Detecting and Preventing Type flaws: a Control Flow Analysis with Tags

被引：3

作者：

Bodei, Chiara ^{[1
]}

Degano, Pierpaolo ^{[1
]}

Gao, Han ^{[2
]}

Brodo, Linda ^{[3
]}

机构：

[1] Univ Pisa, Dipartimento Informat, Via Pontecorvo, I-56127 Pisa, Italy

[2] Tech Univ Denmark, Informat & Math Modelling, DK-2800 Lyngby, Denmark

[3] Univ Sassari, Dipartimento Scienze Linguaggi, I-07100 Sassari, Italy

来源：

ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE | 2007年 / 194卷 / 01期

关键词：

Security Protocol; Control Flow Analysis; Type Flaw Attacks;

D O I：

10.1016/j.entcs.2007.09.010

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

A type flaw attack on a security protocol is an attack where an honest principal is cheated on interpreting a field in a message as the one with a type other than the intended one. In this paper, we shall present an extension of the LySa calculus with tags attached to each field, indicating the intended types. We developed a control flow analysis for analysing the extended LySa, which over-approximates all the possible behaviour of a protocol and hence is able to capture any type confusion that may happen during the protocol execution. The control flow analysis has been applied to a number of security protocols, either subject to type flaw attacks or not. The results show that it is able to capture type flaw attacks on those security protocols.

引用

页码：3 / 22

页数：20

共 50 条

[1] Detecting and preventing type flaws at static time
Bodei, Chiara
Brodo, Linda
Degano, Pierpaolo
Gao, Han
[J]. JOURNAL OF COMPUTER SECURITY, 2010, 18 (02) : 229 - 264
[2] Preventing, Detecting, and Revising Flaws in Object Property Expressions
Keet, C. Maria
[J]. JOURNAL ON DATA SEMANTICS, 2014, 3 (03) : 189 - 206
[3] Detecting flaws and intruders with visual data analysis
Teoh, ST
Ma, KL
Wu, SF
Jankun-Kelly, TJ
[J]. IEEE COMPUTER GRAPHICS AND APPLICATIONS, 2004, 24 (05) : 27 - 35
[4] Detecting design flaws in control systems using optimisation methods
Bostrom, Pontus
Bjorkqvist, Jerker
[J]. 2006 IEEE CONFERENCE ON COMPUTER-AIDED CONTROL SYSTEM DESIGN, VOLS 1 AND 2, 2006, : 330 - +
[5] Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis
Tuma, Katja
Balliu, Musard
Scandariato, Riccardo
[J]. 2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE (ICSA), 2019, : 191 - 200
[6] Using type qualifiers to analyze untrusted integers and detecting security flaws in C programs
Ceesay, Ebrima N.
Zhou, Jingmin
Gertz, Michael
Levitt, Karl
Bishop, Matt
[J]. DETECTION OF INTRUSIONS AND MALWARE & VULNERABILITY ASSESSMENT, PROCEEDINGS, 2006, 4064 : 1 - 16
[7] ACOUSTIC SIGNATURE ANALYSIS AND TIME DOMAIN TECHNIQUES FOR DETECTING FLAWS IN ROTATING MACHINERY
BRAUN, SG
[J]. IEEE TRANSACTIONS ON SONICS AND ULTRASONICS, 1979, 26 (02): : 147 - 147
[8] Automatically Detecting Variability Bugs Through Hybrid Control and Data Flow Analysis
Kaoudis, Kelly
Brodin, Henrik
Sultanik, Evan
[J]. 2023 IEEE SECURITY AND PRIVACY WORKSHOPS, SPW, 2023, : 187 - 197
[9] Topological sensitivity analysis for the location of small flaws in Stokes flow
Ben Abda, A.
Hassine, M.
Jaoua, M.
Masmoudi, M.
[J]. 49TH IEEE CONFERENCE ON DECISION AND CONTROL (CDC), 2010, : 1860 - 1865
[10] A method for detecting the theft of Java']Java programs through analysis of the control flow information
Lim, Hyun-il
Park, Heewan
Choi, Seokwoo
Han, Taisook
[J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2009, 51 (09) : 1338 - 1350

← 1 2 3 4 5 →