Advertisement

Design of Entrusting Protocols for Software Protection

  • Vasily DesnitskyEmail author
  • Igor Kotenko
Conference paper
Part of the Lecture Notes in Geoinformation and Cartography book series (LNGC)

Abstract

The paper considers the problem of design and analysis of entrusting protocols used within software protection mechanisms, including the protection mechanisms for Geographical Information Systems (GIS). The main goal of these mechanisms is to protect software against malicious tampering accomplished by potential intruders. The given protocol set is intended for data exchange between the trusted server and the client program being protected as necessary for the entire protection mechanism function. The paper presents the main security requirements for the entrusting protocols and their analysis. The model of the intruder attempting to fulfill attacks on the protocol to compromise it as well as issues connected with protocol implementation are considered. We propose the general technique to design these types of protocols, including formal methods of protocol construction and analysis. Specifically, besides conventional protocol development methods that embrace the search of possible attacks on the protocol (including formal means), consequent protocol correction, and formal verification, the paper considers the methods of automatic synthesis proposing correct-by-construction protocol design.

Keywords:

Software protection Security protocol design Remote entrusting Attacks Protocol analysis and verification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bellare M, Canetti R, and Krawczyk H (1996) Keying hash functions for message authentication, Advances in Cryptology. CRYPTO '96. Lecture Notes in Computer Science, vol 1109, Springer-VerlagGoogle Scholar
  2. 2.
    Boichut Y, Heam P-C, Kouchnarenko O (2005) Automatic Verification of Security Protocols Using Approximations, INRIA Research ReportBoichut Y, Heam P-C, Kouchnarenko O (2005) Automatic Verification of Security Protocols Using Approximations, INRIA Research ReportGoogle Scholar
  3. 3.
    Ceccato M, Ofek Y, and Tonella P (2008) Remote entrusting by run- time software authentication. SOFSEM 2008 - Conference on Current Trends in Theory and Practice of Computer Science, Tatras, SlovakiaGoogle Scholar
  4. 4.
    Cederquist J, Dashti MT (2006) An intruder model for verifying liveness in security protocols. In: Proceedings of the fourth ACM workshop on Formal methods in security, Alexandria, Virginia, USAGoogle Scholar
  5. 5.
    Chen H (2007) A Search-Based Framework for Security Protocol Synthesis. The University of York, Department of Computer ScienceGoogle Scholar
  6. 6.
    Ellison C, Schneier B (2000) Ten Risks of PKI: What you're not being told about public key infrastructure. J Computer Security Journal 16(1)Google Scholar
  7. 7.
    Khan AS, Mukund M, Suresh SP (2005) Generic verification of security protocols. In: Proceedings of SPIN 2005, LNCS, vol 3639Google Scholar
  8. 8.
    Lampson B, Abadi M, Burrows M, Wobber E (1992) Authentication in distributed systems: theory and practice. ACM Trans. on Computer Systems 10( 4)Google Scholar
  9. 9.
    Plasto D (2004) Automated analysis of industrial scale security protocols. Bond University, Faculty of Information TechnologyGoogle Scholar
  10. 10.
    Zhou H, Foley SN (2003) Fast Automatic Synthesis of Security Protocols using Backward Search. In: Proceedings of the 2003 ACM Workshop on Formal Methods in Security Engineering (FMSE'03). Washington, DCGoogle Scholar
  11. 11.
    Zhou H, Foley SN (2004) A collaborative approach to autonomic security protocols. In: Proceedings of the 2004 workshop on New Security Paradigms. CanadaGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  1. 1.St. Petersburg Institute for Informatics and Automation of RASPetersburgRussia

Personalised recommendations