Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 9 / Issue 11

available in:   PDF (214 kB) PS (190 kB)
Similar Docs BibTeX   Write a comment
Links into Future


An Information Flow Method to Detect Denial of Service Vulnerabilities

Stéphane Lafrance (École Polytechnique de Montréal, Canada)

John Mullins (École Polytechnique de Montréal, Canada)

Abstract: Meadows recently proposed a formal cost-based framework for the analysis of denial of service, showing how to formalize some existing principles used to make cryptographic protocols more resistant to denial of service by comparing the cost to the defender against the cost to the attacker. The firrst contribution of this paper is to introduce a new security property called impassivity designed to capture the abiity of a protocol to achieve these goals in the framework of a generic value-passing process algebra called Security Process Algebra (SPPA) extended with local function calls, cryptographic primitives and special semantic features in order to handle cryptographic protocols. Impassivity is defined as an information flow property founded on bisimulation-based non-deterministic admissible interference. A sound and complete proof method for impassivity is provided. The method extends previous results of the authors on bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols. It is illustrated by its application to the TCP/IP protocol. Key Words: Denial of service, Protocols, Ad

Keywords: admissible interference, bisimulation, denial of service, equivalence-checking, protocols

Categories: C.2.2, C.2.4