A Specification and Verification Method for Preventing Denial of Service
IEEE Transactions on Software Engineering
Conditional rewriting logic as a unified model of concurrency
Selected papers of the Second Workshop on Concurrency and compositionality
Semantic Models for Distributed Object Reflection
ECOOP '02 Proceedings of the 16th European Conference on Object-Oriented Programming
Proceedings of the Conference on Logic of Programs
A Meta-Notation for Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
A Formal Framework and Evaluation Method for Network Denial of Service
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
A compositional logic for proving security properties of protocols
Journal of Computer Security - Special issue on CSFW14
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
Game-Based Analysis of Denial-of-Service Prevention Protocols
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
A modular correctness proof of IEEE 802.11i and TLS
Proceedings of the 12th ACM conference on Computer and communications security
A rewriting-based inference system for the NRL protocol analyzer: grammar generation
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
A derivation system and compositional logic for security protocols
Journal of Computer Security
Security Analysis of Voice-over-IP Protocols
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Reasoning about Concurrency for Security Tunnels
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Stable availability under denial of service attacks through formal patterns
FASE'12 Proceedings of the 15th international conference on Fundamental Approaches to Software Engineering
Design and analysis of cloud-based architectures with KLAIM and maude
WRLA'12 Proceedings of the 9th international conference on Rewriting Logic and Its Applications
Taming distributed system complexity through formal patterns
Science of Computer Programming
| Hi-index | 0.00 |
Current research on verifying security properties of communication protocols has focused on proving integrity and confidentiality using models that include a strong Man-in-the-Middle (MitM) threat. By contrast, protection measures against Denial-of-Service (DoS) must assume a weaker model in which an adversary has only limited ability to interfere with network communications. In this paper we demonstrate a modular reasoning framework in which a protocol $\mathcal{P}$ that satisfies certain security properties can be assured to retain these properties after it is "wrapped" in a protocol $\mathcal{W}[\mathcal{P}]$ that adds DoS protection. This modular wrapping is based on the "onion skin" model of actor reflection. In particular, we show how a common DoS protection mechanism based on cookies can be applied to a protocol while provably preserving safety properties (including confidentiality and integrity) that it was shown to have in a MitM threat model.