ACM Transactions on Computer Systems (TOCS)
A semantics for a logic of authentication (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
An automatic search for security flaws in key management schemes
Computers and Security
Communications of the ACM
A Machine-Oriented Logic Based on the Resolution Principle
Journal of the ACM (JACM)
Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Casper: A Compiler for the Analysis of Security Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
On Unifying Some Cryptographic Protocol Logics
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Automatically deriving information-theoretic bounds for adaptive side-channel attacks
Journal of Computer Security
An introduction to security API analysis
Foundations of security analysis and design VI
Hi-index | 0.00 |
We argue that formal analysis tools for security protocols are not achieving their full potential, and give only limited aid to designers of more complex modern protocols, protocols in constrained environments, and security APIs. We believe that typical assumptions such as perfect encryption can and must be relaxed, while other threats, including the partial leakage of information, must be considered if formal tools are to continue to be useful and gain widespread, real world utilisation. Using simple example protocols, we illustrate a number of attacks that are vital to avoid in security API design, but that have yet to be modelled using a formal analysis tool. We seek to extract the basic ideas behind these attacks and package them into a wish list of functionality for future research and tool development.