Observation Based System Security

• Autorzy: Gruska D.P.
• Języki publikacji: EN

Abstrakty

EN

A formal model for description of passive and active timing attacks is presented, studied and compared with other security concepts. It is based on a timed process algebra and on a concept of observations which make only a part of system behaviour visible. From this partial information which contains also timing of actions an intruder tries to deduce some private system activities.

Słowa kluczowe

EN

process algebras; timing attack; information flow

• Wydawca: IOS Press
• Czasopismo: Fundamenta Informaticae
• Rocznik: 2007
• Tom: Vol. 79, nr 3-4
• Strony: 335--346
• Opis fizyczny: bibliogr. 23 poz.

Twórcy

autor

Gruska D.P.

• Institute of Informatics Comenius University Bratislava, Mlunska dolina, 842-48 Bratislava, Slovakia,

Bibliografia

• [1.] Bossi A., D.Macedonio, C. Piazza and S. Rossi. Information Flow in Secure Contexts. Journal of Computer Security, Volume 13, Number 3, 2005
• [2.] Bryans J., M. Koutny and P. Ryan: Modelling non-deducibility using Petri Nets. Proc. of the 2nd International Workshop on Security Issues with Petri Nets and other ComputationalModels, 2004.
• [3.] Bryans J., M. Koutny, L. Mazare and P. Ryan: Opacity Generalised to Transition Systems. In Proceedings of the Formal Aspects in Security and Trust, LNCS 3866, Springer, Berlin, 2006
• [4.] Bossi A., R. Focardi, C. Piazza and S. Rossi. Refinement Operators and Information Flow Security. Proc. of SEFM'03, IEEE Computer Society Press, 2003.
• [5.] Busi N. and R. Gorrieri: Positive Non-interference in Elementary and Trace Nets. Proc. of Application and Theory of Petri Nets 2004, LNCS 3099, Springer, Berlin, 2004.
• [6.] Dhem J.-F., F. Koeune, P.-A. Leroux, P. Mestre, J.-J. Quisquater and J.-L. Willems: A practical implementation of the timing attack. Proc. of the Third Working Conference on Smart Card Research and Advanced Applications (CARDIS 1998), LNCS 1820, Springer, Berlin, 1998.
• [7.] Felten, E.W., andM.A. Schneider: Timing attacks on web privacy. Proc. 7th ACMConference on Computer and Communications Security, 2000.
• [8.] Focardi, R. and R. Gorrieri: Classification of security properties. Part I: Information Flow. Foundations of Security Analysis and Design, LNCS 2171, Springer, Berlin, 2001.
• [9.] Focardi, R., R. Gorrieri, and F. Martinelli: Information flow analysis in a discrete-time process algebra. Proc. 13th Computer Security FoundationWorkshop, IEEE Computer Society Press, 2000.
• [10.] Focardi, R., R. Gorrieri, and F. Martinelli: Real-Time information flow analysis. IEEE Journal on Selected Areas in Communications 21 (2003).
• [11.] Focardi, R. and S. Rossi: Information flow security in Dynamic Contexts. Proc. of the IEEE Computer Security FoundationsWorkshop, 307-319, IEEE Computer Society Press, 2002.
• [12.] Gorrieri R. and F. Martinelli: A simple framework for real-time cryptographic protocol analysis with compositional proof rules. Science of Computer Programing, 50(1-3), 2004.
• [13.] Goguen J.A. and J.Meseguer: Security Policies and SecurityModels. Proc. of IEEE Symposiumon Security and Privacy, 1982.
• [14.] Groote, J. F.: "Transition Systems Specification with Negative Premises". Baeten, J.C.M. and Klop, J.W. (eds.), CONCUR'90, Springer Verlag, Berlin, LNCS 458, 1990.
• [15.] Gruska D.P.: Information-FlowAttacks Based on Limited Observations. in Proc. of PSI'06, SpringerVerlag, LNCS 4378, Berlin, 2006.
• [16.] Gruska D.P.: Information-Flow Security for Restricted Attackers. in Proc. of 8th International Symposium on Systems and Information Security Sao Jose dos Campos, 2006
• [17.] Gruska D.P.: Information Flow in Timing Attacks. Proceedings CS&P'04, 2004.
• [18.] Gruska D.P. and A. Maggiolo-Schettini: Process algebra for network communication. Fundamenta Informaticae 45(2001).
• [19.] Gruska, D., Maggiolo-Schettini, A.: Nested Timing Attacks, Proceedings FAST 2003, 2003.
• [20.] Handschuh H. and HowardM. Heys: A timing attack on RC5. Proc. Selected Areas in Cryptography, LNCS 1556, Springer, Berlin, 1999.
• [21.] Kocher P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. Proc. Advances in Cryptology - CRYPTO'96, LNCS 1109, Springer, Berlin, 1996.
• [22.] Milner, R.: Communication and concurrency. Prentice-Hall International, New York,1989.
• [23.] Song. D., D.Wagner, and X. Tian: Timing analysis of Keystrokes and SSH timing attacks. Pro.10th USENIX Security Symposium, 2001.