Design and validation of computer protocols
Design and validation of computer protocols
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Property specification patterns for finite-state verification
FMSP '98 Proceedings of the second workshop on Formal methods in software practice
Model checking
ACM Transactions on Information and System Security (TISSEC)
Simple on-the-fly automatic verification of linear temporal logic
Proceedings of the Fifteenth IFIP WG6.1 International Symposium on Protocol Specification, Testing and Verification XV
Defining Liveness
Efficient monitoring of safety properties
International Journal on Software Tools for Technology Transfer (STTT) - Special section on tools and algorithms for the construction and analysis of systems
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
Adding trace matching with free variables to AspectJ
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A framework for concrete reputation-systems with applications to history-based access control
Proceedings of the 12th ACM conference on Computer and communications security
Communications of the ACM - Privacy and security in highly dynamic systems
Towards security monitoring patterns
Proceedings of the 2007 ACM symposium on Applied computing
Proving the Correctness of Multiprocess Programs
IEEE Transactions on Software Engineering
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Monitoring of real-time properties
FSTTCS'06 Proceedings of the 26th international conference on Foundations of Software Technology and Theoretical Computer Science
PSL model checking and run-time verification via testers
FM'06 Proceedings of the 14th international conference on Formal Methods
Companion of the 30th international conference on Software engineering
Data provenance architecture to support information assurance in a multi-level secure environment
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Formally-Based black-box monitoring of security protocols
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Optimized inlining of runtime monitors
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
A system architecture, processor, and communication protocol for secure implants
ACM Transactions on Architecture and Code Optimization (TACO)
Adaptable, model-driven security engineering for SaaS cloud-based applications
Automated Software Engineering
Hi-index | 0.00 |
This paper examines the suitability and use of runtime verification as means for monitoring security protocols and their properties. In particular, we employ the runtime verification framework introduced in [5] to monitor complex, history-based security-properties of the SSL-protocol. We give a detailed account of the methodology, compare its formal expressiveness to prior art, and describe its application to an open-source Java-implementation of the SSLprotocol. In particular, we show how one can make use of runtime verification to dynamically enforce that assumptions on the crypto-protocol implementations (that are commonly made when statically verifying crypto-protocol specifications against security requirements) are actually satisfied in a given protocol implementation at runtime. Our analysis of these properties shows that some important runtime correctness properties of the SSL-protocol exceed the commonly used class of safety properties, and as such also the expressiveness of other monitoring frameworks.