TAV4 Proceedings of the symposium on Testing, analysis, and verification
Online minimization of transition systems (extended abstract)
STOC '92 Proceedings of the twenty-fourth annual ACM symposium on Theory of computing
Using encryption for authentication in large networks of computers
Communications of the ACM
A Formal Approach for Passive Testing of Protocol Data Portions
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Specification-Based Test Generation for Security-Critical Systems Using Mutations
ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Mutation Testing Applied to Validate Specifications Based on Statecharts
ISSRE '99 Proceedings of the 10th International Symposium on Software Reliability Engineering
Formally Testing Fail-Safety of Electronic Purse Protocols
Proceedings of the 16th IEEE international conference on Automated software engineering
IEEE Security and Privacy
A Method Enabling Feasible Conformance Test Sequence Generation for EFSM Models
IEEE Transactions on Computers
Application Penetration Testing
IEEE Security and Privacy
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Formal methods for cryptographic protocol analysis: emerging issues and trends
IEEE Journal on Selected Areas in Communications
Formal passive testing of timed systems: theory and tools
Software Testing, Verification & Reliability
Hi-index | 0.00 |
Security protocols provide critical services for distributed communication infrastructures. However, it is a challenge to ensure the correct functioning of their implementations, particularly, in the presence of malicious parties. We study testing of message confidentiality – an essential security property. We formally model protocol systems with an intruder using Dolev-Yao model. We discuss both passive monitoring and active testing of message confidentiality. For adaptive testing, we apply a guided random walk that selects next input on-line based on transition coverage and intruder's knowledge acquisition. For mutation testing, we investigate a class of monotonic security flaws, for which only a small number of mutants need to be tested for a complete checking. The well-known Needham-Schroeder-Lowe protocol is used to illustrate our approaches.