Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Finite-state analysis of two contract signing protocols
Theoretical Computer Science
Automatic SAT-Compilation of Protocol Insecurity Problems via Reduction to Planning
FORTE '02 Proceedings of the 22nd IFIP WG 6.1 International Conference Houston on Formal Techniques for Networked and Distributed Systems
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Automatic verification of cryptographic protocols: a logic programming approach
Proceedings of the 5th ACM SIGPLAN international conference on Principles and practice of declaritive programming
Describing and Reasoning on Web Services using Process Algebra
ICWS '04 Proceedings of the IEEE International Conference on Web Services
Model-Based Security Vulnerability Testing
ASWEC '07 Proceedings of the 2007 Australian Software Engineering Conference
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Testing Privacy Policies Using Models
SEFM '08 Proceedings of the 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods
Testing with model checkers: a survey
Software Testing, Verification & Reliability
IBM Systems Journal
Compiling and verifying security protocols
LPAR'00 Proceedings of the 7th international conference on Logic for programming and automated reasoning
Model-Checking Driven Security Testing of Web-Based Applications
ICSTW '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification, and Validation Workshops
State of the Art: Automated Black-Box Web Application Vulnerability Testing
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Attacking and fixing PKCS#11 security tokens
Proceedings of the 17th ACM conference on Computer and communications security
Why Johnny can't pentest: an analysis of black-box web vulnerability scanners
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Mutation-Based Test Generation from Security Protocols in HLPSL
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
Security mutants for property-based testing
TAP'11 Proceedings of the 5th international conference on Tests and proofs
Symbolic and cryptographic analysis of the secure WS-ReliableMessaging scenario
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Hi-index | 0.00 |
Model checkers have been remarkably successful in finding flaws in security protocols. In this paper we present an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. By using our approach we have been able to automatically detect and reproduce an attack witnessing an authentication flaw in the SAML-based Single Sign-On for Google Apps.