In 2000, Bond and Anderson exposed a new family of attacks on application programming interfaces (APIs) of security modules. These attacks elicit compromising behaviors using an unexpected sequence of legal calls to the module, uncovering severe security flaws even in widely-deployed cryptographic hardware. Because these attacks do not depend on the underlying cryptographic mechanisms, they often succeed even under the assumption of ideal cryptographic primitives. This thesis presents a methodology for the automatic detection of API attacks. Taking a cue from previous work on the formal analysis of security protocols and noting these attacks ' independence from precise cryptographic mechanisms, we model APIs opaquely, purely according ...
Even experienced developers struggle to implement security poli-cies correctly. For example, despite...
International audienceDue to the success of formal modeling of protocols such as TLS, there is a rev...
Security critical applications often store keys on dedicated HSM or key-management servers to separa...
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering an...
A system is vulnerable to an API-level attack if its security can be compromised by invoking an allo...
AbstractWe argue that formal analysis tools for security protocols are not achieving their full pote...
Cryptographic APIs are often vulnerable to attacks that compromise sensitive cryptographic keys. In ...
A security API is an Application Program Interface that allows untrusted code to access sensitive re...
This thesis introduces the newly-born field of Security API research, and lays the foundations for f...
We argue that finding vulnerabilities in software components is different from finding exploits agai...
We present a search method for detecting potential security flaws in cryptographic protocols. The me...
While cryptography is now readily available to everyone and can, provably, protect private informati...
Cryptography is often a critical component in secure software systems. Cryptographic primitive misus...
Application Programming Interfaces (APIs) in cryptography typically impose concealed usage con...
While cryptography is now readily available to everyone and can, provably, protect private informati...
Even experienced developers struggle to implement security poli-cies correctly. For example, despite...
International audienceDue to the success of formal modeling of protocols such as TLS, there is a rev...
Security critical applications often store keys on dedicated HSM or key-management servers to separa...
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering an...
A system is vulnerable to an API-level attack if its security can be compromised by invoking an allo...
AbstractWe argue that formal analysis tools for security protocols are not achieving their full pote...
Cryptographic APIs are often vulnerable to attacks that compromise sensitive cryptographic keys. In ...
A security API is an Application Program Interface that allows untrusted code to access sensitive re...
This thesis introduces the newly-born field of Security API research, and lays the foundations for f...
We argue that finding vulnerabilities in software components is different from finding exploits agai...
We present a search method for detecting potential security flaws in cryptographic protocols. The me...
While cryptography is now readily available to everyone and can, provably, protect private informati...
Cryptography is often a critical component in secure software systems. Cryptographic primitive misus...
Application Programming Interfaces (APIs) in cryptography typically impose concealed usage con...
While cryptography is now readily available to everyone and can, provably, protect private informati...
Even experienced developers struggle to implement security poli-cies correctly. For example, despite...
International audienceDue to the success of formal modeling of protocols such as TLS, there is a rev...
Security critical applications often store keys on dedicated HSM or key-management servers to separa...