SECURE: A Simulation Tool for PKI Design
This work presents a novel methodology for security analysis of computer systems. The suggested approach, called simulated hazard injection, is a variant of simulated fault injection, which has already been employed with success to the design and evaluation of fault-tolerant computer systems. The paper describes the key ideas underlying the proposed methodology, and defines a portfolio of security measures to be extracted from experimental data. These concepts are incorporated in a tool for dependability analysis of Public Key Infrastructure (PKI) based systems. The tool is called SECURE and is currently under development at the University of Naples. The paper describes the architecture of the tool and discusses its potentialities.
Unable to display preview. Download preview PDF.
- 1.Ford, W., Baum, M. S.: Secure Electronic Commerce. Prentice Hall Inc., Upper Saddle River (1997)Google Scholar
- 2.Atkins, D. et al.: Internet Security Professional Reference. 2nd edn. New Riders Publishing, Indianapolis (1997)Google Scholar
- 3.Iyer, R. K., Tang, D.: Experimental Analysis of Computer Systems Dependability. In: Pradhan, D. K.: Fault-Tolerant Computer System Design. Prentice Hall Inc., Upper Saddle River (1996)Google Scholar
- 4.Saleh, R.A., Newton, A.R.: Mixed-Mode Simulation. Kluwer Academic Publishers (1990)Google Scholar
- 5.Obal II, W. D., Sanders, W. H.: An Environment for Importance Sampling Based on Stochastic Activity Networks. In: Proceedings of the 13th Symposium on Reliable Distributed Systems, Dana Point, CA (1994) 64–73Google Scholar
- 6.Kaancihe, M., Romano, L., Kalbarczyk, Z., Iyer, R. K., Karcich, R.: A Hierarchical Approach for Dependability Analysis of a Commercial Cached RAID Storage Architecture. In: Proccedings of The Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (FTCS28), IEEE-CS, Los Alamitos (1998) 6–15CrossRefGoogle Scholar
- 8.Schwetman, H.: Using CSIM to model complex systems. In: Proceedings of the 1988 Winter Simulation Conference, ed. M. Abrams, P. Haigh, and J. Comfort, San Diego (1988) 246-253Google Scholar
- 9.CSIM18 User Guides (C++ version), http://www.mesquite.com/
- 10.PKIX Working Group: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. INTERNET-DRAFT, April 1998Google Scholar
- 11.PKIX Working Group: An Internet Attribute Certificate Profile for Authorization. INTERNET-DRAFT, April 1999Google Scholar