PKCS#11, is a security API for cryptographic tokens. It is known to be vulnerable to attacks which can directly extract, as cleartext, the value of sensitive keys. Fixes proposed in the literature, or implemented in real devices, impose policies restricting key roles and token functionalities. In  we have presented a type-based analysis to prove, on abstract API specifications, that the secrecy of sensitive keys is preserved under a certain policy. In this paper we discuss how this type system might be extended to type-check a real security policy implemented in the opencryptoki PKCS#11 software token. This is a first step towards a type-based analysis of real PKCS#11 devices.
|Data di pubblicazione:||2012|
|Titolo:||Towards a type-based analysis of real PKCS#11 devices|
|Titolo del libro:||ASA 2012|
|Appare nelle tipologie:||4.2 Abstract in Atti di convegno|
File in questo prodotto: