Although computer security typically revolves around threats, attacks and defenses, the sub-field of security protocol analysis (SPA) has so far focused almost exclusively on attacks. In this paper, we show that such focus on attacks depends on few critical assumptions that have been characteristic of the field and have governed its mindset, approach and developed tools. We motivate that indeed there is room in SPA for a fruitful notion of defense and that the conceptual bridge lies in multiple non-collaborating attackers. Defending security protocols through interference between attackers is possible; however, in order to understand network behavior completely, it is necessary to start treating protocols as environments, not simply as sequences of message exchanges.
Security protocols as environments: A lesson from non-collaboration
FIAZZA, Maria Camilla;PEROLI, Michele;VIGANO', Luca
2011-01-01
Abstract
Although computer security typically revolves around threats, attacks and defenses, the sub-field of security protocol analysis (SPA) has so far focused almost exclusively on attacks. In this paper, we show that such focus on attacks depends on few critical assumptions that have been characteristic of the field and have governed its mindset, approach and developed tools. We motivate that indeed there is room in SPA for a fruitful notion of defense and that the conceptual bridge lies in multiple non-collaborating attackers. Defending security protocols through interference between attackers is possible; however, in order to understand network behavior completely, it is necessary to start treating protocols as environments, not simply as sequences of message exchanges.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
