Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Theoretical Computer Science
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
Cryptographic Security for Mobile Code
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Access control for mobile agents: The calculus of boxed ambients
ACM Transactions on Programming Languages and Systems (TOPLAS)
Theoretical Computer Science - Special issue: Foundations of wide area network computing
Symbolic protocol analysis for monoidal equational theories
Information and Computation
Bounding messages for free in security protocols
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Browser model for security analysis of browser-based protocols
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
We present a new technique for analyzing platforms that execute potentially malicious code, such as web-browsers, mobile phones, or virtualized infrastructures. Rather than analyzing given code, we ask what code an intruder could create to break a security goal of the platform. To avoid searching the infinite space of programs that the intruder could come up with (given some initial knowledge) we adapt the lazy intruder technique from protocol verification: the code is initially just a process variable that is getting instantiated in a demand-driven way during its execution. We also take into account that by communication, the malicious code can learn new information that it can use in subsequent operations, or that we may have several pieces of malicious code that can exchange information if they "meet". To formalize both the platform and the malicious code we use the mobile ambient calculus, since it provides a small, abstract formalism that models the essence of mobile code. We provide a decision procedure for security against arbitrary intruder processes when the honest processes can only perform a bounded number of steps and without path constraints in communication. We show that this problem is NP-complete.