymmetric Needham-Schroeder protocol, we
have recently discovered a new attack on that protocol as a form of retaliation
by principals who have been attacked previously. Having commented on that
attack, we then demonstrate the framework on a bigger, largely deployed
protocol consisting of three phases, Kerberos.Comment: 29 pages, To appear in Theory and Practice of Logic Programming
(TPLP) Paper for Special Issue (Verification and Computational Logic
Soft Constraint Programming to Analysing Security Protocols
Security protocols stipulate how remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham- Schroeder protocol, we have recently discovered a new attack on that protocol. We briefly describe that attack, and demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos
A Formal Analysis of Some Properties of Kerberos 5 Using MSR
We give three formalizations of the Kerberos 5 authentication protocol in the Multi-Set Rewriting (MSR) formalism. One is a high-level formalization containing just enough detail to prove authentication and confidentiality properties of the protocol. A second formalization refines this by adding a variety of protocol options; we similarly refine proofs of properties in the first formalization to prove properties of the second formalization. Our third formalization adds timestamps to the first formalization but has not been analyzed extensively. The various proofs make use of rank and corank functions, inspired by work of Schneider in CSP, and provide examples of reasoning about real-world protocols in MSR.We also note some potentially curious protocol behavior; given our positive results, this does not compromise the security of the protocol
Using kerberos for enterprise cloud authentication
The Kerberos authentication protocol has a maturity of approximately thirty
years, being widely used in IT systems in the corporate environment, mainly due to its
adoption by Microsoft in its operating systems. Moreover, the practical application of the
Cloud computing and its concepts is in its early days regarding its adoption by
organizations, especially the large companies. This study aims to investigate the
practical applications of the Kerberos protocol for authentication of enterprise
applications deployed in the cloud, looking from both the f unctional and security
perspective. To achieve this goal, it will be necessary to evaluate its applicability to the
Cloud and assess whether it keeps the security characteristics found when using it only
inside the corporate network.O protocolo de autenticação Kerberos apresenta uma maturidade de
aproximadamente trinta anos, sendo amplamente utilizado nos sistemas de TI no meio
corporativo, principalmente devido à sua adopção pela Microsoft nos seus sistemas
operativos. Por outro lado, a aplicação prática dos conceitos de computação na nuvem
encontra-se nos seus primeiros passos no que diz respeito à adopção pelas empresas,
principalmente as de grande porte. Este estudo propõe-se a investigar as
possibilidades práticas do protocolo Kerberos para autenticação de aplicações
corporativas implementadas na nuvem, do ponto de vista funcional e de segurança.
Para alcançar esse objectivo, será necessário avaliar sua aplicabilidade à nuvem e
fazer um levantamento para validar se o protocolo mantêm as características de
segurança encontrada quando utilizado somente na rede corporativa
Formal Analysis of the Kerberos Authentication System
The Gurevich's Abstract State Machine formalism is used to specify the well known Kerberos Authentication System based on the Needham-Schroeder authentication protocol. A complete model of the system is reached through stepwise refinements of ASMs, and is used as a basis both to discover the minimum assumptions to guarantee the correctness of the system and to analyse its security weaknesses. Each refined model comes together with a correctness refinement theorem