Formally-Based Black-Box Monitoring of Security Protocols

14 years 1 months ago

Download alfredo.pironti.eu

In the challenge of ensuring the correct behaviour of legacy implementations of security protocols, a formally-based approach is presented to design and implement monitors that stop insecure protocol runs executed by such legacy implementations, without the need of their source code. We validate the approach at a case study about monitoring several SSL legacy implementations. Recently, a security bug has been found in the widely deployed OpenSSL client; our case study shows that our monitor correctly stops the protocol runs otherwise allowed by the faulty OpenSSL client. Moreover, our monitoring approach allowed us to detect a new ﬂaw in another open source SSL client implementation.

Alfredo Pironti, Jan Jürjens

Real-time Traffic

ESSOS 2010 | Faulty Openssl Client | Software Engineering | Source Ssl Client | SSL Legacy Implementations |

claim paper

Post Info
More Details (n/a)

Added	17 Mar 2010
Updated	17 Mar 2010
Type	Conference
Year	2010
Where	ESSOS
Authors	Alfredo Pironti, Jan Jürjens

Comments (0)

Sciweavers

Formally-Based Black-Box Monitoring of Security Protocols

ESSOS 2010 | Faulty Openssl Client | Software Engineering | Source Ssl Client | SSL Legacy Implementations |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers