Riccardo Focardi

Learn More
Several information ow security deenitions, proposed in the literature, are generalized and adapted to the model of labelled transition systems. This very general model has been widely used as a semantic domain for many process algebras , e.g. CCS. As a by-product, we provide a process algebra similar to CCS with a set of security notions, hence relating(More)
In the recent years, many formalizations of security properties have been proposed, most of which are based on different underlying models and are consequently difficult to compare. A classification of security properties is thus of interest for understanding the relationships among different definitions and for evaluating the relative merits. In this(More)
TheCompositional SecurityChecker (CoSeC for short) is a semantic-based tool for the automatic verification of some compositional information flow properties. The specifications given as inputs to CoSeC are terms of the Security Process Algebra, a language suited for the specification of concurrent systems where actions belong to two different levels of(More)
Several security definitions, proposed in the literature, are reformulated over the general model of labelled transition systems, frequently used as a suitable semantic domain for abstract concurrent languages, such as CCS. A classification of these security properties is provided. 1. This work has been partially supported by Esprit Basic research project(More)
Some of the non interference properties studied in [4, 6, 18] for information flow analysis in computer systems, notably BNDC , are reformulated here in a realtime setting. This is done by enhancing the Security Process Algebra of [6, 10] with some extra constructs to model real-time systems (in a discrete time setting); and then by studying the natural(More)
We show how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. In the asymmetric encryption case, we modify and improve Bleichenbacher’s attack on RSA(More)
We study information flow security in the setting of mobile agents. We propose a sufficient condition to security named Persistent BNDC. A process is Persistent BNDC when every of its reachable states satisfies a basic Non-Interference property called BNDC. By imposing that security persists during process execution, one is guaranteed that every potential(More)
We present a uniform approach for the definition and the analysis of various security properties. It is based on the general idea that a security property should be satisfied even in the presence of an hostile environment. This principle determines a family of strong properties which are resistant to every external attack, but are quite impractical to(More)
We show how to extract sensitive cryptographic keys from a variety of commercially available tamper resistant cryptographic security tokens, exploiting vulnerabilities in their RSA PKCS#11 based APIs. The attacks are performed by Tookan, an automated tool we have developed, which reverse-engineers the particular token in use to deduce its functionality,(More)