Dieter Gollmann

Computer Security – ESORICS 2005

Computerized Voting Machines: A View from the Trenches.- XML Access Control with Policy Matching Tree.- Semantic Access Control Model: A Formal Specification.- A Generic XACML Based Declarative Authorization Scheme for Java.- Specification and Validation of Authorisation Constraints Using UML and OCL.- Unified Index for Mobile Object Data and Authorizations.- On Obligations.- A Practical Voter-Verifiable Election Scheme.- Machine-Checked Security Proofs of Cryptographic Signature Schemes.- Sanitizable Signatures.- Limits of the Cryptographic Realization of Dolev-Yao-Style XOR.- Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study.- Augmented Oblivious Polynomial Evaluation Protocol and Its Applications.- Using Attack Trees to Identify Malicious Attacks from Authorized Insiders.- An Efficient and Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts.- Towards a Theory of Intrusion Detection.- On Scalability and Modularisation in the Modelling of Network Security Systems.- Sybil-Resistant DHT Routing.- Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks.- Quantifying Probabilistic Information Flow in Computational Reactive Systems.- Enforcing Non-safety Security Policies with Program Monitors.- Soundness of Formal Encryption in the Presence of Key-Cycles.- Privacy Preserving Clustering.- Abstractions Preserving Parameter Confidentiality.- Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation.- Security Notions for Disk Encryption.- Local View Attack on Anonymous Communication.- Browser Model for Security Analysis of Browser-Based Protocols.

An efficient non-repudiation protocol

Fairness may be a desirable property of a non-repudiation service. Protocols can achieve fairness through the involvement of a trusted third party but the extent of the trusted third partys involvement can vary between protocols. Hence, one of the goals of designing an efficient non-repudiation protocol is to reduce the workload of the trusted third party. In this paper, we present a variant of our fair non-repudiation protocol (1996), where the trusted third party is involved only in the case that one party cannot obtain the expected non-repudiation evidence from the other party. This variant is efficient in an environment where the two parties are likely to resolve communications problems between themselves.

Computer Security – ESORICS 2006

Finding Peer-to-Peer File-Sharing Using Coarse Network Behaviors.- Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses.- TrustedPals: Secure Multiparty Computation Implemented with Smart Cards.- Private Information Retrieval Using Trusted Hardware.- Bridging the Gap Between Inter-communication Boundary and Internal Trusted Components.- License Transfer in OMA-DRM.- Enhanced Security Architecture for Music Distribution on Mobile.- A Formal Model of Access Control for Mobile Interactive Devices.- Discretionary Capability Confinement.- Minimal Threshold Closure.- Reducing the Dependence of SPKI/SDSI on PKI.- Delegation in Role-Based Access Control.- Applying a Security Requirements Engineering Process.- Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System.- A Formal Framework for Confidentiality-Preserving Refinement.- Timing-Sensitive Information Flow Analysis for Synchronous Systems.- HBAC: A Model for History-Based Access Control and Its Model Checking.- From Coupling Relations to Mated Invariants for Checking Information Flow.- A Linear Logic of Authorization and Knowledge.- Pret a Voter with Re-encryption Mixes.- Secure Key-Updating for Lazy Revocation.- Key Derivation Algorithms for Monotone Access Structures in Cryptographic File Systems.- Cryptographically Sound Security Proofs for Basic and Public-Key Kerberos.- Deriving Secrecy in Key Establishment Protocols.- Limits of the BRSIM/UC Soundness of Dolev-Yao Models with Hashes.- Conditional Reactive Simulatability.- SessionSafe: Implementing XSS Immune Session Handling.- Policy-Driven Memory Protection for Reconfigurable Hardware.- Privacy-Preserving Queries on Encrypted Data.- Analysis of Policy Anomalies on Distributed Network Security Setups.- Assessment of a Vulnerability in Iterative Servers Enabling Low-Rate DoS Attacks.- Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems.

What do we mean by entity authentication

The design of authentication protocols has proven to be surprisingly error-prone. We suggest that this is partly due to a language problem. The objectives of entity authentication are usually given in terms of human encounters while we actually implement message passing protocols. We propose various translations of the high-level objectives into a language appropriate for communication protocols. In addition, protocols are often specified at too low a level of abstraction. We argue that encryption should not be used as a general primitive as it does not capture the specific purpose for using a cryptographic function in a particular protocol.

Computer Security – ESORICS 2003

Information push is today an approach widely used for information dissemination in distributed systems. Under information push, a Web data source periodically (or whenever some relevant event arises) broadcasts data to clients, without the need of an explicit request. In order to make information push usable in a large variety of application domains, it is however important that the authenticity and privacy requirements of both the receiver subjects and information owners be satisfied. Although the problem of confidentiality has been widely investigated, no comparable amount of work has been done for authenticity. In this paper, we propose a model to specify signature policies, specifically conceived for XML data. The model allows the specification of credential-based signature policies, supporting both single and joint signatures. Additionally, we provide an architecture for supporting the generation of selectively encrypted and authenticated XML document, ensuring at the same time the satisfaction of both access control and signature policies.

Certified Electronic Mail

This paper examines certified mail delivery in postal systems and derives the essential requirements that may be met by a service called certified electronic mail. Protocols are presented to demonstrate how various flavours of certified electronic mail services may be implemented.

Computer Security – ESORICS 2004

Constraints are an integral part of access control policies. Depending upon their time of enforcement, they are categorized as static or dynamic; static constraints are enforced during the policy compilation time, and the dynamic constraints are enforced during run time. While there are several logic-based access control policy frameworks, they have a limited power in expressing and enforcing constraints (especially the dynamic constraints). We propose dynFAF, a constraint logic programming based approach for expressing and enforcing constraints. To make it more concrete, we present our approach as an extension to the flexible authorization framework (FAF) of Jajodia et al. [17]. We show that dynFAF satisfies standard safety and liveliness properties of a safety conscious software system.

Computer Security - ESORICS 2000

This paper presents an approach enabling a smart card issuer to verify that a new applet securely interacts with already downloaded applets. A security policy has been defined that associates levels to applet attributes and methods and defines authorized flows between levels. We propose a technique based on model checking to verify that actual information flows between applets are authorized. We illustrate our approach on applets involved in an electronic purse running on Java enabled smart cards.

Computer Security — ESORICS 2002

In recent times information flow and non-interference have become very popular concepts for expressing both integrity and privacy properties. We present the first general definition of probabilistic non-interference in reactive systems which includes a computational case. This case is essential to cope with real cryptography since noninterference properties can usually only be guaranteed if the underlying cryptographic primitives have not been broken. This might happen, but only with negligible probability. Furthermore, our definition links noninterference with the common approach of simulatability that modern cryptography often uses. We show that our definition is maintained under simulatability, which allows secure composition of systems, and we present a general strategy how cryptographic primitives can be included in information flow proofs. As an example we present an abstract specification and a possible implementation of a cryptographic firewall guarding two honest users from their environment.

Observations on Non-repudiation

This paper discusses non-repudiation services regarding the transfer of a message and classifies the roles of trusted third parties involved in non-repudiation services. We examine the selective receipt problem and the generation of time evidence, analyse the current state of the ISO/IEC 13888 drafts on non-repudiation mechanisms, and present a fair non-repudiation protocol including time evidence to promote the development of these drafts.