An information flow method to detect denial of service vulnerabilities

Journal of Universal Computer Science

Volumn 9, Issue 11, 2003, Pages 1350-1369

  Lafrance, Stéphane ^a   Mullins, John ^a  

^a ÉCOLE POLYTECHNIQUE DE MONTRÉAL   (Canada)

Author keywords

Admissible interference; Bisimulation; Denial of service; Equivalence checking; Protocols

Indexed keywords

EID: 1442292328     PISSN: 0958695X     EISSN: 09486968     Source Type: Journal    
DOI: None     Document Type: Conference Paper

References (26)

1. [Abadi and Gordon 1998] Abadi, M., Gordon, A. D.: "A bisimulation method for cryptographic protocols"; Nordic Journal of Computing, 5, 4 (1998), 267-303.
2. [Boreale et al. 1999] Boreale, M., De Nicola, R., Pugliese, R.: "Proof techniques for cryptographic processes"; Proc. Logic in Computer Science (1999), 157-166.
3. [Boudol 1985] Boudol, G.: "Notes on algebraic calculi of processes": Proc. Logic and Models of Concurrent Systems, NATO ASI Series F-13, Springer (1985), 261-303.
4. [Cortier 2002] Cortier, V.: "Observational equivalence and trace equivalence in an extension of spi-calculus. application to cryptographic protocols analysis"; Technical Report LSV-02-3, Lab. Specification and Verification, ENS de Cachan, Cachan, France (2002).
5. [Criscuolo 2000] Criscuolo, P. J.: "Distributed denial of service trin00, tribe flood network, tribe flood network 2000, and stacheldraht"; Technical Report CIAC-2319, Lawrence Livermore National Laboratory (Feb 2000).
6. [Cuppens and Saurel 1999] Cuppens, F., and Saurel, C.: "Towards a formalization of availability and denial of ssrvice"; Proc. Information Systems Technology Panel Symposium on Protecting Nato Information Systems in the 21st century, Washington (1999).
7. [Dietrich et al. 2000] Dietrich, S., Long, N., Dittrich, D.: "Analyzing distributed denial of service tools: The shaft case"; Proc. USENIX LISA (2000).
8. [Durante et al. 1999] Durante, A., Focardi, R., Gorrieri, R.: "CVS: A compiler for the analysis of cryptographic protocols"; Proc. of 12th IEEE Computer Security Foundations Workshop, IEEE Computer Society (June 1999).
9. [Focardi et al. 1997] Focardi, R., Ghelli, A., Gorrieri, R.: "Using non interference for the analysis of security protocols": Proc. DIMACS Workshop on Design and Formal Verification of Security Protocols, Orman, H., Meadows, C. (editors), Rutgers University (Sep 1997).
10. [Focardi and Gorrieri 1994/1995] Focardi, R., Gorrieri, R.: "A classification of security properties for process algebras"; Journal of Computer Security, 3, 1 (1994/1995), 5-33.
11. [Goguen and Meseguer 1982] Goguen, J.A., Meseguer, J.: "Security policies and security models"; Proc. 1982 IEEE Symposium on Research in Security and Privacy (1982), 11-20.
12. [Gong and Syverson 1998] Gong, L., Syverson, P.: "Fail-stop protocols: An approach to designing secure protocols"; Proc. Dependable Computing for Critical Applications, 5, IEEE Computer Society (1998), 79-100.
13. [Lafrance and Mullins 2002a] Lafrance, S., Mullins, J.: "Bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols"; Proc. Electronic Notes in Theoretical Computer Science, 61, Harland, J. (editor), Elsevier Science Publishers (2002).
14. [Lafrance and Mullins 2002b] Lafrance, S., Mullins, J.: "A generic enemy process for the analysis of cryptoprotocols"; Proc. FSCBS'2002 (2002). Available at www.crac.polymtl.ca/mullins.
15. [Lafrance and Mullins 2003] Lafrance, S., Mullins, J.: "A symbolic approach to the analysis of security protocols"; Proc. of Foundations of Computer Security affiliated with LICS'09, Ottawa (2003). Available at http://theory.stanford.edu/iliano/fcs03/www/
16. [Meadows 1996] Meadows, C.: "The NRL protocol analyzer: An overview"; Journal of Logic Programming, 26, 2 (1996), 113-131.
17. [Meadows 2001] Meadows, C.: "A cost-based framework for analysis of denial of service networks"; Journal of Computer Security, 9, 1/2 (2001), 143-164.
18. [Millen 1992] Millen, J.: "A resource allocation model for denial of service"; Proc. of the 1992 IEEE Symposium on Security and Privacy, IEEE Computer Society Press (1992), 137- 147.
19. [Milner 1989] Milner, R.: "Communication and concurrency"; Prentice-Hall (1989).
20. [Mullins 2000] Mullins, J.: "Nondeterministic admissible interference"; Journal of Universal Computer Science, 6, 11 (2000), 1054-1070.
21. [Mullins and Yeddes 2001] Mullins, J., Yeddes, M.: "Two proof methods for bisimulation-based non-deterministic admissible interference"; Submitted for publication (2001). Available at www.crac.polymtl.ca/mullins.
22. [Paxson 2001] Paxson, V.: "An analysis of using reflectors in distributed denial-of-service attacks"; (2001).
23. [Rushby 1992] Rushby, J.: "Noninterference, transitivity and channel-control security policies"; Technical Report CSL-92-02, SRI International, Menlo Park CA, USA (Dec 1992).
24. [Schneider 1996] Schneider, S.: "Security properties and CSP"; Proc. IEEE Symposium on Security and Privacy (1996), 174-187.
25. [Schuba et al. 1997] Schuba, C. L., Krsul, I. V., Kuhn, M. G., Spafford, E. H., Sundaram, A., Zamboni, D.: "Analysis of a denial of service attack on TCP"; Proc. of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press (May 1997), 208-223.
26. [Yu and Gligor 1988] Yu, C., Gligor, V. D.: "A formal specification and verification method for the prevention of denial of service"; Proc. 1988 IEEE Symposium on Security and Privacy, 117, IEEE Computer Society Press (Apr 1988), 187-202.