Probabilistic Information Flow Security

• Autorzy: Gruska D.P.
• Języki publikacji: EN

Abstrakty

EN

A formal model for description of probabilistic timing attacks is presented and studied. It is based on a probabilistic timed process algebra, on observations (mappings which make visible only a part of system behavior) and on an information flow. The resulting security properties are studied and compared with other security concepts.

Słowa kluczowe

EN

probabilistic timed process algebras; timing attack; information flow; opacity; security

• Wydawca: IOS Press
• Czasopismo: Fundamenta Informaticae
• Rocznik: 2008
• Tom: Vol. 85, nr 1-4
• Strony: 173--187
• Opis fizyczny: bibliogr. 28 poz.

Twórcy

autor

Gruska D.P.

• Institute of Informatics Comenius University Bratislava, Mlynska dolina, 842-48 Bratislava, Slovakia,

Bibliografia

• [1] Aldini A., M. Bravetti and R. Gorrieri: A process-algebraic approach for the analysis of probabilistic noninterference, Journal of Computer Security archive Volume 12 , Issue 2, April, 2004.
• [2] Bossi A., D. Macedonio, C. Piazza and S. Rossi. Information Flow in Secure Contexts. Journal of Computer Security, Volume 13, Number 3, 2005
• [3] Bryans J., M. Koutny and P. Ryan: Modelling non-deducibility using Petri Nets. Proc. of the 2nd InternationalWorkshop on Security Issues with Petri Nets and other ComputationalModels, 2004.
• [4] Bryans J., M. Koutny, L. Mazare and P. Ryan: Opacity Generalised to Transition Systems. In Proceedings of the Formal Aspects in Security and Trust, LNCS 3866, Springer, Berlin, 2006
• [5] Bossi A., R. Focardi, C. Piazza and S. Rossi. Refinement Operators and Information Flow Security. Proc. of SEFM'03, IEEE Computer Society Press, 2003.
• [6] Busi N. and R. Gorrieri: Positive Non-interference in Elementary and Trace Nets. Proc. of Application and Theory of Petri Nets 2004, LNCS 3099, Springer, Berlin, 2004.
• [7] Dhem J.-F., F. Koeune, P.-A. Leroux, P. Mestre, J.-J. Quisquater and J.-L. Willems: A practical implementation of the timing attack. Proc. of the Third Working Conference on Smart Card Research and Advanced Applications (CARDIS 1998), LNCS 1820, Springer, Berlin, 1998.
• [8] Felten, E.W., and M.A. Schneider: Timing attacks on web privacy. Proc. 7th ACM Conference on Computer and Communications Security, 2000.
• [9] Focardi, R. and R. Gorrieri: Classification of security properties. Part I: Information Flow. Foundations of Security Analysis and Design, LNCS 2171, Springer, Berlin, 2001.
• [10] Focardi, R., R. Gorrieri, and F. Martinelli: Information flow analysis in a discrete-time process algebra. Proc. 13th Computer Security FoundationWorkshop, IEEE Computer Society Press, 2000.
• [11] Focardi, R., R. Gorrieri, and F. Martinelli: Real-Time information flow analysis. IEEE Journal on Selected Areas in Communications 21 (2003).
• [12] Focardi, R. and S. Rossi: Information flow security in Dynamic Contexts. Proc. of the IEEE Computer Security FoundationsWorkshop, 307-319, IEEE Computer Society Press, 2002.
• [13] Glabbeek R. J. van, S. A. Smolka and B. Steffen: Reactive, Generative and Stratified Models of Probabilistic Processes Inf. Comput. 121(1): 59-80, 1995
• [14] Gorrieri R. and F. Martinelli: A simple framework for real-time cryptographic protocol analysis with compositional proof rules. to appear at Science of Computer Programing.
• [15] Goguen J.A. and J. Meseguer: Security Policies and Security Models. Proc. of IEEE Symposium on Security and Privacy, 1982.
• [16] Gruska D.P.: Observation Based System Security. Fundamenta Informaticae, vol 79, Numbers 3-4, 2007
• [17] Gruska D.P.: Information-Flow Attacks Based on Limited Observations. in Proc. of PSI'06, Springer Verlag, LNCS 4378, Berlin, 2007.
• [18] Gruska D.P.: Information-Flow Security for Restricted Attackers. in Proc. of 8th International Symposium on Systems and Information Security, Sao Jose dos Campos, 2006
• [19] Gruska D.P.: Network Information Flow, Fundamenta Informaticae, Volume 72, Numbers 1-3, pp 167-180, 2006
• [20] Gruska D.P.: Information Flow in Timing Attacks. Proceedings CS&P'04, 2004.
• [21] Gruska D.P. and A. Maggiolo-Schettini: Process algebra for network communication. Fundamenta Informaticae 45(2001).
• [22] Handschuh H. and Howard M. Heys: A timing attack on RC5. Proc. Selected Areas in Cryptography, LNCS 1556, Springer, Berlin, 1999.
• [23] Hansson, H. a B. Jonsson: A Calculus for Communicating Systems with Time and Probabilities. In Proceedings of 11th IEEE Real - Time Systems Symposium, Orlando, 1990.
• [24] Kocher P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. Proc. Advances in Cryptology - CRYPTO'96, LNCS 1109, Springer, Berlin, 1996.
• [25] López N. and Núñez: An Overview of Probabilistic Process Algebras and their Equivalences. In Validation of Stochastic Systems, LNCS 2925, Springer-Verlag, Berlin, 2004
• [26] Lanotte R., A. Maggiolo-Schettini and A. Troina: A Classification of Time and/or Probability Dependent Security Properties. Electr. Notes Theor. Comput. Sci. 153(2): 177-193 (2006)
• [27] Segala R. and N. Lynch: Probabilistic Simulations for Probabilistic Processes. Nord. J. Comput. 2(2): 250-273, 1995
• [28] Song. D., D. Wagner, and X. Tian: Timing analysis of Keystrokes and SSH timing attacks. Pro.10th USENIX Security Symposium, 2001.