The Interrogator: Protocol Secuity Analysis
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
ACM Transactions on Computer Systems (TOCS)
Design and validation of computer protocols
Design and validation of computer protocols
Verifying security protocols with Brutus
ACM Transactions on Software Engineering and Methodology (TOSEM)
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Finite-state analysis of two contract signing protocols
Theoretical Computer Science
The Logic of Authentication Protocols
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Formal Verification of Cryptographic Protocols: A Survey
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
PayWord and MicroMint: Two Simple Micropayment Schemes
Proceedings of the International Workshop on Security Protocols
Modelling and verifying key-exchange protocols using CSP and FDR
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Casper: A Compiler for the Analysis of Security Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Towards a Completeness Result for Model Checking of Security Protocols
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Feasibility of Multi-Protocol Attacks
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
On the security of public key protocols
IEEE Transactions on Information Theory
An intensive survey of fair non-repudiation protocols
Computer Communications
Information and Software Technology
A new method for formalizing optimistic fair exchange protocols
ICICS'10 Proceedings of the 12th international conference on Information and communications security
A formally verified mechanism for countering SPIT
CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
Hi-index | 0.00 |
In existing security model-checkers the intruder's behavior is defined as a message deducibility rule base governing use of eavesdropped information, with the aim to find out a message that is meant to be secret or to generate messages that impersonate some protocol participant(s). The advent of complex protocols like those used in e-commerce brings to the foreground intrusion attacks that are not always attributed to failures of secrecy or authentication. We introduce an intruder model that provides an open-ended base for the integration of multiple attack tactics. In our model checking approach, protocol correctness is checked by appropriate user-supplied assertions or reachability of invalid end states. Thus, the analyst can express e-commerce security guarantees that are not restricted to the absence of secrecy and the absence of authentication failures. The described intruder model was implemented within the SPIN model-checker and revealed an integrity violation attack on the Pay Word micro payment protocol.