Security

Analysing PKCS#11 Key Management APIs With Unbounded Fresh Data

Free registration required

Executive Summary

The authors extend Delaune, Kremer and Steel's framework for analysis of PKCS#11-based APIs from bounded to unbounded fresh data. They achieve this by: formally defining the notion of an attribute policy; showing that a well-designed API should have a certain class of policy they call complete; showing that APIs with complete policies may be safely abstracted to APIs where the attributes are fixed; and proving that these static APIs can be analyzed in a small bounded model such that security properties will hold for the unbounded case. They automate analysis in their framework using the SAT-based security protocol model checker SATMC.

  • Format: PDF
  • Size: 229.88 KB