Security Mechanisms in High-Level Network Protocols
ACM Computing Surveys (CSUR)
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Secure implementation of channel abstractions
Information and Computation
Automatic Generation of the C# Code for Security Protocols Verified with Casper/FDR
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
Code security analysis with assertions
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Verified Interoperable Implementations of Security Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Robustness and Security Hardening of COTS Software Libraries
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Security protocols, properties, and their monitoring
Proceedings of the fourth international workshop on Software engineering for secure systems
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Automated Security Protocol Analysis With the AVISPA Tool
Electronic Notes in Theoretical Computer Science (ENTCS)
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Efficient symbolic execution for analysing cryptographic protocol implementations
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Hi-index | 0.00 |
In the challenge of ensuring the correct behaviour of legacy implementations of security protocols, a formally-based approach is presented to design and implement monitors that stop insecure protocol runs executed by such legacy implementations, without the need of their source code. We validate the approach at a case study about monitoring several SSL legacy implementations. Recently, a security bug has been found in the widely deployed OpenSSL client; our case study shows that our monitor correctly stops the protocol runs otherwise allowed by the faulty OpenSSL client. Moreover, our monitoring approach allowed us to detect a new flaw in another open source SSL client implementation.