Modeling Partial Attacks with Alloy
نویسندگان
چکیده
The automated and formal analysis of cryptographic primitives, security protocols and Application Programming Interfaces (APIs) up to date has been focused on discovering attacks that completely break the security of a system. However, there are attacks that do not immediately break a system but weaken the security sufficiently for the adversary. We term these attacks partial attacks and present the first methodology for the modeling and automated analysis of this genre of attacks by describing two approaches. The first approach reasons about entropy and was used to simulate and verify an attack on the ECB|ECB|OFB triple-mode DES block-cipher. The second approach reasons about possibility sets and was used to simulate and verify an attack on the personal identification number (PIN) derivation algorithm used in the IBM 4758 Common Cryptographic Architecture.
منابع مشابه
Modeling of Corrosion-Fatigue Crack Growth Rate Based on Least Square Support Vector Machine Technique
Understanding crack growth behavior in engineering components subjected to cyclic fatigue loadings is necessary for design and maintenance purpose. Fatigue crack growth (FCG) rate strongly depends on the applied loading characteristics in a nonlinear manner, and when the mechanical loadings combine with environmental attacks, this dependency will be more complicated. Since, the experimental inv...
متن کاملModeling the Number of Attacks in Multiple Sclerosis Patients Using Zero-Inflated Negative Binomial Model
Background and aims: Multiple sclerosis (MS) is an inflammatory disease of the central nervous system.The impact of the number of attacks on the disease is undeniable. The aim of this study was to analyze thenumber of attacks in these patients.Methods: In this descriptive-analytical study, the registered data of 1840 MS patients referred to the MS clinicof Ayatollah Kash...
متن کاملαRby - An Embedding of Alloy in Ruby
We present αRby—an embedding of the Alloy language in Ruby— and demonstrate the benefits of having a declarative modeling language (backed by an automated solver) embedded in a traditional object-oriented imperative programming language. This approach aims to bring these two distinct paradigms (imperative and declarative) together in a novel way. We argue that having the other paradigm availabl...
متن کاملA comparative study on constitutive modeling of hot deformation flow curves in AZ91 magnesium alloy
Modeling the flow curves of materials at elevated temperatures is the first step in mathematical simulation of the hot deformation processes of them. In this work a comparative study was provided to examine the capability of three different constitutive equations in modeling the hot deformation flow curves of AZ91 magnesium alloy. For this, the Arrhenius equation with strain dependent constants...
متن کاملAutomated Analysis of Security APIs
Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered APIchaining and type-confusion attacks on hardware security modules used in large banking systems. While these first attacks were found through human inspe...
متن کامل