Formal Methods in Security Protocols Analysis

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Formal Methods in Security Protocols Analysis"

Transcription

1 Formal Methods in Security Protocols Analysis Li Zhiwei Aidong Lu Weichao Wang Department of Computer Science Department of Software and Information Systems University of North Carolina at Charlotte

2 Big Picture Biggest Problem - rapid growth of interconnectivity - opens doors to cyber attacks Best tool - security mechanisms - security protocols play an essential role Full Control Insecure network Therefore Therefore future improvements depend highly on our ability to analyse security protocols

3 This talk is about Network security protocols Become a central concern And formal methods for their security analysis Security proof in some model; or Identify attacks

4 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

5 Security Protocol Security Protocols use cryptographic primitives as building blocks to achieve security goals such as authentication, confidentiality, and integrity. consists of a set of rules which determine the exchange of messages between two or more participants. Protocol steps n : A B : M A sends M to B according to the n th protocol step. A, B principals, M message

6 Security Protocol Security Protocol Program distributed over network Use cryptography to achieve goal Attacker Read, intercept, replace messages, and remember their contents Correctness Attacker cannot learn protected secret or cause incorrect protocol completion

7 A Simple Protocol { A, N A } K B { N A, N B } K A A { N B } K B B K B = pk(b), K B -1 = sk(b) K A = pk(a), K A -1 = sk(a) Needham-Schroeder Public Key Protocol

8 Run of a protocol A Initiate Respond B Attacker C D Correct if no security violation in any run

9 Many other security protocols Challenge-response ISO ,2,3; Needham-Schroeder, Authentication Kerberos Key Exchange SSL handshake, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP, i Electronic commerce Contract signing, SET, electronic cash,

10 Motivation Why do we need security protocol analysis even after we constructed security protocols with so much care? Error-prone Security protocols are intricate and attackers are powerful Non-optimal may contain unnecessary operations

11 Examples of protocol flaws IKE [Meadows; 1999] Reflection attack; fix adopted by IETF WG IEEE i [He, Mitchell; 2004] DoS attack; fix adopted by IEEE WG GDOI [Meadows, Pavlovic; 2004] Composition attack; fix adopted by IETF WG Kerberos V5 [Scedrov et al; 2005] Identity misbinding attack; fix adopted by IETF WG How to addresses these shortcomings.

12 the answer is. use automatic verification approach to analysis security protocol Good domain for formal methods Active research area since early 80 s

13 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

14 Central Problems 1 2 Identify security Model system properties Protocol Property See if properties are preserved under attack 4 Analysis Tool Security proof or attack Answer: the protocol is correct or not Attacker model 3 Model adversary

15 Security Analysis Methodology Security Properties authentication,secrecy,etc Analysis Tool Formal Methods Security proof or attack Answer the protocol is correct or not Security Protocols NS,Kerberos,etc. Attacker Model Complete control over network Perfect crypto 1 Specifies the security protocols to be verified as input 2 Specifies the desired security properties as requirement 3 Use Attacker Model to model adversary 4 The protocol analysis tool analyzes the input protocols using formal methods See if the security properties are preserved under attack 5 Output the result: the procol is flawed or it is correct

16 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

17 Four Stanford approaches Finite-state analysis Case studies: find errors, debug specifications Symbolic execution model: Multiset rewriting Identify basic assumptions Study optimizations, prove correctness Complexity results Process calculus with probability and complexity More realistic intruder model Interaction between protocol and cryptography Equational specification and reasoning methods Protocol logic Axiomatic system for modular proofs of protocol properties

18 Some other projects and tools Exhaustive finite-state analysis FDR, based on CSP Search using symbolic representation of states Meadows: NRL Analyzer, Millen: Interrogator Prove protocol correct Paulson s Inductive method, others in HOL, PVS, MITRE -- Strand spaces Process calculus approach: Abadi-Gordon spicalculus, applied pi-calculus, Type-checking method: Gordon and Jeffreys, Many more this is just a small sample

19 Protocol Analysis Techniques Security Protocol Analysis Formal Models Dolev-Yao (perfect cryptography) Cryptographic Models Model Checking Protocol Logics Process Calculi Theorem Proving Probabilistic Interactive TM Probabilistic process calculi Probabilistic I/O automata FDR, Murphi, Athena, NRL, Brutus, OFMC BAN, PCL Spi-calculus, Applied π-calculus Inductive Method, Automating BAN, TAPS, Automating PCL Bug Finding Correctness Proofs

20 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

21 The Athena aims to provide a method to: generates a proof if the protocol is actually RIGHT generates a counterexample if the protocol is actually WRONG

22 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

23 Strand Space Model Answer Problem 1: Specifies the security protocols model security protocols and their execution graphical representation of execution Simple and intuitive A suitable framework for... formal specifications of security properties... proving correctness of protocols Thayer, Herzog, Guttman [THG98]

24 Defining Strand Spaces Message: ground term in free algebra Strand: sequence of nodes Node is labeled with +/- message Bundle: causal partial ordering of nodes in strands strand space:is a collection of strands Example: (The global view) { A, N A } K B { N A, N B } K A A { N B } K B B

25 Defining Strand Spaces(cont d) { A, N A } K B KA { N A, N B } B s view of the protocol { A, N A } K B {N B } K B A s view of the protocol { N A, N B } K A {N B } K B + { A, N A } K B -{ N A, N B } K A + {N B } K B Strand represents a sequence of actions (i.e, signed messages ±m) of an instance of a role + means principal sends this message - means principal receives this message A s (trace of his) strand

26 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

27 Security Properties in this Logic Answer Problem 2: Specifies the desired security properties Authentication Secrecy A value v is secret in a strand space S if, for every bundle C that contains S, there does not exist a node n C, such that term(n)=v

28 For NS Authentication The formula that needs to be checked is gamma n 1 : - { A 0, N a0 } K b0 protocol The NS protocol delta n 1 : + { A 0, N a0 } K b0 + { A, N A } K B -{ A, N A } K B n 2 : + { N a0, N b0 } K a0 n 2 : - { N a0, N b0 } K a0 -{ N A, N B } K A + {N A, N B } K A n 3 : - {N b0 } K b0 + {N B } K B, -{N B } K B n 3 : + {N b0 } K b0

29 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

30 The Penetrator Answer Problem 3: Model adversary participates in protocols via penetrator strands reflect the potentials of the penetrator penetrator is able to intercept and create messages (independent of the protocol) read and memorize all (not encrypted) message parts synthesize new messages built from his knowledge

31 The Penetrator Description of the intruder

32 Composing Strands to Bundles Regular strands Penetrator strands Intended protocol Attacker protocol

33 Penetrator s Work An Example Breaking into Needham-Schroeder protocol k A -{ N A, A } Kp + K p -1 -K p -1 Key K + N A, A Decryption D -N A, A -K B Key K + K B Man-in-the-middle attack + {N A, A } KB Encryption E pass messages through to another session A X B

34 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

35 Design of Model Checker Answer Problem 4: See if properties are preserved under attack Verification Algorithm Given a model P, check if it satisfies formula F It turns out to be state search problem

36 Design of Model Checker Verification Algorithm Given a model P, check if it satisfies formula F It turns out to be state search problem If provable Athena If not provable, then counter-example Obtain a formal proof of the protocol Obtain concrete attacks on the protocol Axioms Axioms Counter-example Agreement formula Agreement formula

37 Outline Part I: Overview Motivation Why Security Protocols Analysis? Central problems Security Analysis Methodology Current Analysis Techniques Part II: Athena Alogrithm Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Experiment Results

38 NSPK in Strand Space Model A strand B strand Penetrator strands +{n,a} k b -{n,r} k a -{n,a} k b +{n,r} k a {x} k x k -1 x k +{r} k b -{r} k b {x} k The NS protocol 1. A 2. B 3. A B :{ N A:{ N B :{ N A A B, A}, N } B B B } A Each primitive capability of the attacker is a penetrator strand Same set of attacker strands for every protocol

39 The NS protocol + { A, N A } K -{ A, N A } B K B NS Protocol -{N A, N B } K A + {N A, N B } K A + {N B } K B -{N B } K B Try to discover the flaw in NS Anomaly in NS gamma,delta k A

40 NS Example l 0 =gamma n 1 : - { A 0, N a0 } K b0 unbound goals n 2 : + { N a0, N b0 } K a0 n 3 : - {N b0 } K b0

41 l 1 n 1 : - { A 0, N a0 } K b0 n 2 : + { N a0, N b0 } K a0 E(ncription) n 4 : -K b0 n 5 : - N b0 unbound goals n 3 : - {N b0 } K b0 n 6 : + {N b0 } K b0 3 unbound goals l 0 l 1 (3 unbound goal) l 2 (0 unbound goal) l 2 n 1 : - { A 0, N a0 } K b0 NS n4: + { A0, Na0 }Kb0 n 2 : + { N a0, N b0 } K a0 n 5 : - { N a0, N b0 } K a0 n 3 : - {N b0 } K b0 n 6 : + {N b0 } K b0

42 State Search for Needham-Shroeder l 0 l 1 n 1 : - { A 0, N a0 } K b0 E(ncription) n 4 : -K b0 l 1 (3) l 2 (0) n 2 : + { N a0, N b0 } K a0 n 5 : - N b0 l 3 (2) n 3 : - {N b0 } K b0 n 6 : + {N b0 } K b0 l 4 (3) l 5 (2) l 6 (2) l 2 n 1 : - { A 0, N a0 } K b0 NS n4: + { A0, Na0 }Kb0 l 7 (2) n 2 : + { N a0, N b0 } K a0 n 5 : - { N a0, N b0 } K a0 l 8 (invalid,cycle) n 3 : - {N b0 } K b0 n 6 : + {N b0 } K b0 l 9 (0)

43 l 9 NS gamma E(ncription) n 12 : -K b0 K(ey) n 7 D(ecription) K(ey) n 15 : -K I n 11 n 16 : -{A 0, N a0 } K I NS delta n 18 : + { A 0, N a0 } K b0 n 13 : - A 0, N a0 n 17 : + A 0, N a0 n 1 : - { A 0, N a0 } K b0 n 14 : + {A 0, N a0 } K b0 n 2 : + { N a0, N b0 } K a0 E(ncription) n 4 : -K b0 D(ecription) n 8 : -K I K(ey) n 7 :+K b0 n 9 : -{N b0 } K I K(ey) n 11 : +K I n 19 : - { N a0, N b0 } K a0 n 20 : + {N b0 } K b0 n 5 : - N b0 n 10 : + N b0 n 3 : - {N b0 } K b0 n 6 : + {N b0 } K b0 Search procedure terminate and counter example found!!! Obtain concrete attacks on the protocol Axioms Counter-example : Man-in-the-middle attack gamma delta

44 NSPK Attack +{n,a} k e Anomaly in NS -{n,r} k a k e -1 {n,a} k b +{r} k e {n,a} k b k A +{n,r} k a -{r} k b

45 NSL verification The NSL protocol A B A B :{ N 1 A:{ N B :{ N 1, A} 2, N } B 2 B, B} A

46 Conclusions Practical protocols may contain errors Automated formal methods find bugs that humans overlook Variety of tools Model checking can find errors Proof method can show correctness Athena Closing gap between the model checking and proof method Strand Spaces Model Security Properties Penetrator Strands Design of Model Checker Secrity protocol analysis is a challenge Some subtleties are hard to formalize No absolute security Security means: under given assumptions about system, no attack of a certain form will destroy specified properties.

47 References [THG98] F.Javier Thayer, Jonathan C. Herzog, and Joshua D. Guttman. Strand spaces: Why is a security protocol correct? In Proceedings of 1998 IEEE Symposium on Security and Privacy, [Low96] G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of Lecture Notes in Computer Science, pages Springer-Verlag, [Mil95] J. Millen. The Interrogator model. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, pages IEEE Computer Society Press, [MMS97] J. C. Mitchell, M. Mitchell, and U. Stern. Automated analysis of cryptographic protocols using mur. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, [RN95] Stuart Russell and Peter Norvig. Artificial Intelligence: A Modern Approach. Prentice Hall Series in Artificial Intelligence, [HT96] N. Heintze and J. Tygar. A model for secure protocols and their compositions. IEEE Transactions on Software Engineering, 22(1):16 30, January 1996.

Course organization. Security Analysis of Network Protocols. Cryptographic Protocols. Computer Security. Security Analysis. Correctness vs Security

Course organization. Security Analysis of Network Protocols. Cryptographic Protocols. Computer Security. Security Analysis. Correctness vs Security CS 259 Security Analysis of Network Protocols John Mitchell Stanford Vitaly Shmatikov SRI Course organization Lectures Tues, Thurs for approx first six weeks of quarter Project presentations last three

More information

AUTOMATIC PROTOCOL CREATION FOR INFORMATION SECURITY SYSTEM

AUTOMATIC PROTOCOL CREATION FOR INFORMATION SECURITY SYSTEM AUTOMATIC PROTOCOL CREATION FOR INFORMATION SECURITY SYSTEM Mr. Arjun Kumar arjunsingh@abes.ac.in ABES Engineering College, Ghaziabad Master of Computer Application ABSTRACT Now a days, security is very

More information

Formal Modelling of Network Security Properties (Extended Abstract)

Formal Modelling of Network Security Properties (Extended Abstract) Vol.29 (SecTech 2013), pp.25-29 http://dx.doi.org/10.14257/astl.2013.29.05 Formal Modelling of Network Security Properties (Extended Abstract) Gyesik Lee Hankyong National University, Dept. of Computer

More information

Q: Why security protocols?

Q: Why security protocols? Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:

More information

SECURITY ANALYSIS OF NETWORK PROTOCOLS: COMPOSITIONAL REASONING AND COMPLEXITY-THEORETIC FOUNDATIONS

SECURITY ANALYSIS OF NETWORK PROTOCOLS: COMPOSITIONAL REASONING AND COMPLEXITY-THEORETIC FOUNDATIONS SECURITY ANALYSIS OF NETWORK PROTOCOLS: COMPOSITIONAL REASONING AND COMPLEXITY-THEORETIC FOUNDATIONS A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES

More information

Computational Soundness of Symbolic Security and Implicit Complexity

Computational Soundness of Symbolic Security and Implicit Complexity Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 3-7, 2013 Overview

More information

How to Formally Model Features of Network Security Protocols

How to Formally Model Features of Network Security Protocols , pp.423-432 http://dx.doi.org/10.14257/ijsia How to Formally Model Features of Network Security Protocols Gyesik Lee Dept. of Computer & Web Information Engineering Hankyong National University Anseong-si,

More information

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense

More information

APPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS

APPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS APPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS Catherine Meadows Code 5543 Center for High Assurance Computer Systems US Naval Research Laboratory Washington, DC 20375 meadows@itd.nrl.navy.mil

More information

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting Denis Butin 1 / 37 2 / 37 Introduction Network communication sensitive: banking, private correspondence,

More information

Secure Reactive Systems

Secure Reactive Systems Michael Backes Saarland University, Germany joint work with Birgit Pfitzmann and Michael Waidner Secure Reactive Systems Lecture at Tartu U, 02/27/06 Building Systems on Open Networks E-Government Hospital

More information

CSG 399 Lecture. The Inductive Approach to Protocol Analysis p.1

CSG 399 Lecture. The Inductive Approach to Protocol Analysis p.1 The Inductive Approach to Protocol Analysis CSG 399 Lecture The Inductive Approach to Protocol Analysis p.1 Last Time CSP approach: Model system as a CSP process A specification is a property of traces

More information

Secure Protocol Composition

Secure Protocol Composition Electronic Notes in Theoretical Computer Science 83 (2004) URL: http://www.elsevier.nl/locate/entcs/volume83.html 32 pages Secure Protocol Composition Anupam Datta 1 Ante Derek 1 John C. Mitchell 1 Computer

More information

How to prove security of communication protocols?

How to prove security of communication protocols? 1/37 Introduction on security protocols Modeling Verification Towards cryptographic guarantees How to prove security of communication protocols? Véronique Cortier, LORIA - CNRS, Nancy Colloquium Morgenstern,

More information

Cryptography and Network Security: Summary

Cryptography and Network Security: Summary Cryptography and Network Security: Summary Timo Karvi 12.2013 Timo Karvi () Cryptography and Network Security: Summary 12.2013 1 / 17 Summary of the Requirements for the exam The advices are valid for

More information

An Overview of Common Adversary Models

An Overview of Common Adversary Models An Overview of Common Adversary Karl Palmskog palmskog@kth.se 2012-03-29 Introduction Requirements of Software Systems 1 Functional Correctness: partial, termination, liveness, safety,... 2 Nonfunctional

More information

Discovering Attacks on Security Protocols by Refuting Incorrect Inductive Conjectures

Discovering Attacks on Security Protocols by Refuting Incorrect Inductive Conjectures Discovering Attacks on Security Protocols by Refuting Incorrect Inductive Conjectures Graham J. Steel E H U N I V E R S I T Y T O H F G R E D I N B U Doctor of Philosophy Centre for Intelligent Systems

More information

Formal Methods for Cryptographic Protocol Analysis: Emerging Issues and Trends

Formal Methods for Cryptographic Protocol Analysis: Emerging Issues and Trends FORMA METHODS FOR CRYPTOGRAPHIC PROTOCOL ANALYSIS 1 Formal Methods for Cryptographic Protocol Analysis: Emerging Issues and Trends Catherine Meadows Abstract The history of the application of formal methods

More information

Verifying security protocols using theorem provers

Verifying security protocols using theorem provers 1562 2007 79-86 79 Verifying security protocols using theorem provers Miki Tanaka National Institute of Information and Communications Technology Koganei, Tokyo 184-8795, Japan Email: miki.tanaka@nict.go.jp

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Computer Security. Programming Language Methods in Computer Security. Plan. Orientation. Part I. Personal POPL timeline. How did I get here?

Computer Security. Programming Language Methods in Computer Security. Plan. Orientation. Part I. Personal POPL timeline. How did I get here? Programming Language Methods in Computer Security John Mitchell Stanford University Plan Perspective on computer security Protocol security Protocol examples basic rewriting model Incorporating probability

More information

Is it possible to decide whether a cryptographic protocol is secure or not?

Is it possible to decide whether a cryptographic protocol is secure or not? Is it possible to decide whether a cryptographic protocol is secure or not? Hubert Comon and Vitaly Shmatikov Abstract We consider the so called cryptographic protocols whose aim is to ensure some security

More information

Electronic Voting Protocol Analysis with the Inductive Method

Electronic Voting Protocol Analysis with the Inductive Method Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification

More information

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

A STRUCTURED APPROACH TO NETWORK SECURITY PROTOCOL IMPLEMENTATION

A STRUCTURED APPROACH TO NETWORK SECURITY PROTOCOL IMPLEMENTATION A STRUCTURED APPROACH TO NETWORK SECURITY PROTOCOL IMPLEMENTATION a dissertation submitted to the department of computer science, faculty of science at the university of cape town in fulfillment of the

More information

SCADA System Security, Complexity, and Security Proof

SCADA System Security, Complexity, and Security Proof SCADA System Security, Complexity, and Security Proof Reda Shbib, Shikun Zhou, Khalil Alkadhimi School of Engineering, University of Portsmouth, Portsmouth, UK {reda.shbib,shikun.zhou,khalil.alkadhimi}@port.ac.uk

More information

Module: Applied Cryptography. Professor Patrick McDaniel Fall 2010. CSE543 - Introduction to Computer and Network Security

Module: Applied Cryptography. Professor Patrick McDaniel Fall 2010. CSE543 - Introduction to Computer and Network Security CSE543 - Introduction to Computer and Network Security Module: Applied Cryptography Professor Patrick McDaniel Fall 2010 Page 1 Key Distribution/Agreement Key Distribution is the process where we assign

More information

Formal/Computational Verification of Protocol Implementations by Typechecking

Formal/Computational Verification of Protocol Implementations by Typechecking Formal/Computational Verification of Protocol Implementations by Typechecking Cédric Fournet Microsoft Research with Karthik Bhargavan, Andy Gordon, http://research.microsoft.com/~fournet http://msr-inria.inria.fr/projects/sec

More information

To Infinity And Beyond or, Avoiding the infinite in security protocol analysis

To Infinity And Beyond or, Avoiding the infinite in security protocol analysis To Infinity And Beyond or, Avoiding the infinite in security protocol analysis ABSTRACT James Heather Department of Computing University of Surrey Guildford, UK j.heather@surrey.ac.uk We investigate conditions

More information

APPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS: EMERGING ISSUES AND TRENDS

APPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS: EMERGING ISSUES AND TRENDS PPLYING FORML METHODS TO CRYPTOGRPHIC PROTOCOL NLYSIS: EMERGING ISSUES ND TRENDS Catherine Meadows Code 5543 Center for High ssurance Computer Systems US Naval Research Laboratory Washington, DC 20375

More information

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private

More information

SIGMA: the SIGn-and-MAc Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols

SIGMA: the SIGn-and-MAc Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols SIGMA: the SIGn-and-MAc Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols Hugo Krawczyk June 12, 2003 Abstract We present the SIGMA family of key-exchange protocols and the SIGn-and-MAc

More information

Nathalie Louise Foster

Nathalie Louise Foster The application of software and safety engineering techniques to security protocol development Nathalie Louise Foster Submitted for the degree of Doctor of Philosophy University of York Department of Computer

More information

Formal Analysis of Authentication in Bluetooth Device Pairing

Formal Analysis of Authentication in Bluetooth Device Pairing Formal Analysis of Authentication in Bluetooth Device Pairing Richard Chang and Vitaly Shmatikov The University of Texas at Austin Abstract. Bluetooth is a popular standard for short-range wireless communications.

More information

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete

More information

A Rewriting-Based Inference System for the NRL Protocol Analyzer

A Rewriting-Based Inference System for the NRL Protocol Analyzer A Rewriting-Based Inference System for the NRL Protocol Analyzer Santiago Escobar Cathy Meadows José Meseguer UIUC NRL UIUC (UPV, Valencia, Spain) PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE 9-10 Outline

More information

Universally Composable Symbolic Analysis of Diffie-Hellman based Key Exchange

Universally Composable Symbolic Analysis of Diffie-Hellman based Key Exchange Universally Composable Symbolic Analysis of Diffie-Hellman based Key Exchange Ran Canetti and Sebastian Gajek School of Computer Science Tel Aviv University, Israel May 20, 2010 Abstract Canetti and Herzog

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Adversary Modelling 1

Adversary Modelling 1 Adversary Modelling 1 Evaluating the Feasibility of a Symbolic Adversary Model on Smart Transport Ticketing Systems Authors Arthur Sheung Chi Chan, MSc (Royal Holloway, 2014) Keith Mayes, ISG, Royal Holloway

More information

The Eighth International Conference INCOSE_IL 2015. Formal Methods Security Tools in the Service of Cyber Security

The Eighth International Conference INCOSE_IL 2015. Formal Methods Security Tools in the Service of Cyber Security The Eighth International Conference INCOSE_IL 2015 כלים ובדיקות Formal Methods Security Tools in the Service of Cyber Security Dr. Michael J. May Kinneret College on the Sea of Galilee 1 כלים ובדיקות /

More information

Towards the Correctness of Security Protocols

Towards the Correctness of Security Protocols Electronic Notes in Theoretical Computer Science 83 (2004) URL: http://www.elsevier.nl/locate/entcs/volume83.html 46 pages Towards the Correctness of Security Protocols Mourad Debbabi 1 Panasonic Information

More information

Model Checking Security Protocols

Model Checking Security Protocols David Basin, Cas Cremers, Catherine Meadows Model Checking Security Protocols Draft manuscript October 22, 2012 Springer 2 24.1 Introduction Cryptographic protocols are communication protocols that use

More information

Security Analysis of Network Protocols. John Mitchell Stanford University

Security Analysis of Network Protocols. John Mitchell Stanford University Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and

More information

Comparing State Spaces in Automatic Security Protocol Analysis

Comparing State Spaces in Automatic Security Protocol Analysis Comparing State Spaces in Automatic Security Protocol Analysis Cas J.F. Cremers 1, Pascal Lafourcade 2, and Philippe Nadeau 3 1 Department of Computer Science, ETH Zurich, 8092 Zurich, Switzerland 2 Verimag,

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Deriving Secure Network Protocols for Enterprise Services Architectures

Deriving Secure Network Protocols for Enterprise Services Architectures 1 Deriving Secure Network Protocols for Enterprise Services Architectures Matthias Anlauff, Dusko Pavlovic, and Asuman Suenbuel Kestrel Institute SAP Research Labs 3260 Hillview Avenue 3175 Deer Creek

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Lecture 13 of 41. More Propositional and Predicate Logic

Lecture 13 of 41. More Propositional and Predicate Logic Lecture 13 of 41 More Propositional and Predicate Logic Monday, 20 September 2004 William H. Hsu, KSU http://www.kddresearch.org http://www.cis.ksu.edu/~bhsu Reading: Sections 8.1-8.3, Russell and Norvig

More information

Secure Client Applications

Secure Client Applications Secure Client Applications Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014 Common/Reports/secure-client-apps.tex, r900 1/26 Acronyms

More information

Analyzing Internet Security Protocols

Analyzing Internet Security Protocols Analyzing Internet Security Protocols Alec Yasinsac, Justin Childs Florida State University Computer Science Dept. yasinsac@cs.fsu.edu, childs@cs.fsu.edu Abstract In this paper, we show how a novel tool

More information

Operational Semantics of Security Protocols

Operational Semantics of Security Protocols Operational Semantics of Security Protocols Cas Cremers and Sjouke Mauw Eindhoven University of Technology, Department of Mathematics and Computer Science, P.O. Box 513, NL-5600 MB Eindhoven, The Netherlands.

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Network Security Protocols: Analysis methods and standards

Network Security Protocols: Analysis methods and standards Network Security Protocols: Analysis methods and standards John Mitchell Stanford University Joint work with many students, postdocs, collaborators TRUST: Team for Research in Ubiquitous Secure Technologies

More information

Security protocol verification by means of symbolic model checking.

Security protocol verification by means of symbolic model checking. Università degli Studi di Pisa Facoltà di Scienze Matematiche Fisiche e Naturali Corso di Laurea Specialistica in Informatica Tesi di Laurea Security protocol verification by means of symbolic model checking.

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Architecture and Design for a Secure IM -Team 04: Discovery. Carl Nayak, Swanand Abhyankar Snowvee Gonsalves Sonali Kudtarkar

Architecture and Design for a Secure IM -Team 04: Discovery. Carl Nayak, Swanand Abhyankar Snowvee Gonsalves Sonali Kudtarkar Architecture and Design for a Secure IM -Team 04: Discovery Carl Nayak, Swanand Abhyankar Snowvee Gonsalves Sonali Kudtarkar Features Secure Communication : Authentication, Confidentiality and Integrity

More information

Analysis of Privacy-Preserving Element Reduction of Multiset

Analysis of Privacy-Preserving Element Reduction of Multiset Analysis of Privacy-Preserving Element Reduction of Multiset Jae Hong Seo 1, HyoJin Yoon 2, Seongan Lim 3, Jung Hee Cheon 4 and Dowon Hong 5 1,4 Department of Mathematical Sciences and ISaC-RIM, Seoul

More information

Lecture 2: Complexity Theory Review and Interactive Proofs

Lecture 2: Complexity Theory Review and Interactive Proofs 600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

More information

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1 KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data

More information

Towards a Metalogic for Security Protocol Analysis

Towards a Metalogic for Security Protocol Analysis Towards a Metalogic for Security Protocol Analysis (Extended Abstract) Carlos Caleiro 1 Luca Viganò 2 David Basin 2 1 CLC, Department of Mathematics, IST, Lisbon, Portugal cs.math.ist.utl.pt/ccal.html

More information

Security Analysis of (Un-) Fair Non-repudiation Protocols

Security Analysis of (Un-) Fair Non-repudiation Protocols Security Analysis of (Un-) Fair Non-repudiation Protocols Sigrid Gürgens and Carsten Rudolph Fraunhofer Institute for Secure Telecooperation SIT Rheinstrasse 75, D-64295 Darmstadt, Germany {guergens,rudolphc}@sit.fraunhofer.de

More information

Authenticity by Typing for Security Protocols

Authenticity by Typing for Security Protocols Authenticity by Typing for Security Protocols Andrew D. Gordon Microsoft Research Alan Jeffrey DePaul University June 2002 Technical Report To appear in the Journal of Computer Security Microsoft Research

More information

Symbolic Protocol Analysis With an Abelian Group Operator or Diffie-Hellman Exponentiation

Symbolic Protocol Analysis With an Abelian Group Operator or Diffie-Hellman Exponentiation Symbolic Protocol Analysis With an Abelian Group Operator or Diffie-Hellman Exponentiation Jonathan Millen and Vitaly Shmatikov Computer Science Laboratory SRI International millen,shmat@csl.sri.com Abstract

More information

Towards Security Analyses of an Identity Federation Protocol for Web Services in Convergent Networks

Towards Security Analyses of an Identity Federation Protocol for Web Services in Convergent Networks Towards Security Analyses of an Identity Federation Protocol for Web Services in Convergent Networks Maurice ter Beek ISTI CNR, Via G Moruzzi 1, 56124 Pisa, Italy Email: mauriceterbeek@isticnrit Corrado

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

What is Protocol Analysis?

What is Protocol Analysis? What is Protocol Analysis? Francien Dechesne, Jan van Eijck, Wouter Teepe, Yanjing Wang The following is a transcript of one of the discussion sessions that took place during the Workshop on Games, Action

More information

CHAPTER 5 ACO BASED MOBILE AGENT FOR SECURED KEY MANAGEMENT

CHAPTER 5 ACO BASED MOBILE AGENT FOR SECURED KEY MANAGEMENT 112 CHAPTER 5 ACO BASED MOBILE AGENT FOR SECURED KEY MANAGEMENT 5.1 Related Work Security in ad hoc network becomes a critical issue for the past few decades. Attacks will be avoided by authenticating

More information

A Search-Based Framework for Security Protocol Synthesis

A Search-Based Framework for Security Protocol Synthesis A Search-Based Framework for Security Protocol Synthesis Hao Chen Submitted for the degree of Doctor of Philosophy The University of York Department of Computer Science April 2007 For My Mum and Dad 献

More information

Introducing Formal Methods. Software Engineering and Formal Methods

Introducing Formal Methods. Software Engineering and Formal Methods Introducing Formal Methods Formal Methods for Software Specification and Analysis: An Overview 1 Software Engineering and Formal Methods Every Software engineering methodology is based on a recommended

More information

Take-home points. Distributed Systems Security II. Remember digital signatures. Today: Auth protocols 15-440

Take-home points. Distributed Systems Security II. Remember digital signatures. Today: Auth protocols 15-440 Distributed Systems Security II 5-440 Take-home points What does using public-key for our authentication buy us? Compare kerberos (needham-schroeder) and SSL with a certificate authority Metrics: Scaling,

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

Internet Security Protocols

Internet Security Protocols Information Security and Privacy Internet Security Protocols Darya Kurilova October 1, 2013 Darya Kurilova 2013 Internet Security Protocols Darya Kurilova 2013 2 What is the Internet? Darya Kurilova 2013

More information

Symbolic Analysis of Computer Network Security Protocols. Andre Scedrov University of Pennsylvania

Symbolic Analysis of Computer Network Security Protocols. Andre Scedrov University of Pennsylvania Symbolic Analysis of Computer Network Security Protocols Andre Scedrov University of Pennsylvania Computer Security Goal: protection of computer systems and digital information Access control OS security

More information

Chapter 16: Authentication in Distributed System

Chapter 16: Authentication in Distributed System Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal

More information

Chapter 3. Network Domain Security

Chapter 3. Network Domain Security Communication System Security, Chapter 3, Draft, L.D. Chen and G. Gong, 2008 1 Chapter 3. Network Domain Security A network can be considered as the physical resource for a communication system. This chapter

More information

Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties

Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties Santiago Escobar 1, Catherine Meadows 2, and Jose Meseguer 2 1 Universidad Politecnica de Valencia, Spain. sescobar@dsic.upv.es 2

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

Static Program Transformations for Efficient Software Model Checking

Static Program Transformations for Efficient Software Model Checking Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major

More information

Message Authentication Code

Message Authentication Code Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

STATUS REPORT ON MAUDE-NPA TOOL

STATUS REPORT ON MAUDE-NPA TOOL STATUS REPORT ON MAUDE-NPA TOOL Catherine Meadows Santiago Escobar Jose Meseguer September 28, 2006 1 GOAL Extend standard free algebra model of crypto protocol analysis to deal with algebraic properties

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

EasyCrypt - Lecture 6 Overview and perspectives. Tuesday November 25th

EasyCrypt - Lecture 6 Overview and perspectives. Tuesday November 25th EasyCrypt - Lecture 6 Overview and perspectives Tuesday November 25th EasyCrypt - Lecture 6 Case studies Verified implementations Automated proofs and synthesis Perspectives 2 Inventaire à la Prevert Examples

More information

3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback 3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

Hybrid Planning in Cyber Security Applications

Hybrid Planning in Cyber Security Applications Louisa Pragst 20. November 2013 Hybrid Planning in Cyber Security Applications Bachelor Thesis 2 Hybrid Planning in Cyber Security Applications Introduction Overview Transformation of a POCL domain into

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

CSCI 454/554 Computer and Network Security. Final Exam Review

CSCI 454/554 Computer and Network Security. Final Exam Review CSCI 454/554 Computer and Network Security Final Exam Review Topics covered by Final Topic before Midterm 20% Topic after Midterm 80% Date: 05/13/2015 9:00am noon Place: the same classroom Open book/notes

More information

CIS 433/533 - Computer and Network Security Public Key Crypto/ Cryptographic Protocols

CIS 433/533 - Computer and Network Security Public Key Crypto/ Cryptographic Protocols CIS 433/533 - Computer and Network Security Public Key Crypto/ Cryptographic Protocols Professor Kevin Butler Winter 2010 Computer and Information Science Key Distribution/Agreement Key Distribution is

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

More information

Network Security. Lecture 3

Network Security. Lecture 3 Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview

More information

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering Network Security by David G. Messerschmitt Supplementary section for Understanding Networked Applications: A First Course, Morgan Kaufmann, 1999. Copyright notice: Permission is granted to copy and distribute

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information