Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage

Blanchet, Bruno; Chaudhuri, Avik

doi:10.1109/sp.2008.12

Cited by 50 publications

(39 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A secure file system Plutus [39] has been studied with ProVerif in [40]. In [41], comparison of ProVerif and AVISPA is done by applying on various protocols.…”

Section: Application Of Toolsmentioning

confidence: 99%

Cryptographic Protocols Specification and Verification Tools - A Survey

Shinde¹,

Umbarkar²,

Pillai³

2017

IJCT

View full text Add to dashboard Cite

Cryptographic protocols cannot guarantee the secure operations by merely using state-of-the-art cryptographic mechanisms. Validation of such protocols is done by using formal methods. Various specialized tools have been developed for this purpose and are being used to validate real life cryptographic protocols. These tools give feedback to the designers of protocols in terms of loops and attacks in protocols to improve security. In this paper, we discuss the brief history of formal methods and tools that are useful for the formal verification of the cryptographic protocols.

show abstract

“…A secure file system Plutus [39] has been studied with ProVerif in [40]. In [41], comparison of ProVerif and AVISPA is done by applying on various protocols.…”

Section: Application Of Toolsmentioning

confidence: 99%

Cryptographic Protocols Specification and Verification Tools - A Survey

Shinde¹,

Umbarkar²,

Pillai³

2017

IJCT

View full text Add to dashboard Cite

show abstract

“…The tool has been used to verify many security and privacy properties, e.g., see [32,33,34,35,36,9,37,21].…”

Section: Proverifmentioning

confidence: 99%

Formal modelling and analysis of receipt-free auction protocols in applied pi

Dong

Jonker

Pang

2017

Computers & Security

View full text Add to dashboard Cite

We formally study two privacy-type properties for e-auction protocols: bidding-pricesecrecy and receipt-freeness. These properties are formalised as observational equivalences in the applied pi calculus. We analyse two receipt-free auction protocols: one (HRM14). Bidding-price-secrecy of the AS02 protocol is verified using the automatic verifier ProVerif, whereas receipt-freeness of the two protocols, as well as biddingprice-secrecy of the HRM14 protocol, are proved manually.

show abstract

“…With respect to formalizations for secure sharing of resources, Blanchet and Chaudhuri [6] developed a formally verified protocol for secure file sharing on untrusted storage (a tool which could be used to secure Android's SD card) and Fragkaki, et al [19] gave formal typing rules to explain Android's security model. Similar to our work, Fragkaki et al described Sorbet, a modification to Android which enforces secrecy and integrity properties written by app developers.…”

Section: Related Workmentioning

confidence: 99%

Towards Unified Authorization for Android

May¹,

Bhargavan

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Android applications that manage sensitive data such as email and files downloaded from cloud storage services need to protect their data from malware installed on the phone. While prior security analyses have focused on protecting system data such as GPS locations from malware, not much attention has been given to the protection of application data. We show that many popular commercial applications incorrectly use Android authorization mechanisms leading to attacks that steal sensitive data. We argue that formal verification of application behaviors can reveal such errors and we present a formal model in ProVerif that accounts for a variety of Android authorization mechanisms and system services. We write models for four popular applications and analyze them with ProVerif to point out attacks. As a countermeasure, we propose Authzoid, a sample standalone application that lets applications define authorization policies and enforces them on their behalf.

show abstract

Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage

Cited by 50 publications

References 21 publications

Cryptographic Protocols Specification and Verification Tools - A Survey

Cryptographic Protocols Specification and Verification Tools - A Survey

Formal modelling and analysis of receipt-free auction protocols in applied pi

Towards Unified Authorization for Android

Contact Info

Product

Resources

About