Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
AMAST
2008
Springer
2008
Springer
A Formal Analysis of Complex Type Flaw Attacks on Security Protocols
A simple type confusion attack occurs in a security protocol, when a principal interprets data of one type as data of another. These attacks can be successfully prevented by \tagging" types of each
eld of a message. Complex type confusions occur instead when tags can be confused with data and when
elds or sub-segments of
elds may be confused with concatenations of
elds of other types. Capturing these kinds of confusions is not easy in a process calculus setting, where it is generally assumed that messages are correctly interpreted. In this paper, we model in the process calculus LYSA only the misinterpretation due to the confusion of a concatenation of
elds with a single
eld, by extending the notation of one-to-one variable binding to many-to-one binding. We further present a formal way of detecting these possible misinterpretations, based on a Control Flow Analysis for this version of the calculus. The analysis over-approximates all the possible behaviour of a protocol, inc...
Real-time TrafficAMAST 2008 | Complex Type Confusions | Software Engineering | Type Confusion Attack | Type Confusions |
| Added | 12 Oct 2010 |
| Updated | 12 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | AMAST |
| Authors | Han Gao, Chiara Bodei, Pierpaolo Degano |
Comments (0)
Researcher Info
|
