Common cryptographic architecture cryptographic application programming interface
IBM Systems Journal - Special issue on cryptology
Looking on the Bright Side of Black-Box Cryptography (Transcript of Discussion)
Revised Papers from the 8th International Workshop on Security Protocols
The Correctness of Crypto Transaction Sets
Revised Papers from the 8th International Workshop on Security Protocols
The History of Subliminal Channels
Proceedings of the First International Workshop on Information Hiding
Attacks on Cryptoprocessor Transaction Sets
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Blunting Differential Attacks on PIN Processing APIs
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
An introduction to security API analysis
Foundations of security analysis and design VI
Proceedings of the 2nd ACM international conference on High confidence networked systems
| Hi-index | 0.00 |
During the period when Mike and Bruce were looking for position papers for this workshop, I was rather busy because of a court case some of you may have heard about, so I'm going to go over the slides that I gave at Roger Needham's farewell do last month, with some extra material added. The subject is what API security teaches us in the wider world of protocols; so it's about protocol analysis, composability, computation, and the effects in the real world. How do we define a security protocol's world? Well that's changing: in the classic literature there are rules for dealing with information used to verify principals' claims to identity, such as passwords, PINs, crypto keys and timestamps. Now it's expanding to include other claims: such as claims to authorisation, or claims to creditworthiness, or claims to have a particular bank balance available for an electronic payment.