Ecole d'ingénieur et centre de recherche en Sciences du numérique

A tool for supporting developers in aalyzing the security of web-based security protocols

Pellegrino, Giancarlo; Compagna, Luca; Morreggia, Thomas

ICTSS 2013, 25th IFIP International Conference on Testing Software and Systems, November 13-15, 2013, Istanbul, Turkey / Also published in LNCS, Volume 8254/2013

Security protocols are specified in natural language, are highly-configurable, and may not match the internal requirements of the development company. As a result, developers may misunderstand the specifications, may not grasp the security implications of configurations, and may deviate from the specifications introducing flaws. However, none of the existing security testing techniques provides the features, scalability, and usability to support developers in assessing the security of protocol configurations and deviations. This paper presents a tool that leverages on existing design verification and security testing techniques, and extends them to support developers in analyzing security protocols. We used the tool for the analysis of prominent security protocols (i.e., SAML SSO, OpenID, OAuth2), and of six industrial-size implementations.

Document Doi Bibtex

Titre:A tool for supporting developers in aalyzing the security of web-based security protocols
Type:Conférence
Langue:English
Ville:Istanbul
Pays:TURQUIE
Date:
Département:Sécurité numérique
Eurecom ref:4183
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in ICTSS 2013, 25th IFIP International Conference on Testing Software and Systems, November 13-15, 2013, Istanbul, Turkey / Also published in LNCS, Volume 8254/2013 and is available at : http://dx.doi.org/10.1007/978-3-642-41707-8_19
Bibtex: @inproceedings{EURECOM+4183, doi = {http://dx.doi.org/10.1007/978-3-642-41707-8_19}, year = {2013}, title = {{A} tool for supporting developers in aalyzing the security of web-based security protocols}, author = {{P}ellegrino, {G}iancarlo and {C}ompagna, {L}uca and {M}orreggia, {T}homas}, booktitle = {{ICTSS} 2013, 25th {IFIP} {I}nternational {C}onference on {T}esting {S}oftware and {S}ystems, {N}ovember 13-15, 2013, {I}stanbul, {T}urkey / {A}lso published in {LNCS}, {V}olume 8254/2013}, address = {{I}stanbul, {TURQUIE}}, month = {11}, url = {http://www.eurecom.fr/publication/4183} }
Voir aussi: