Formally-Based black-box monitoring of security protocols

Authors:
Alfredo Pironti;Jan Jürjens
Affiliations:
Politecnico di Torino, Turin, Italy;TU Dortmund and Fraunhofer ISST, Dortmund, Germany
Venue:
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Year:
2010

Citing 11
Cited 3

Security Mechanisms in High-Level Network Protocols

ACM Computing Surveys (CSUR)
The Theory and Practice of Concurrency

The Theory and Practice of Concurrency
Secure implementation of channel abstractions

Information and Computation
Automatic Generation of the C# Code for Security Protocols Verified with Casper/FDR

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
Code security analysis with assertions

Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Verified Interoperable Implementations of Security Protocols

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Robustness and Security Hardening of COTS Software Libraries

DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Security protocols, properties, and their monitoring

Proceedings of the fourth international workshop on Software engineering for secure systems
Refinement Types for Secure Implementations

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Automated Security Protocol Analysis With the AVISPA Tool

Electronic Notes in Theoretical Computer Science (ENTCS)
Security properties and CSP

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Taxonomy and classification of automatic monitoring of program security vulnerability exploitations

Journal of Systems and Software
Efficient symbolic execution for analysing cryptographic protocol implementations

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Cryptographic verification by typing for a sample protocol implementation

Foundations of security analysis and design VI

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the challenge of ensuring the correct behaviour of legacy implementations of security protocols, a formally-based approach is presented to design and implement monitors that stop insecure protocol runs executed by such legacy implementations, without the need of their source code. We validate the approach at a case study about monitoring several SSL legacy implementations. Recently, a security bug has been found in the widely deployed OpenSSL client; our case study shows that our monitor correctly stops the protocol runs otherwise allowed by the faulty OpenSSL client. Moreover, our monitoring approach allowed us to detect a new flaw in another open source SSL client implementation.