Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CSFW
2009
IEEE
2009
IEEE
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
Abstract. We present aspier – the first framework that combines software model checking with a standard protocol security model to analyze authentication and secrecy properties of protocol implementations in an automated manner. aspier incorporates a standard symbolic attacker model and provides analogous guarantees about protocol implementations as previous work does for protocol specifications. We have implemented aspier and used it to verify authentication and secrecy properties of a part of an industrial strength protocol implementation – the handshake in OpenSSL 0.9.6c – for configurations consisting of up to 3 servers and 3 clients. We have also implemented two distinct methods for reasoning about attacker message derivations, and evaluated them in the context of OpenSSL verification. Finally, aspier detected the “versionrollback” vulnerability in OpenSSL 0.9.6c source code.
Real-time TrafficCSFW 2009 | Protocol Implementation | Protocol Security Model | Secrecy Properties | Security Privacy |
Related Content
| Added | 20 May 2010 |
| Updated | 20 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | CSFW |
| Authors | Sagar Chaki, Anupam Datta |
Comments (0)
Researcher Info
|
