What We Can Learn from API Security

(Transcript of Discussion)
  • Ross Anderson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3364)


During the period when Mike and Bruce were looking for position papers for this workshop, I was rather busy because of a court case some of you may have heard about, so I’m going to go over the slides that I gave at Roger Needham’s farewell do last month, with some extra material added. The subject is what API security teaches us in the wider world of protocols; so it’s about protocol analysis, composability, computation, and the effects in the real world.

How do we define a security protocol’s world? Well that’s changing: in the classic literature there are rules for dealing with information used to verify principals’ claims to identity, such as passwords, PINs, crypto keys and timestamps. Now it’s expanding to include other claims: such as claims to authorisation, or claims to creditworthiness, or claims to have a particular bank balance available for an electronic payment.


Covert Channel Cipher Text Security Module Computer Security Foundation Workshop Feistel Cipher 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ross Anderson
    • 1
  1. 1.University of Cambridge 

Personalised recommendations