Ecole d'ingénieur et centre de recherche en Sciences du numérique

From model-checking to automated testing of security protocols: Bridging the gap

Armando, Alessandro; Pellegrino, Giancarlo; Carbone, Roberto; Merlo, Alessio; Balzarotti, Davide

TAP 2012, 6th International Conference on Tests and Proofs, May 31-June 1, 2012, Prague, Czech Republic / Published also in LNCS, Volume 7305, 2012, Springer

Model checkers have been remarkably successful in finding flaws in security protocols. In this paper we present an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. By using our approach we have been able to automatically detect and reproduce an attack witnessing an authentification flaw in the SAML-based Single Sign-On for Google Apps.

Document Doi Bibtex

Titre:From model-checking to automated testing of security protocols: Bridging the gap
Type:Conférence
Langue:English
Ville:Prague
Pays:TCHÈQUE, RÉPUBLIQUE
Date:
Département:Sécurité numérique
Eurecom ref:3659
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in TAP 2012, 6th International Conference on Tests and Proofs, May 31-June 1, 2012, Prague, Czech Republic / Published also in LNCS, Volume 7305, 2012, Springer and is available at : http://dx.doi.org/10.1007/978-3-642-30473-6_3
Bibtex: @inproceedings{EURECOM+3659, doi = {http://dx.doi.org/10.1007/978-3-642-30473-6_3 }, year = {2012}, title = {{F}rom model-checking to automated testing of security protocols: {B}ridging the gap}, author = {{A}rmando, {A}lessandro and {P}ellegrino, {G}iancarlo and {C}arbone, {R}oberto and {M}erlo, {A}lessio and {B}alzarotti, {D}avide}, booktitle = {{TAP} 2012, 6th {I}nternational {C}onference on {T}ests and {P}roofs, {M}ay 31-{J}une 1, 2012, {P}rague, {C}zech {R}epublic / {P}ublished also in {LNCS}, {V}olume 7305, 2012, {S}pringer}, address = {{P}rague, {TCH}{\`{E}}{QUE}, {R}{\'{E}}{PUBLIQUE}}, month = {05}, url = {http://www.eurecom.fr/publication/3659} }
Voir aussi: