Security protocols are often specified at the application layer; however, application layer specifications give little detail regarding message data structures at the presentation layer upon which some implementation-dependent attacks rely. In this paper we present an approach to verifying security protocols in which both the application and presentation layers are modelled. Using the Group Domain of Interpretation protocol as an example, our application layer specification of the protocol is used as input to the AVISPA model checking tool for analysis. Two type flaw attacks are found via model checking which are then verified against the corresponding presentation layer specification, thus identifying the minimal requirements to prevent the attacks.
机译:用简化的标记方案防止对安全协议的类型缺陷攻击
机译:如何防止对安全协议的类型缺陷攻击
机译:基于信任的跨层安全协议的Sybil攻击(DAS)的改进
机译:对安全协议的类型缺陷攻击进行跨层验证
机译:从类型理论到安全协议验证。
机译:用于存储在云服务中的文件完整性的信任验证的安全体系结构和协议
机译:对安全协议的类型缺陷攻击的跨层验证
机译:如何防止密码协议的类型缺陷猜测攻击
