- Full text PDF available (104)
- This year (5)
- Last 5 years (44)
- Last 10 years (71)
Journals and Conferences
Attack trees have found their way to practice because they have proved to be an intuitive aid in threat analysis. Despite, or perhaps thanks to, their apparent simplicity, they have not yet been provided with an unambiguous semantics. We argue that such a formal interpretation is indispensable to precisely understand how attack trees can be manipulated… (More)
We study High-level Message Sequence Charts – a concept incorporated into MSC96 for composing MSCs explicitly. A formal semantics is given which extends the accepted process algebra semantics of MSC92. We assess the language by studying a simple example, which leads us to consider the extension of HMSC with gates.
Message Sequence Charts are a widely used technique for the visualization of the communications between system components. We present a formal semantics of Basic Message Sequence Charts, exploiting techniques from process algebra. This semantics is based on the semantics of the full language as being proposed for standardization in the International… (More)
In this paper we study the automation of test derivation and execution in the area of conformance testing. The test scenarios are derived from multiple specification languages: LOTOS, Promela and SDL. A central theme of this study is the usability of batch-oriented and on-the-fly testing approaches. To facilitate the derivation from multiple formal… (More)
We study the use of model checking techniques for the generation of test sequences. Given a formal model of the system to be tested, one can formulate test purposes. A model checker then derives test sequences that fulfill these test purposes. The method is demonstrated by applying it to a specification of an Intelligent Network with two features.
We introduce and give formal definitions of attack–defense trees. We argue that these trees are a simple, yet powerful tool to analyze complex security and privacy problems. Our formalization is generic in the sense that it supports different semantical approaches. We present several semantics for attack–defense trees along with usage scenarios, and we show… (More)
This paper introduces an asynchronous optimistic certified email protocol, with stateless recipients, that relies on key chains to considerably reduce the storage requirements of the trusted third party. The proposed protocol thereby outperforms the existing schemes that achieve strong fairness. The paper also discusses the revocation of compromised keys as… (More)
Recently the ITU standardised speci cation language Message Sequence Chart MSC IT has been extended with constructs for more complete and structured speci cations The new version of the language is called MSC Currently research is performed on the extension of the old formal semantics towards a semantics for MSC Ideally the development of a language and its… (More)
We give an intuitive formal definition of untraceability in the standard Dolev-Yao intruder model, inspired by existing definitions of anonymity. We show how to verify whether communication protocols satisfy the untraceability property and apply our methods to known RFID protocols. We show a previously unknown attack on a published RFID protocol and use our… (More)
Based on a concise domain analysis we develop a formal semantics of security protocols. Its main virtue is that it is a generic model, in the sense that it is parameterized over e.g. the intruder model. Further characteristics of the model are a straightforward handling of parallel execution of multiple protocols, locality of security claims, the binding of… (More)