摘要: Interoperable identity and trust management infrastructure plays an important role in enabling integrations cloud computing environments. In the past decade or so, several web-based workflows have emerged as de-facto standards for user resource access across enterprises. Establishing correctness of such web protocols is immense importance to a large number common business transactions on web. this paper, we propose framework analyzing security protocols. A novel aspect our proposal bringing together two contrasting styles used protocol analysis. We use inference construction style, which well-known BAN logic has been extended reason about protocols, conjunction with, attack style that performs SAT based model-checking rule out certain active attacks. The result analysis method shares simplicity intuitive appeal belief logics, at same time covers wider range along with ability automatically find To illustrate effectiveness, case study leading presented, where application results previously unreported being identified.
acm.org
sci-hub.se 参考文章(24)
John Clark, Jeremy Jacob, A Survey of Authentication Protocol Literature ,(2010)
Jeannette M. Wing, Darrell Kindred, Fast, automatic checking of security protocols WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2. pp. 5- 5 ,(1996)
Johann Schumann, Automatic Verification of Cryptographic Protocols with SETHEO conference on automated deduction. pp. 87- 100 ,(1997) , 10.1007/3-540-63104-6_12
Dawn Xiaodong Song, Sergey Berezin, Adrian Perrig, Athena: a novel approach to efficient automatic security protocol analysis Journal of Computer Security. ,vol. 9, pp. 47- 74 ,(2001) , 10.3233/JCS-2001-91-203
Catherine Meadows, Applying Formal Methods to the Analysis of a Key Management Protocol Journal of Computer Security. ,vol. 1, pp. 5- 35 ,(1992) , 10.3233/JCS-1992-1102
Daniel Jackson, Software Abstractions: Logic, Language, and Analysis ,(2006)
David Basin, Sebastian Mödersheim, Luca Vigano, None, An on-the-fly model-checker for security protocol analysis european symposium on research in computer security. pp. 253- 270 ,(2003) , 10.1007/978-3-540-39650-5_15
Devdatta Akhawe, Adam Barth, Peifung E. Lam, John Mitchell, Dawn Song, Towards a Formal Foundation of Web Security ieee computer security foundations symposium. pp. 290- 304 ,(2010) , 10.1109/CSF.2010.27
Michael Burrows, Martin Abadi, Roger Needham, A logic of authentication ACM Transactions on Computer Systems. ,vol. 8, pp. 18- 36 ,(1990) , 10.1145/77648.77649
D. Dolev, A. Yao, On the security of public key protocols IEEE Transactions on Information Theory. ,vol. 29, pp. 198- 208 ,(1983) , 10.1109/TIT.1983.1056650