Formal Verification of Type Flaw Attacks in Security Protocols

Authors:
Benjamin W. Long
Affiliations:
-
Venue:
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Year:
2003

Citing 0
Cited 3

Chosen-name Attacks: An Overlooked Class of Type-flaw Attacks

Electronic Notes in Theoretical Computer Science (ENTCS)
Deciding recognizability under Dolev-Yao intruder model

ISC'10 Proceedings of the 13th international conference on Information security
Formal verification of a type flaw attack on a security protocol using object-z

ZB'05 Proceedings of the 4th international conference on Formal Specification and Development in Z and B

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security protocols are often modelled at a high levelof abstraction, potentially overlooking implementation-dependentvulnerabilities. Here we use the Z specificationlanguage's rich set of data structures to formally model potentiallyambiguous messages that may be exploited in a'type flaw' attack. We then show how to formally verifywhether or not such an attack is actually possible in a particularprotocol using Z's schema calculus.