Automated analysis of timed security: a case study on web privacy

Authors:
Roberto Gorrieri;Ruggero Lanotte;Andrea Maggiolo-Schettini;Fabio Martinelli;Simone Tini;Enrico Tronci
Affiliations:
Università di Bologna, Dipartimento di Scienze dell’Informazione, Mura Anteo Zamboni 7, 40127, Bologna, Italy;Università dell’Insubria, Dipartimento di Scienze della Cultura, Politiche e dell’Informazione, Via Valleggio 11, 22100, Como, Italy;Università di Pisa, Dipartimento di Informatica, Via Buonarroti 2, 56127, Pisa, Italy;C.N.R. di Pisa, Istituto di Informatica e Telematica, Via Giuseppe Moruzzi 1, 56124, Pisa, Italy;Università dell’Insubria, Dipartimento di Scienze della Cultura, Politiche e dell’Informazione, Via Valleggio 11, 22100, Como, Italy;Università di Roma “La Sapienza”, Dipartimento di Informatica, Via Salaria 113, 00198, Roma, Italy
Venue:
International Journal of Information Security - Special issue on security in global computing
Year:
2004

Citing 0
Cited 3

Information flow in hybrid systems

ACM Transactions on Embedded Computing Systems (TECS)
Automated Synthesis of Enforcing Mechanisms for Security Properties in a Timed Setting

Electronic Notes in Theoretical Computer Science (ENTCS)
Synthesis of web services orchestrators in a timed setting

WS-FM'07 Proceedings of the 4th international conference on Web services and formal methods

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a case study on an automated analysis of real-time security models. The case study on a web system (originally proposed by Felten and Schneider) is presented that shows a timing attack on the privacy of browser users. Three different approaches are followed: LH-Timed Automata (analyzed using the model checker HyTech), finite-state automata (analyzed using the model checker NuSMV), and process algebras (analyzed using the model checker CWB-NC ). A comparative analysis of these three approaches is given.