Filters








2,161 Hits in 7.1 sec

The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols [chapter]

Sebastian Mödersheim, Luca Viganò
2009 Lecture Notes in Computer Science  
We introduce the Open-source Fixed-point Model Checker OFMC for symbolic security protocol analysis, which extends the Onthe-fly Model Checker (the previous OFMC).  ...  We also sketch the ongoing integration of fixed-point-based techniques for protocol verification for an unbounded number of sessions. 1 OFMC is available at www.avantssar.eu together with the other back-ends  ...  Acknowledgments The work presented in this paper was partially supported by the FP7-ICT-2007-1 Project no. 216471, "AVANTSSAR: Automated Validation of Trust and Security of Service-oriented Architectures  ... 
doi:10.1007/978-3-642-03829-7_6 fatcat:vimppk5cgrbjhjbvpo7esnluwe

Tools for model-based security engineering

Jan Jürjens, Yijun Yu
2007 Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering - ASE '07  
Advanced users can use this open-source framework to implement verification routines for the constraints of self-defined security requirements.  ...  The proposed method has been applied to an open-source implementation of a cryptographic protocol implementation (Jessie) in Java to build up traceability mappings and security aspects.  ...  The aim is thus to automate the maintenance of traceability mappings created between the cryptographic protocol in design and their open-source implementations.  ... 
doi:10.1145/1321631.1321736 dblp:conf/kbse/JurjensY07 fatcat:s3sfewbyx5hzpmaocuee75lmei

Account and Transaction Protocol of the Open Banking Standard [chapter]

Abdulaziz Almehrej, Leo Freitas, Paolo Modesti
2020 Lecture Notes in Computer Science  
We present an overview of the results of a formal security analysis of the Account and Transaction API protocol.  ...  The UK, similarly to other European countries, has promoted a standard API for data sharing: the Open Banking Standard.  ...  For the verification, we used the Open-Source Fixed-Point Model-Checker (OFMC) [10] , a symbolic model-checker supporting the AnB notation.  ... 
doi:10.1007/978-3-030-48077-6_16 fatcat:mlbxl2zoj5fmteeasx6rq3y5ja

Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs

Endadul Hoque, Omar Chowdhury, Sze Yiu Chau, Cristina Nita-Rotaru, Ninghui Li
2017 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)  
FSM violates given temporal properties by using an off-the-shelf model checker.  ...  Given an implementation, our tool (1) extracts the implemented finite state machine (FSM) of the protocol from the source code by symbolically exploring the code and (2) determines whether the extracted  ...  ACKNOWLEDGMENT We would like to thank the anonymous reviewers for their helpful comments.  ... 
doi:10.1109/dsn.2017.36 dblp:conf/dsn/HoqueCCNL17 fatcat:yyr4w6g7ujcixkyrsu7ym7lnxy

Formal methods for cryptographic protocol analysis: emerging issues and trends

C. Meadows
2003 IEEE Journal on Selected Areas in Communications  
The history of the application of formal methods to cryptographic protocol analysis spans over twenty years, and recently has been showing signs of new maturity and consolidation.  ...  designers that can be used to improve the protocol's security.  ...  Open-Ended Protocols Most of the work on the formal analysis of cryptographic protocols has concentrated on protocols that involve the communication of a fixed number of principals: for example, an initiator  ... 
doi:10.1109/jsac.2002.806125 fatcat:tayyhsybp5d6hhlv5glx4ehe7e

Symbolic Methods in Testing (Dagstuhl Seminar 13021)

Thierry Jéron, Margus Veanes, Burkhart Wolff, Marc Herbstritt
2013 Dagstuhl Reports  
This report documents the program and the outcomes of Dagstuhl Seminar 13021 "Symbolic Methods in Testing".  ...  The aim of the seminar was to bring together leading researchers of this field; the seminary ended up with 38 participants from 10 countries: France,  ...  Open Format Competition à la VSTTE (open format, co-loc, Jury, fixed time) 4. Fixed Format Competition à la SMT and Casc (fixed format, co-location with a Conf.)  ... 
doi:10.4230/dagrep.3.1.1 dblp:journals/dagstuhl-reports/JeronVW13 fatcat:qg6wp73g6jejbg6xsmysn574dy

A Systematic Approach to Formal Analysis of QUIC Handshake Protocol Using Symbolic Model Checking

Jingjing Zhang, Xianming Gao, Lin Yang, Tao Feng, Dongyang Li, Qiang Wang, Ruhul Amin
2021 Security and Communication Networks  
To aim this safety requirement, we propose a formal analysis method to analyze the safety of QUIC handshake protocol by using model checker SPIN and cryptographic protocol verifier ProVerif.  ...  As a newly proposed secure transport protocol, QUIC aims to improve the transport performance of HTTPS traffic and enable rapid deployment and evolution of transport mechanisms.  ...  Regarding the disadvantages of the current work, we would like to remark that the analysis results by typical model checker and cryptographic protocol verifier are based on the symbolic protocol model,  ... 
doi:10.1155/2021/1630223 fatcat:b2c2f3rsdzbqpieipoa4i7cipe

Security Analysis of the Open Banking Account and Transaction API Protocol [article]

Abdulaziz Almehrej, Leo Freitas, Paolo Modesti
2020 arXiv   pre-print
We present a formal security analysis of its APIs, focusing on the correctness of the Account and Transaction API protocol.  ...  The UK, similarly to other European countries, has promoted a standard API for data sharing:~the Open Banking Standard.  ...  We are also grateful to the EPSRC EP/N023641/1 STRATA programme grant for financially supporting this work.  ... 
arXiv:2003.12776v1 fatcat:bqbtdbwgyrhuvc7shsii3khama

Review of PLC Security Issues in Industrial Control System

Xiaojun Pan, Zhuoran Wang, Yanbin Sun
2020 Journal of Cyber Security  
Then we analyze the PLC code security, firmware security, network security, virus vulnerability and Modbus communication protocol by reviewing the previous related work.  ...  Programmable Logic Controllers (PLC), core of industrial control systems, is widely used in industrial control systems. The security of PLC is the key to the security of industrial control systems.  ...  can be checked by the model checker (SPIN), derived from the source model using model transformation.  ... 
doi:10.32604/jcs.2020.010045 fatcat:jtha7dhbkbbvvjca4b44vfkole

Symbolic execution for software testing in practice

Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S. Păsăreanu, Koushik Sen, Nikolai Tillmann, Willem Visser
2011 Proceeding of the 33rd international conference on Software engineering - ICSE '11  
We present results for the "Impact Project Focus Area" on the topic of symbolic execution as used in software testing.  ...  Symbolic execution is a program analysis technique introduced in the 70s that has received renewed interest in recent years, due to algorithmic advances and increased availability of computational power  ...  The CREST tool is developed and maintained by Jacob Burnim. Khurshid's work is supported in part by NSF Grants CCF-0845628, CNS-0958231, and IIS-0438967, and by AFOSR Grant FA9550-09-1-0351.  ... 
doi:10.1145/1985793.1985995 dblp:conf/icse/CadarGKPSTV11 fatcat:mb643zlyczcizdxtzkbbtnr7ha

Towards a Verified Reference Implementation of a Trusted Platform Module [chapter]

Aybek Mukhamedov, Andrew D. Gordon, Mark Ryan
2013 Lecture Notes in Computer Science  
Moreover, the published code can be in a widely understood language like C, rather than one of the specialist formalisms aimed at modelling cryptographic protocols.  ...  We develop a reference implementation for a fragment of the API for a Trusted Platform Module.  ...  We also thank Paul England and David Wooten, Microsoft representatives on the Trusted Computing Group, for their support and advice.  ... 
doi:10.1007/978-3-642-36213-2_11 fatcat:skz2zmn2gfalnlu4fwz6lw4k2i

Towards a Verified Reference Implementation of a Trusted Platform Module [chapter]

Aybek Mukhamedov
2013 Lecture Notes in Computer Science  
Moreover, the published code can be in a widely understood language like C, rather than one of the specialist formalisms aimed at modelling cryptographic protocols.  ...  We develop a reference implementation for a fragment of the API for a Trusted Platform Module.  ...  We also thank Paul England and David Wooten, Microsoft representatives on the Trusted Computing Group, for their support and advice.  ... 
doi:10.1007/978-3-642-36213-2_12 fatcat:f5tcrrdfnjhqlm2di7hloxxm7u

On the use of automatic tools for the formal analysis of IEEE 802.11 key-exchange protocols

M. Cheminod, I.C. Bertolotti, L. Durante, R. Sisto, A. Valenzano
2006 2006 IEEE International Workshop on Factory Communication Systems  
The importance of using formal techniques for verifying the design correctness is even more evident when aspects such as security and safety are considered and a class of protocols, known as "cryptographic  ...  The aim of our work is twofold: first we intend to offer a contribution in understanding whether or not the current prototype tools can be considered mature enough for helping the designer with the analysis  ...  STA STA (Symbolic Trace Analyser) [13, 14] is a model checker for cryptographic protocols relying on symbolic techniques.  ... 
doi:10.1109/wfcs.2006.1704167 fatcat:gpldtkguoje7lmedftnbuhqzky

Semi-Automatic Security Testing of Web Applications from a Secure Model

Matthias Buchler, Johan Oudinet, Alexander Pretschner
2012 2012 IEEE Sixth International Conference on Software Security and Reliability  
Recently, model-checkers dedicated to security analysis have proved their ability to identify complex attacks on web-based security protocols.  ...  The increasing complexity of such applications and the subtlety of today's attacks make it very hard for developers to manually secure their web applications.  ...  ACKNOWLEDGMENT This work was partially supported by the FP7-ICT-2009-5 Project no. 257876, "Secure Provision and Consumption in the Internet of Services" (http://www.spacios.eu).  ... 
doi:10.1109/sere.2012.38 dblp:conf/ssiri/BuchlerOP12 fatcat:aurpueafl5ctleenv3poigni54

5G Security and Privacy: A Research Roadmap [article]

Elisa Bertino, Syed Rafiul Hussain, Omar Chowdhury
2020 arXiv   pre-print
research challenges, including formal and comprehensive analyses of cellular protocols as defined by the standardization groups, verification of the software implementing the protocols, the design of  ...  In this white paper, we outline recent approaches supporting systematic analyses of 4G LTE and 5G protocols and their related defenses and introduce an initial security and privacy roadmap, covering different  ...  We would like to thank our CCC colleagues Sujata Banerjee, Khari Douglas, Mark Hill, Daniel Lopresti, and Jennifer Rexford for the interesting comments and suggestions on the white paper.  ... 
arXiv:2003.13604v1 fatcat:wvu4dbry75b4dgdz5xt7lxbreq
« Previous Showing results 1 — 15 out of 2,161 results