5,709 research outputs found
Lengths May Break Privacy â Or How to Check for Equivalences with Length
Security protocols have been successfully analyzed using symbolic models, where messages are represented by terms and protocols by processes. Privacy properties like anonymity or untraceability are typically expressed as equivalence between processes. While some decision procedures have been proposed for automatically deciding process equivalence, all existing approaches abstract away the information an attacker may get when observing the length of messages.
In this paper, we study process equivalence with length tests. We first show that, in the static case, almost all existing decidability results (for static equivalence) can be extended to cope with length tests.
In the active case, we prove decidability of trace equivalence with length tests, for a bounded number of sessions and for standard primitives. Our result relies on a previous decidability result from Cheval et al (without length tests). Our procedure has been implemented and we have discovered a new flaw against privacy in the biometric passport protocol
Spectral evolution of the SU(4) Kondo effect from the single impurity to the two-dimensional lattice
We describe the evolution of the SU(4) Kondo effect as the number of magnetic
centers increases from one impurity to the two-dimensional (2D) lattice. We
derive a Hubbard-Anderson model which describes a 2D array of atoms or
molecules with two-fold orbital degeneracy, acting as magnetic impurities and
interacting with a metallic host. We calculate the differential conductance,
observed typically in experiments of scanning tunneling spectroscopy, for
different arrangements of impurities on a metallic surface: a single impurity,
a periodic square lattice, and several sites of a rectangular cluster. Our
results point towards the crucial importance of the orbital degeneracy and
agree well with recent experiments in different systems of iron(II)
phtalocyanine molecules deposited on top of Au(111) [N. Tsukahara et al., Phys.
Rev. Lett. 106, 187201 (2011)], indicating that this would be the first
experimental realization of an artificial 2D SU(4) Kondo-lattice system.Comment: 17 pages, 4 figures. New version contains an Appendix with details of
the derivation of the Hamiltonian Eq.(2), derivation of the slave-boson
mean-field equations, and an estimation of the upper bounds of the RKKY
interactio
On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals
The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible
A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)
Web applications require access to the file-system for many different tasks.
When analyzing the security of a web application, secu- rity analysts should
thus consider the impact that file-system operations have on the security of
the whole application. Moreover, the analysis should take into consideration
how file-system vulnerabilities might in- teract with other vulnerabilities
leading an attacker to breach into the web application. In this paper, we first
propose a classification of file- system vulnerabilities, and then, based on
this classification, we present a formal approach that allows one to exploit
file-system vulnerabilities. We give a formal representation of web
applications, databases and file- systems, and show how to reason about
file-system vulnerabilities. We also show how to combine file-system
vulnerabilities and SQL-Injection vulnerabilities for the identification of
complex, multi-stage attacks. We have developed an automatic tool that
implements our approach and we show its efficiency by discussing several
real-world case studies, which are witness to the fact that our tool can
generate, and exploit, complex attacks that, to the best of our knowledge, no
other state-of-the-art-tool for the security of web applications can find
A reduced semantics for deciding trace equivalence using constraint systems
Many privacy-type properties of security protocols can be modelled using
trace equivalence properties in suitable process algebras. It has been shown
that such properties can be decided for interesting classes of finite processes
(i.e., without replication) by means of symbolic execution and constraint
solving. However, this does not suffice to obtain practical tools. Current
prototypes suffer from a classical combinatorial explosion problem caused by
the exploration of many interleavings in the behaviour of processes.
M\"odersheim et al. have tackled this problem for reachability properties using
partial order reduction techniques. We revisit their work, generalize it and
adapt it for equivalence checking. We obtain an optimization in the form of a
reduced symbolic semantics that eliminates redundant interleavings on the fly.Comment: Accepted for publication at POST'1
- âŠ