Jonathan K. Millen

Constraint solving for bounded-process cryptographic protocol analysis

The reachability problem for cryptographic protocols with non-atomic keys can be solved via a simple constraint satisfaction procedure.

Three systems for cryptographic protocol analysis

Three experimental methods have been developed to help apply formal methods to the security verification of cryptographic protocols of the sort used for key distribution and authentication. Two of these methods are based on Prolog programs, and one is based on a general-purpose specification and verification system. All three combine algebraic with state-transition approaches. For purposes of comparison, they were used to analyze the same example protocol with a known flaw.

The Interrogator: Protocol Secuity Analysis

The Interrogator is a Prolog program that searches for security vulnerabilities in network protocols for automatic cryptographic key distribution. Given a formal specification of the protocol, it looks for message modification attacks that defeat the protocol objective. It is still under developement, but is has been able to rediscover a known vulnerability in a published protocol. It is implemented in LM-Prolog on a Lisp Machine, with a graphical user interface.

Covert Channel Capacity

Techniques for detecting covert channels are based on information flow models. This paper establishes a connection between Shannons theory of communication and information flow models, such as the Goguen-Meseguer model, that view a reference monitor as a state-transition automaton. The channel associated with a machine and a compromise policy is defined, and the capacity of that channel is taken as a measure of covert channel information rate.

Security Kernel validation in practice

A security kernel is a software and hardware mechanism that enforces access controls within a computer system. The correctness of a security kernel on a PDP-11/45 is being proved. This paper describes the technique used to carry out the first step of the proof: validating a formal specification of the program with respect to axioms for a secure system.

A resource allocation model for denial of service

A denial-of-service protection base (DPB) is characterized as a resource monitor closely related to a TCB, supporting a waiting-time policy for benign processes. Resource monitor algorithms and policies can be stated in the context of a state-transition model of a resource allocation system. Probabilistic waiting-time policies are suggested in addition to the finite- and maximum-waiting-time policies. The model supports concurrency, multiprocessing and networking. A simple example of a DPB is given, as a feasibility and consistency check on the definitions.<<ETX>>

Finite-state noiseless covert channels

Covert channels in a multilevel secure computer system can be exploited by malicious software to compromise information. The maximum information rate of a known channel is determined by modeling the channel as a communications channel and calculating its capacity. The capacity of an important class of covert channels, finite-state noiseless channels with nonuniform transition times, is found by adapting a technique suggested by Shannon (1964).<<ETX>>

The Interrogator A Tool for Cryptographic Protocol Security

Computer networks employ encryption several purposes, including private communication, message authentication, and digital signatures. The correctness and security of these applications depend not only on the strength the cryptographic algorithms, but also on the procedures for key management.

Principles of remote attestation

Remote attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser over a network. We identify five central principles to guide development of attestation systems. We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information about the target; (iv) attestation claims should have explicit semantics to allow decisions to be derived from several claims; and (v) the underlying attestation mechanism must be trustworthy. We illustrate how to acquire evidence from a running system, and how to transport it via protocols to remote appraisers. We propose an architecture for attestation guided by these principles. Virtualized platforms, which are increasingly well supported on stock hardware, provide a natural basis for our attestation architecture.

Security for object-oriented database systems

A design approach for a secure multilevel object-oriented database system is proposed by which a multilevel object-oriented system can be implemented on a conventional mandatory security kernel. Each object is assigned a single security level that applies to all its contents (variables and methods). The informal security policy model includes properties such as compatibility of security level assignments with the class hierarchy. After discussing the essential features of a general object system model, and then extending the object model to incorporate mandatory label-based security, it is shown how typical database security and integrity policies can be supported by this model, with special attention to inference problems and integrity constraints. The representation of integrity constraints and classification constraints are illustrated.<<ETX>>