کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
458489 696162 2006 7 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Integrity of intention (a theory of types for security APIs)
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
Integrity of intention (a theory of types for security APIs)
چکیده انگلیسی

The task of a security API is to allow users to process data and key material according to the designer's intentions, and to prevent any malicious sequence of commands from violating these intentions. Security APIs do this by attaching metadata to keys and data – type information – to record acceptable usage policy, which is checked by individual API commands in order to approve or deny a particular manipulation. But what actually is type information? This paper proposes a conceptual framework for understanding cryptographic type, and how it maintains the integrity of the designer's intentions in an API. We describe four core conceptual components of type: form, use, role and domain. We compare our model to real-life security APIs, and argue that designing new systems within the bounds of the model improves safety, eliminating many common security issues.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Information Security Technical Report - Volume 11, Issue 2, 2006, Pages 93–99
نویسندگان
, ,