LTL Model Checking for Security Protocols

Authors:
Alessandro Armando;Roberto Carbone;Luca Compagna
Affiliations:
Universita di Genova, Italy;Universita di Genova, Italy;SAP Research, France
Venue:
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Year:
2007

Citing 0
Cited 13

Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps

Proceedings of the 6th ACM workshop on Formal methods in security engineering
Automatic Methods for Analyzing Non-repudiation Protocols with an Active Intruder

Formal Aspects in Security and Trust
TAGED Approximations for Temporal Properties Model-Checking

CIAA '09 Proceedings of the 14th International Conference on Implementation and Application of Automata
Secure pseudonymous channels

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Multi-Attacker Protocol Validation

Journal of Automated Reasoning
Understanding abstractions of secure channels

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Complexity of fairness constraints for the Dolev-Yao attacker model

Proceedings of the 2011 ACM Symposium on Applied Computing
Analysing protocol stacks for services

Rigorous software engineering for service-oriented systems
Model checking of security-sensitive business processes

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Specifying and modelling secure channels in strand spaces

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
NeVer: a tool for artificial neural networks verification

Annals of Mathematics and Artificial Intelligence
LTL model-checking for security protocols

AI Communications
Analysing applications layered on unilaterally authenticating protocols

FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most model checking techniques for security protocols make a number of simplifying assumptions on the protocol and/or on its execution environment that prevent their applicability in some important cases. For instance, most techniques assume that communication between honest principals is controlled by a Dolev-Yao intruder, i.e. a malicious agent capable to overhear, divert, and fake messages. Yet we might be interested in establishing the security of a protocol that relies on a less unsecure channel (e.g. a confidential channel provided by some other protocol sitting lower in the protocol stack). In this paper we propose a general model for security protocols based on the set-rewriting formalism that, coupled with the use of LTL, allows for the specification of assumptions on principals and communication channels as well as complex security properties that are normally not handled by state-of-the-art protocol analysers. By using our approach we have been able to formalise all the assumptions required by the ASW protocol for optimistic fair exchange as well as some of its security properties. Besides the previously reported attacks on the protocol, we report a new attack on a patched version of the protocol.