A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is
Lecture Notes in Computer Science
We introduce Caml Crush, a PKCS#11 filtering proxy. Our solution allows to dynamically protect PKCS#11 cryptographic tokens from state of the art attacks. ... This yields additional advantages to using Caml Crush that go beyond classical PKCS#11 weakness mitigations. ... In this article we present Caml Crush, a secure architecture meant to protect vulnerable PKCS#11 middlewares. ...doi:10.1007/978-3-319-16763-3_11 fatcat:yslszwpds5hjtia7lhh6lp7qia
We discuss possible practical implementations and we develop a proof-of-concept log analysis tool for PKCS#11 that is able to detect, on a significant fragment of the API, all keymanagement attacks from ... In this paper we take a different approach. ... None of them perform a run-time analysis of API invocation sequences. Caml Crush  is a PKCS#11 Filtering Proxy that can be configured to prevent dangerous PKCS#11 commands and mechanisms. ...doi:10.1109/csf.2017.33 dblp:conf/csfw/FocardiS17 fatcat:fnw6am5singvxeekavb3lnteaa