160,133 research outputs found
Heuristic Methods for Security Protocols
Model checking is an automatic verification technique to verify hardware and
software systems. However it suffers from state-space explosion problem. In
this paper we address this problem in the context of cryptographic protocols by
proposing a security property-dependent heuristic. The heuristic weights the
state space by exploiting the security formulae; the weights may then be used
to explore the state space when searching for attacks
Analysis of security protocols as open systems
We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represent a hostile environment wherein the protocol runs and whose behavior cannot be predicted a priori. We define a language for the description of security protocols, namely Crypto-CCS, and a logical language for expressing their properties. We provide an effective verification method for security protocols which is based on a suitable extension of partial model checking. Indeed, we obtain a decidability result for the secrecy analysis of protocols with a finite number of sessions, bounded message size and new nonce generation
Specifying and Verifying Meta-Security by Means of Semantic Web Methods
In order to achieve a systematic treatment of security protocols,
organizations release a number of technical briefings for describing
how security incidents have to be managed. These documents can suffer
semantic deficiencies, mainly due to ambiguity or different granularity
levels of description and analysis. Ontological Engineering (OE) is a
powerful instrument that can be applied for both, cleaning methods and
knowledge in incident protocols, and specifying (meta)security requirements
on protocols for solving security incidents. We also show how the
ontology built from security reports can be used as the knowledge core
for semantic systems in order to work with resolution incidents in a safe
way. The method has been illustrated with a case studyJunta de Andalucía TIC-606
- …