Abstract
The reason we went into this research, was that we found that partial attacks were extremely hard to model in terms of a language that could be used by an automated tool. Now there are three reasons why this is so. The first is that it is hard to identify these attacks even by hand, because you have to be really creative in thinking, what constitutes a reduction in entropy of the secret, that is significant, because a partial attack is really anything that reduces entropy, it’s just that it does not reduce the entropy to zero, which would be a case of a complete attack. Next, it’s hard to describe that in a formal language, part of that problem comes from the definition, you have to define what you want to be the goal, if the secret is the entire password, then getting one letter is pretty much a partial attack, but if the secret is that one letter, then getting that one letter is a complete attack. And lastly, applying that logic, how do you measure entropy, how do you measure information leakage, that’s also very difficult.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lin, A. (2010). Modeling Partial Attacks with Alloy (Transcript of Discussion). In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2007. Lecture Notes in Computer Science, vol 5964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17773-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-17773-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17772-9
Online ISBN: 978-3-642-17773-6
eBook Packages: Computer ScienceComputer Science (R0)