• DocumentCode
    3404348
  • Title

    SN2K Attacks and Honest Services

  • Author

    Kundu, Ashish

  • Author_Institution
    Dept. of Comput. Sci., Purdue Univ., West Lafayatte, IN, USA
  • Volume
    2
  • fYear
    2009
  • fDate
    20-24 July 2009
  • Firstpage
    445
  • Lastpage
    450
  • Abstract
    In this paper, we define and illustrate a new form of attack in the context of software services: the software-based need-to-know (SN2K) attack. SN2K attacks can be carried out by dishonest provider of a software service so that it can maliciously gain access to sensitive information, even if the service does {em not need to know} such data in order to compute the functionalities offered by it. We prove that it is generally undecidable to detect whether a given implementation of a service is dishonest, i.e., it implements an SN2K attack. A certification scheme for honest services is also proposed; our scheme relies on program slicing and certain other aspects of static program analysis.
  • Keywords
    digital signatures; program diagnostics; SN2K attack; certification scheme; digital signature technique; honest service; malicious service provider; program slicing; software-based need-to-know attack; static program analysis; Application software; Certification; Computer applications; Computer crime; Computer science; Context-aware services; Data privacy; Data security; Information security; Mobile computing; Certification; Honest Services; Least-privilege Principle; Need-to-Know; Program Analysis; Slicing; Undecidability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Software and Applications Conference, 2009. COMPSAC '09. 33rd Annual IEEE International
  • Conference_Location
    Seattle, WA
  • ISSN
    0730-3157
  • Print_ISBN
    978-0-7695-3726-9
  • Type

    conf

  • DOI
    10.1109/COMPSAC.2009.174
  • Filename
    5254067
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3404348