Analysing PKCS#11 Key Management APIs with Unbounded Fresh Data
Foundations and Applications of Security Analysis
Integrity of intention (a theory of types for security APIs)
Information Security Tech. Report
Attacking and fixing PKCS#11 security tokens
Proceedings of the 17th ACM conference on Computer and communications security
Formal security analysis of PKCS#11 and proprietary extensions
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Reasoning with past to prove PKCS#11 keys secure
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Type-Based analysis of PKCS#11 key management
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Type-based analysis of key management in PKCS#11 cryptographic devices
Journal of Computer Security - Security and Trust Principles
Hi-index | 0.00 |
We have recently put forward several ideas of how to specify, model, and verify security APIs centered around the slogan ‘security APIs are also like programs' and first-order linear time logic extended by past operators. We have developed these ideas based on an investigation of PKCS #11, a standard widely adopted in industry, and presented preliminary results at FAST'10. In this paper, we present several novel results about PKCS #11 that we have obtained based on the full implementation of this approach. In particular, this concerns an analysis of the ‘wrap with trusted feature', a full analysis of which has been out of reach for the previous models. At the same time we provide concepts and terminology that connect to Bond and Clulow's ‘Types of Intention' and devise an informal method of configuring and understanding PKCS #11.