Soft Constraints for Security

  • Authors:
  • Giampaolo Bella;Stefano Bistarelli;Simon N. Foley

  • Affiliations:
  • Dipartimento di Matematica e Informatica, Università di Catania, Italy;Dipartimento di Scienze, Universitá degli Studi “G. D'Annunzio”, Pescara, Italy and Istituto di Informatica e Telematica, C.N.R., Pisa, Italy;Department of Computer Science, University College Cork, Ireland

  • Venue:
  • Electronic Notes in Theoretical Computer Science (ENTCS)
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Integrity policies and cryptographic protocols have much in common. They allow for a number of participating principals, and consist of sets of rules controlling the actions that principals should or should not perform. They are intended to uphold various security properties, the crucial ones being integrity, confidentiality and authentication. This paper takes a unified view to the analysis of integrity policies and cryptographic protocols: they are artifacts that must be designed to be sufficiently robust to attack given an understood threat model. For example, integrity policy rules provide resilience to the threat of internal fraud, while cryptographic protocols provide resilience to the threat of replay and related attacks. The framework is modelled using (soft) constraints and analysis corresponds to the soft constraint satisfaction problem. Soft constraints facilitate a quantitative approach to analyzing integrity, confidentiality and authentication. Examples will be given: an integrity policy may achieve different levels of integrity under different circumstances; a protocol message may enjoy different levels of confidentiality for different principals; a principal can achieve different levels of authentication with different principals.