Sciweavers

COMPSAC
2009
IEEE

SN2K Attacks and Honest Services

14 years 7 months ago
SN2K Attacks and Honest Services
—In this paper, we define and illustrate a new form of attack in the context of software services: the software-based need-to-know (SN2K) attack. SN2K attacks can be carried out by dishonest provider of a software service so that it can maliciously gain access to sensitive information, even if the service does not need to know such data in order to compute the functionalities offered by it. We prove that it is generally undecidable to detect whether a given implementation of a service is dishonest, i.e., it implements an SN2K attack. A certification scheme for honest services is also proposed; our scheme relies on program slicing and certain other aspects of static program analysis.
Ashish Kundu
Added 20 May 2010
Updated 20 May 2010
Type Conference
Year 2009
Where COMPSAC
Authors Ashish Kundu
Comments (0)