Learn More
A strand is a sequence of events; it represents either an execution by a legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand space is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol correctness claims may be expressed in terms of the connections(More)
A strand is a sequence of events; it represents either the execution of legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand space is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol correctness claims may be expressed in terms of the connections(More)
Suppose a principal in a cryptographic protocol creates and transmits a message containing a new value v, later receiving v back in a different cryptographic context. It can conclude that some principal possessing the relevant key has received and transformed the message in which v was emitted. In some circumstances, this principal must be a regular(More)
In this paper, we present a systematic way to determine the information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux. A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an SELinux configuration, provides(More)
When packet filtering is used as a security mechanism, different routers may need to cooperate to enforce the desired security policy. It is difficult to ensure that they will do so correctly. We introduce a simple language for expressing global network access control policies of a kind that filtering routers are capable of enforcing. We then introduce an(More)
A model-theoretic approach can establish security theorems, which are formulas expressing authen-tication and non-disclosure properties of protocols. Security theorems have a special form, namely quantified implications ∀ x. (φ ⊃ ∃ y. ψ). Models (interpretations) for these formulas are skeletons, partially ordered structures consisting of a number of local(More)
Mobile agents are processes which can autonomously migrate to new hosts. Despite its many practical ben-ets, mobile agent technology results in signicant new security threats from malicious agents and hosts. The primary added complication is that, as an agent traverses multiple hosts that are trusted to dierent degrees, its state can change in ways that(More)
imps is an Interactive Mathematical Proof System intended as a general purpose tool for formulating and applying mathematics in a familiar fashion. The logic of imps is based on a version of simple type theory with partial functions and subtypes. Mathematical specification and inference are performed relative to axiomatic theories, which can be related to(More)