Abstract
When applying information security, we need to go beyond the analysis of individual security protocols and consider how they are used within distributed systems, software applications and services. Important as they are, security protocols only form a part of the overall security engineering design for a particular distributed system. The effective use of any security protocol will typically depend upon certain structural data such as key information being available for use by some – and at the same time made unavailable to others. Systems need to be designed with requirements like these in mind ([1,2]).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. CACM 12, 993–999 (1978)
Anderson, R.: Security Engineering. Wiley, Chichester (2001)
Paulson, L.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)
Huth, M.: Secure Communicating Systems, Cambridge (2001)
Abadi, M.: Security Protocols and their Properties. In: Bauer, F.L., Steinbrueggen, R. (eds.) Foundations of Secure Computation, Marktoberdorf, Germany. NATO Science Series, pp. 39–60. IOS Press, Amsterdam (2000)
Lowe, G.: An attack on the Needham-Schroeder public key authentication protocol. Information Processing Letters 56, 131–136 (1995)
Gollmann, D.: What do we mean by Entity Authentication? In: Proc. IEEE Symposium on Security and Privacy 1996. IEEE Computer Society, Los Alamitos (1996)
Monahan, B.: Introducing ASPECT - a tool for checking protocol security. Technical Report HPL-2002-246, HP Labs (2002), http://www.hpl.hp.com/techreports/2002/HPL-2002-246
Cannetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). In: Proc. 30th Annual ACM Symp. On Theory of Computing, Perugia, Italy, pp. 209–218. ACM Press, New York (1998)
Dolev, D., Yao, A.: On the security of public key protocols. Technical Report STAN-CS-81-854, Dept. of Computer Science, Stanford University (1981); Also in Transactions on Information Theory 29(2), 198-208 (1983)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. In: Proceedings of the Royal Society of London A. Royal Society, vol. 426, pp. 233–271 (1989); Also publ. (condensed) in ACM Transactions on Computer Systems 8(1), 18-36 (February 1990)
Thayer Fábrega, F.J., Herzog, J.C., Guttman, J.D.: Strand Spaces: Proving Security Protocols Correct. Journal of Computer Security 7, 191–230 (1999)
Ryan, P., Schneider, S.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2001)
Rusinowitch, M., Turuani, M.: Protocol Insecurity with Finite Number of Sessions is NP-complete. In: Proc. 14th IEEE Computer Security Foundations Workshop, pp. 174–187. IEEE, Los Alamitos (2001)
Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the Spi Calculus. Technical Report SRC-149, DEC-SRC (1998)
Roscoe, A.W., Goldsmith, M.H.: What is intransitive non-interference? In: Proc. of 1999 IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1999)
Ryan, P.Y.A., Schneider, S.: Process algebra and non-interference. In: Proc. 1999 IEEE Computer Security Foundations Workshop, Mordano, Italy. IEEE Press, Mordano (1999)
Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Undecidability of bounded security protocols. In: Proc. FLOC Workshop on Formal Methods in Security Protocols (1999)
Ryan, P.: A CSP formulation of non-interference. In: Cipher, pp. 19–27. IEEE Computer Society Press, Los Alamitos (1991)
Focardi, R., Gorreri, R., Martinelli, F.: Secrecy in Security Protocols as Non Interference. In: Schneider, S., Ryan, P. (eds.) DERA/RHUL Workshop on Secure Architectures and Information Flow. Electronic Notes in Theoretical Computer Science, vol. 32. Elsevier, Amsterdam (1999)
Millen, J., Shmatikov, V.: Constraint solving for bounded process cryptographic protocol analysis. In: Proc. 8th ACM Conference on Computer and Communications Security. ACM, New York (2001)
Foley, S.N.: A Non-Functional Approach to System Integrity. IEEE Journal on Selected Areas in Communications (2003)
Martinelli, F.: Analysis of security protocols as open systems. TCS 290, 1057–1106 (2003)
Gordon, A.D., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. In: Proc. 15th IEEE Computer Security Foundations Workshop (CSFW 2002), pp. 77–91. IEEE, Los Alamitos (2002)
Bodei, C., Degano, P., Nielson, F., Riis Nielson, H.: Static analysis for secrecy and non-interference in networks of processes. In: Malyshkin, V.E. (ed.) PaCT 2001. LNCS, vol. 2127, p. 27. Springer, Heidelberg (2001)
Cervesato, I., Durgin, N., Mitchell, J.C., Lincoln, P., Scedrov, A.: Relating Strands and Multiset Rewriting for Security Protocol Analysis. In: Proc. 15th IEEE Computer Security Foundations Workshop, pp. 35–51. IEEE, Los Alamitos (2000)
Ryan, P.Y.A.: Mathematical Models of Computer Security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1–62. Springer, Heidelberg (2001)
Syverson, P., Cervesato, I.: The Logic of Authentication Protocols. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 63–137. Springer, Heidelberg (2001)
Samurati, P., de Capitani di Vimercati, S.: Access Control: Policies, Models and Mechanism. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Guttman, J.D.: Security Goals: Packet Trajectories and Strand Spaces. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 197–261. Springer, Heidelberg (2001)
Gordon, A.D.: Notes on Nominal Calculi for Security and Mobility. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 262–330. Springer, Heidelberg (2001)
Focardi, R., Gorreri, R.: Classification of Security Properties (Part 1: Information Flow). In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)
Abadi, M., Rogaway, P.: Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption). Journal of Cryptology 15, 103–127 (2002)
Pfitzmann, B., Waidner, M.: A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In: Proc. of IEEE Symposium on Security and Privacy, Oakland, California, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001)
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)
Clark, D., Hankin, C., Hunt, S.: Information flow for Algol-like languages. Journal of Computer Languages (2002)
Sabelfeld, A., Myers, A.C.: Language Based Information Flow Security. IEEE Journal on selected areas in Communications 21 (2003)
Denker, G., Millen, J.K., Rueß, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI, Menlo Park, California, USA (2000)
Denker, G., Millen, J.: CAPSL intermediate language. In: Proc. of FLoC Workshop on Formal Methods and Security Protocols (1999)
Bruns, G.: Distributed Systems Analysis with CCS. Prentice-Hall, Englewood Cliffs (1997)
Birtwistle, G., Tofts, C.: Relating Operational and Denotational Descriptions of Demos. Simulation Practice and Theory 5, 1–33 (1997)
Monahan, B.: From Security Protocols to Systems Security - Making a case for systems security modelling. Technical Report HPL-2003-147, HP Labs (2003), http://www.hpl.hp.com/techreports/2003/HPL-2003-147
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Monahan, B. (2005). From Security Protocols to Systems Security. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_37
Download citation
DOI: https://doi.org/10.1007/11542322_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)