The information security community has long debated the exact definition of the term `security'. Even if we focus on the more modest notion of confidentiality the precise def...
The combination of two security protocols, a simple shared-key communication protocol and the Di e-Hellman key distribution protocol, is modeled formally and proved correct. The m...
The term "intransitive noninterference" refers to the information flow properties required of systems like downgraders, in which it may be legitimate for information to ...
Belief-logic deductions are used in the analysis of cryptographic protocols. We show a new method to decide such logics. In addition to the familiar BAN logic, it is also applicab...
We use a compositional framework to model security architectures involving heterogeneous and distributed security functions. Our goal is to assist the ITSEC evaluation of suitabil...
Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the "Dolev-Yao model." In this paper, we use a multiset re...
Iliano Cervesato, Nancy A. Durgin, Patrick Lincoln...
If sensitive information is to be included in a shared web, access controls will be required. However, the complex software needed to provide a web service is prone to failure. To...
This paper focuses on the provision of a nonrepudiation service for CORBA. The current OMG specification of a CORBA non-repudiation service forces the programmer to augment the ap...
Michael Wichert, David B. Ingham, Steve J. Caughey