2 Hits in 8.3 sec

Caml Crush: A PKCS#11 Filtering Proxy [chapter]

Ryad Benadjila, Thomas Calderon, Marion Daubignard
2015 Lecture Notes in Computer Science  
We introduce Caml Crush, a PKCS#11 filtering proxy. Our solution allows to dynamically protect PKCS#11 cryptographic tokens from state of the art attacks.  ...  This yields additional advantages to using Caml Crush that go beyond classical PKCS#11 weakness mitigations.  ...  In this article we present Caml Crush, a secure architecture meant to protect vulnerable PKCS#11 middlewares.  ... 
doi:10.1007/978-3-319-16763-3_11 fatcat:yslszwpds5hjtia7lhh6lp7qia

Run-Time Attack Detection in Cryptographic APIs

Riccardo Focardi, Marco Squarcina
2017 2017 IEEE 30th Computer Security Foundations Symposium (CSF)  
We discuss possible practical implementations and we develop a proof-of-concept log analysis tool for PKCS#11 that is able to detect, on a significant fragment of the API, all keymanagement attacks from  ...  In this paper we take a different approach.  ...  None of them perform a run-time analysis of API invocation sequences. Caml Crush [3] is a PKCS#11 Filtering Proxy that can be configured to prevent dangerous PKCS#11 commands and mechanisms.  ... 
doi:10.1109/csf.2017.33 dblp:conf/csfw/FocardiS17 fatcat:fnw6am5singvxeekavb3lnteaa