SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment
作者: Anja Feldmann , Tobias Fiebig , Randy Bush , Florian Streibelt , Thorben Krueger
DOI:
关键词:
摘要: Today's Internet utilizes a multitude of different protocols. While some these protocols were first implemented and used later documented, other specified then implemented. Regardless how came to be, their definitions can contain traps that lead insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for security incidents. Indeed, have been commonly designed without mind which leads misconfiguration traps. this slowly changing, considerations similarly bad effect. Due complex insufficient documentation, features may remain unused, leaving deployments vulnerable. In paper we provide systematization the found By separating four classes identify major factors These insights together with observations about end-user centric usability by default derive recommendations improving existing designing new protocols---without such sensitive operators, implementors users.
mpg.de
harvard.edu
arxiv.org参考文章(85)
Ehab S. Al-Shaer, Hazem H. Hamed, Firewall Policy Advisor for anomaly discovery and rule editing integrated network management. pp. 17- 30 ,(2003) , 10.1007/978-0-387-35674-7_2
B. Harris, R. Hunt, Review: TCP/IP security threats and attack methods Computer Communications. ,vol. 22, pp. 885- 897 ,(1999) , 10.1016/S0140-3664(99)00064-X
Rob Barrett, Eser Kandogan, Paul P. Maglio, Eben M. Haber, Leila A. Takayama, Madhu Prabaker, Field studies of computer system administrators: analysis of system management tools and practices conference on computer supported cooperative work. pp. 388- 395 ,(2004) , 10.1145/1031607.1031672
George Pallis, Cloud Computing: The New Frontier of Internet Computing IEEE Internet Computing. ,vol. 14, pp. 70- 73 ,(2010) , 10.1109/MIC.2010.113
Tianyin Xu, Long Jin, Xuepeng Fan, Yuanyuan Zhou, Shankar Pasupathy, Rukma Talwadker, Hey, you have given me too many knobs!: understanding and dealing with over-designed configuration in system software foundations of software engineering. pp. 307- 319 ,(2015) , 10.1145/2786805.2786852
Eugene H. Spafford, The internet worm program: an analysis ACM SIGCOMM Computer Communication Review. ,vol. 19, pp. 17- 57 ,(1989) , 10.1145/66093.66095
Roland Bodenheim, Jonathan Butts, Stephen Dunlap, Barry Mullins, Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices International Journal of Critical Infrastructure Protection. ,vol. 7, pp. 114- 123 ,(2014) , 10.1016/J.IJCIP.2014.03.001
Anastasios N. Bikos, Nicolas Sklavos, LTE/SAE Security Issues on 4G Wireless Networks ieee symposium on security and privacy. ,vol. 11, pp. 55- 62 ,(2013) , 10.1109/MSP.2012.136
Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart, Cross-VM side channels and their use to extract private keys Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 305- 316 ,(2012) , 10.1145/2382196.2382230
Thomas Krenc, Oliver Hohlfeld, Anja Feldmann, An internet census taken by an illegal botnet: a qualitative assessment of published measurements acm special interest group on data communication. ,vol. 44, pp. 103- 111 ,(2014) , 10.1145/2656877.2656893