Type-Based Analysis of Generic Key Management APIs

Download Now
Provided by: Universita Bocconi
Topic: Security
Format: PDF
In the past few years, cryptographic key management APIs has been shown to be subject to tricky attacks based on the improper use of cryptographic keys. In fact, real APIs provide mechanisms to declare the intended use of keys but they are not strong enough to provide key security. In this paper, the authors propose a simple imperative programming language for specifying strongly-typed APIs for the management of symmetric, asymmetric and signing keys. The language requires that type information is stored together with the key but it is independent of the actual low-level implementation.
Download Now

Find By Topic