Bounded Memory Dolev-Yao Adversaries in Collaborative Systems
This paper extends existing models for collaborative systems. We investigate how much damage can be done by insiders alone, without collusion with an outside adversary. In contrast to traditional intruder models, such as in protocol security, all the players inside our system, including potential adversaries, have similar capabilities. They have bounded storage capacity, that is, they can only remember at any moment a bounded number of facts. This is technically imposed by only allowing balanced actions, that is, actions that have the same number of facts in their pre and post conditions. On the other hand, the adversaries inside our system have many capabilities of the standard Dolev-Yao intruder, namely, they are able, within their bounded storage capacity, to compose, decompose, overhear, and intercept messages as well as update values with fresh ones. We investigate the complexity of the decision problem of whether or not an adversary is able to discover secret data. We show that this problem is PSPACE-complete when all actions are balanced and can update values with fresh ones. As an application we turn to security protocol analysis and demonstrate that many protocol anomalies, such as the Lowe anomaly in the Needham-Schroeder public key exchange protocol, can also occur when the intruder is one of the insiders with bounded memory.
Unable to display preview. Download preview PDF.
- 3.Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy (2006)Google Scholar
- 4.Barth, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: CSF, pp. 279–294 (2007)Google Scholar
- 9.Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0 (1997), http://www.cs.york.ac.uk/~jac/papers/drareview.ps.gz
- 10.Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: LICS 2003, p. 271. IEEE Computer Society, Los Alamitos (2003)Google Scholar
- 14.Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: On protection in operating systems. In: SOSP 1975, pp. 14–24. ACM, New York (1975)Google Scholar
- 15.Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A.: Bounded memory Dolev-Yao adversaries in collaborative systems (2010), ftp://ftp.cis.upenn.edu/pub/papers/scedrov/FAST2010-TR.pdf
- 16.Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A.: Progressing collaborative systems. In: FCS-PrivMod (2010)Google Scholar
- 17.Kanovich, M., Rowe, P., Scedrov, A.: Policy compliance in collaborative systems. In: CSF 2009, pp. 218–233. IEEE Computer Society, Los Alamitos (2009)Google Scholar
- 18.Kanovich, M., Rowe, P., Scedrov, A.: Collaborative planning with confidentiality. Journal of Automated Reasoning (2010) (to appear); This is an extended version of a previous paper which appeared in CSF 2007Google Scholar
- 22.Roscoe, A.W.: Proving security protocols with model checkers by data independence techniques. In: CSFW, pp. 84–95 (1998)Google Scholar
- 24.Wang, G., Qing, S.: Two new attacks against Otway-Reese protocol. In: IFIP/SEC 2000, Information Security, pp. 137–139 (2000)Google Scholar