Control Flow Analysis (CFA) has been proven successful for the analysis of cryptographic protocols. Due to its over-approximative nature, the absence of detected flaws implies their absence also at run time, while their presence only says that there is the possibility for flaws to occur. Nevertheless, the static detection of a flaw can be considered as a warning bell that alerts against a possible attack, of which the flaw is the result. Reconstructing the possible attack leading to the detected flaw is not trivial, though. We propose a CFA enriched with causal information that accounts for attacker activity. In case a flaw is predicted, the causal information provides a sort of climbing holds that can be escalated to reconstruct the attack sequence leading to the flaw.

Static Evidences for Attack Reconstruction

FOCARDI, Riccardo
2015-01-01

Abstract

Control Flow Analysis (CFA) has been proven successful for the analysis of cryptographic protocols. Due to its over-approximative nature, the absence of detected flaws implies their absence also at run time, while their presence only says that there is the possibility for flaws to occur. Nevertheless, the static detection of a flaw can be considered as a warning bell that alerts against a possible attack, of which the flaw is the result. Reconstructing the possible attack leading to the detected flaw is not trivial, though. We propose a CFA enriched with causal information that accounts for attacker activity. In case a flaw is predicted, the causal information provides a sort of climbing holds that can be escalated to reconstruct the attack sequence leading to the flaw.
2015
Programming Languages with Applications to Biology and Security 2015
File in questo prodotto:
File Dimensione Formato  
attackReconstruction.pdf

non disponibili

Descrizione: Articolo
Tipologia: Versione dell'editore
Licenza: Accesso chiuso-personale
Dimensione 1.13 MB
Formato Adobe PDF
1.13 MB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/3671311
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 7
social impact