Paper Info
Title
Lazy mobile intruders
Abstract
We present a new technique for analyzing platforms that execute potentially malicious code, such as web-browsers, mobile phones, or virtualized infrastructures. Rather than analyzing given code, we ask what code an intruder could create to break a security goal of the platform. To avoid searching the infinite space of programs that the intruder could come up with (given some initial knowledge) we adapt the lazy intruder technique from protocol verification: the code is initially just a process variable that is getting instantiated in a demand-driven way during its execution. We also take into account that by communication, the malicious code can learn new information that it can use in subsequent operations, or that we may have several pieces of malicious code that can exchange information if they "meet". To formalize both the platform and the malicious code we use the mobile ambient calculus, since it provides a small, abstract formalism that models the essence of mobile code. We provide a decision procedure for security against arbitrary intruder processes when the honest processes can only perform a bounded number of steps and without path constraints in communication. We show that this problem is NP-complete.
Year
DOI
Venue
2013
10.1007/978-3-642-36830-1_8
POST
Keywords
Field
DocType
arbitrary intruder,lazy intruder technique,abstract formalism,mobile phone,new information,mobile code,mobile ambient calculus,security goal,lazy mobile intruder,new technique,malicious code
Ask price,Cryptographic protocol,Computer science,Theoretical computer science,Formalism (philosophy),Mobile code,Protocol verification,Ambient calculus,Distributed computing,Bounded function
Conference
Volume
ISSN
Citations 
7796
0302-9743
0
PageRank 
References 
Authors
0.34
12
3
Name
Order
Citations
PageRank
Sebastian Mödersheim157931.11
flemming nielson21769172.05
Hanne Riis Nielson31719153.77