Formal Analysis of PKCS#11

June 23-June 25

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSF.2008.16

2008 21st IEEE Computer Security Foun ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by St?phanie Delaune Articles by Steve Kremer Articles by Graham Steel

	ASCII Text	x
	St?phanie Delaune, Steve Kremer, Graham Steel, "Formal Analysis of PKCS#11," Computer Security Foundations Symposium, IEEE, pp. 331-344, 2008 21st IEEE Computer Security Foundations Symposium, 2008.

	BibTex	x
	@article{ 10.1109/CSF.2008.16, author = {St?phanie Delaune and Steve Kremer and Graham Steel}, title = {Formal Analysis of PKCS#11}, journal ={Computer Security Foundations Symposium, IEEE}, volume = {0}, year = {2008}, isbn = {978-0-7695-3182-3}, pages = {331-344}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSF.2008.16}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Symposium, IEEE TI - Formal Analysis of PKCS#11 SN - 978-0-7695-3182-3 SP331 EP344 A1 - St?phanie Delaune, A1 - Steve Kremer, A1 - Graham Steel, PY - 2008 KW - Security API KW - PKCS11 KW - Key management VL - 0 JA - Computer Security Foundations Symposium, IEEE ER -

St?phanie Delaune

Steve Kremer

Graham Steel

PKCS#11 defines an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which differs from previous security API models notably in that it accounts for non-monotonic mutable global state. We give decidability results for our formalism, and describe an implementation of the resulting decision procedure using a model checker. We report some new attacks and prove the safety of some configurations of the API in our model.

Index Terms:

Security API, PKCS11, Key management

Citation:

St?phanie Delaune, Steve Kremer, Graham Steel, "Formal Analysis of PKCS#11," csf, pp.331-344, 2008 21st IEEE Computer Security Foundations Symposium, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.