Formal security analysis of PKCS#11 and proprietary extensions

Stephanie Delaune; Steve Kremer; Graham Steel

首页> 外文期刊>Journal of computer security >Formal security analysis of PKCS#11 and proprietary extensions

【24h】

Formal security analysis of PKCS#11 and proprietary extensions

机译：PKCS＃11和专有扩展的正式安全性分析

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

PKCS#11 defines an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which differs from previous security API models notably in that it accounts for non-monotonic mutable global state. We give decidability results for our formalism, and describe an implementation of the resulting decision procedure using the model checker NuSMV. We report some new attacks and prove the safety of some configurations of the API in our model. We also analyse proprietary extensions proposed by nCipher (Thales) and Eracom (Safenet), designed to address the shortcomings of PKCS#11.

机译：PKCS＃11定义了一种已在行业中广泛采用的用于加密设备的API。但是，已证明它容易受到各种攻击的攻击，例如，这些攻击可能会破坏存储在设备上的敏感密钥。在本文中，我们提出了API操作的形式化模型，该模型与以前的安全性API模型不同之处在于，它解释了非单调可变全局状态。我们给出形式化的可判定性结果，并描述使用模型检查器NuSMV进行最终决策过程的实现。我们报告了一些新攻击，并证明了我们模型中API某些配置的安全性。我们还分析了nCipher（Thales）和Eracom（Safenet）提出的专有扩展，旨在解决PKCS＃11的缺点。

著录项

来源
《Journal of computer security》 |2010年第6期|p.1211-1245|共35页
作者
Stephanie Delaune; Steve Kremer; Graham Steel;
展开▼
作者单位

LSV, ENS Cachan & CNRS & INRIA, France;

rnLSV, ENS Cachan & CNRS & INRIA, France;

rnLSV, ENS Cachan & CNRS & INRIA, France 61, avenue du President Wilson, 94235 Cachan Cedex, France;

展开▼
收录信息美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
security APIs; PKCS#11; cryptographic devices; decidability; model checking;

机译：安全API;PKCS＃11;密码设备;可判定性模型检查;

相似文献

外文文献
中文文献
专利

1. Formal integrated network security analysis tool: formal query-based network security configuration analysis [J] . Maity Soumya, Bera P., Ghosh Soumya K., Networks, IET . 2015,第2期

机译：正式的集成网络安全分析工具：基于正式查询的网络安全配置分析
2. Formal analysis and design for engineering security automated derivation of formal software security specifications from goal-oriented security requirements [J] . Hassan R., Eltoweissy M., Bohner S., Software, IET . 2010,第2期

机译：工程安全的形式化分析和设计，可从面向目标的安全要求中自动得出正式的软件安全规范
3. Formal Security Definition and Efficient Construction for Roaming with a Privacy-Preserving Extension [J] . Guomin Yang, Duncan S. Wong, Xiaotie Deng Journal of Universal Computer Science . 2008,第3期

机译：带有隐私保护扩展的漫游的正式安全定义和高效构建
4. Formal Analysis of Key Integrity in PKCS#11 [C] . Andrea Falcone, Riccardo Focardi Automated reasoning for security protocol analysis and issues in the theory of security . 2010

机译：PKCS＃11中密钥完整性的形式分析
5. Making Kerberos a Resilient Infrastructure, with a Formal Security Analysis [D] . Sciré, John H. 2020

机译：使Kerberos成为弹性基础设施，具有正式的安全分析
6. Whatever Happened to Formal Methods for Security? [O] . J. Voas, K. Schaffer -1

机译：发生什么正式的安全方法？
7. Formal Analysis of Key Integrity in PKCS#11 [O] . FALCONE A., FOCARDI R 2011

机译：PKCS＃11中密钥完整性的形式分析
8. Formal Extension to Object Oriented Analysis Using Z [R] . Hartrum, T. C., Bailor, P. 1994

机译：用Z实现对面向对象分析的形式化扩展

Formal security analysis of PKCS#11 and proprietary extensions

摘要

著录项

相似文献

相关主题

期刊订阅