Abstract
Combining security solutions in order to achieve stronger (combined) security properties is not straightforward. This paper shows that security-preserving alphabetic language homomorphisms can be used to derive security results for combined security solutions. A relatively simple example of the combination of two different authentication properties (device authentication using a trusted platform module and user authentication using SSL) are integrated. Using security-preserving language homomorphisms it is shown that previously proposed combinations of solutions do not satisfy the desired integrated security properties. Finally, an improved integration of the two solutions is shown to satisfy the desired properties.
Part of this work was accomplished within the project SERENITY 27587 funded by the European Commission.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Choi, S., Han, J., Jun, S.: Improvement on TCG Attestation and Its Implication for DRM. In: Gervasi, O., Gavrilova, M.L. (eds.) ICCSA 2007, Part I. LNCS, vol. 4705, pp. 912–925. Springer, Heidelberg (2007)
Cremers, C.: Feasibility of multi-protocol attacks. In: Proc. of The First International Conference on Availability, Reliability and Security (ARES), pp. 287–294. IEEE Computer Society, Los Alamitos (2006)
Eilenberg, S.: Automata, Languages and Machines. Academic Press, London (1974)
Frier, A., Karlton, P., Kocher, P.: The SSL 3.0 Protocol. Netscape Communications Corp. (November 1996)
Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 21–24. ACM, New York (2006)
Trusted Computing Group. TCG TPM Specification 1.2 revision 94 (2006), http://www.trustedcomputing.org
Gürgens, S., Ochsenschläger, P., Rudolph, C.: Authenticity and provability - A formal framework. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 227–245. Springer, Heidelberg (2002)
Gürgens, S., Ochsenschläger, P., Rudolph, C.: On a formal framework for security properties. International Computer Standards & Interface Journal (CSI), Special issue on formal methods, techniques and tools for secure and reliable applications 27(5), 457–466 (2005)
Gürgens, S., Rudolph, C., Scheuermann, D., Atts, M., Plaga, R.: Security evaluation of scenarios based on the tCG’s TPM specification. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 438–453. Springer, Heidelberg (2007)
Mantel, H.: Preserving Information Flow Properties under Refinement. In: IEEE Symposium on Security and Privacy, Oakland, pp. 78–91. IEEE Computer Science, Los Alamitos (2001)
Mathuria, A., Singh, A., Shravan, P.V., Kirtanka, R.: Some new multi-protocol attacks. In: ADCOM – Proceedings of the 15th International Conference on Advanced Computing and Communications, pp. 465–471. IEEE Computer Society, Los Alamitos (2007)
Meadows, C.: Analyzing the Needham-Schroeder Public Key Protocol: A Comparison of Two Approaches. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146. Springer, Heidelberg (1996)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)
Santen, T.: Preservation of probabilistic information flow under refinement. Information and Computation 206(2-4), 213–249 (2008)
Trusted Computing Group. TPM Main - Part 1 Design Principals, Specification Version 1.2, Level 2 Revision 103 (July 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Fuchs, A., Gürgens, S., Rudolph, C. (2009). On the Security Validation of Integrated Security Solutions. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)