Reasoning about systems with many processes
Journal of the ACM (JACM)
Symbolic Model Checking with Rich ssertional Languages
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Formal Model for Network-Wide Security Analysis
ECBS '08 Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems
Analysis of EAP-GPSK authentication protocol
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Graph grammar modeling and verification of ad hoc routing protocols
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Graph grammar modeling and verification of ad hoc routing protocols
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
International Journal on Software Tools for Technology Transfer (STTT) - Regular Model Checking
Hi-index | 0.00 |
This paper presents a novel approach to automatically finding security vulnerabilities in the routing protocol OSPF --- the most widely used protocol for Internet routing. We start by modeling OSPF on (concrete) networks with a fixed number of routers in a specific topology. By using the model checking tool CBMC, we found several simple, previously unpublished attacks on OSPF. In order to search for attacks in a family of networks with varied sizes and topologies, we define the concept of an abstract network which represents such a family. The abstract network ${\cal A}$ has the property that if there is an attack on ${\cal A}$ then there is a corresponding attack on each of the (concrete) networks represented by ${\cal A}$. The attacks we have found on abstract networks reveal security vulnerabilities in the OSPF protocol, which can harm routing in huge networks with complex topologies. Finding such attacks directly on the huge networks is practically impossible. Abstraction is therefore essential. Further, abstraction enables showing that the attacks are general. That is, they are applicable in a large (even infinite) number of networks. This indicates that the attacks exploit fundamental vulnerabilities, which are applicable to many configurations of the network.