Breaking the Model: Finalisation and a Taxonomy of Security Attacks

John A. Clark, Susan Stepney, Howard Chivers
<span title="">2005</span> <i title="Elsevier BV"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/uy5mv2ncw5eahkdx47hkrglxmm" style="color: black;">Electronical Notes in Theoretical Computer Science</a> </i> &nbsp;
It is well known that security properties are not preserved by refinement, and that refinement can introduce new, covert, channels, such as timing channels. The finalisation step in refinement can be analysed to identify some of these channels, as unwanted finalisations that can break the assumptions of the formal model. We introduce a taxonomy of such unwanted finalisations, and give examples of attacks that exploit them.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.entcs.2005.04.033">doi:10.1016/j.entcs.2005.04.033</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/k4gdirmajvdlnhc6vsktymanfe">fatcat:k4gdirmajvdlnhc6vsktymanfe</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170809230333/http://www-users.cs.york.ac.uk/susan/bib/ss/security/refine05a.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/06/9f/069fa27970c7b1fb8fb50391244d54207d281a34.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.entcs.2005.04.033"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> elsevier.com </button> </a>