A Formal TLS Handshake Model in LNT

Božić, Josip; Marsso, Lina; Mateescu, Radu; Wotawa, Franz

doi:10.4204/eptcs.268.1

Cited by 6 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Techniques that do address compliance include modelbased testing (MBT) [7,28,35] and its precursors in the area of protocol conformance testing (see [26] for a survey). In MBT, an abstract model of the system is constructed, containing controllable events that are generated by a tester, and observable events that are generated by the system under test.…”

Section: Related Workmentioning

confidence: 99%

“…With an FSM model, some method is needed to fill in the concrete data parameters of messages. This may be done in a systematic way as in [35] or an ad-hoc way as in [7]. Generally, the need to extend FSMs in some way to account for data leads to significant complexity in these formalisms.…”

Section: Related Workmentioning

confidence: 99%

“…For example, [28] considers the connection state machine of TCP, but not TCP's data transmission. A similar approach is applied to TLS in [3,7]. Here, we consider the full protocol state including the security handshake, with unbounded data, unbounded streams, unbounded connections and so forth.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Formal specification and testing of QUIC

McMillan

Zuck

2019

Proceedings of the ACM Special Interest Group on Data Communication

View full text Add to dashboard Cite

QUIC is a new Internet secure transport protocol currently in the process of IETF standardization. It is intended as a replacement for the TLS/TCP stack and will be the basis of HTTP/3, the next official version of the hypertext transfer protocol. As a result, it is likely, in the near future, to carry a substantial fraction of traffic on the Internet. We describe our experience applying a methodology of compositional specification-based testing to QUIC. We develop a formal specification of the wire protocol, and use this specification to generate automated randomized testers for implementations of QUIC. The testers effectively take one role of the QUIC protocol, interacting with the other role to generate full protocol executions, and verifying that the implementations conform to the formal specification. This form of testing generates significantly more diverse stimuli and stronger correctness criteria than interoperability testing, the primary method used to date to validate QUIC and its implementations. As a result, numerous implementation errors have been found. These include some vulnerabilities at the protocol and implementation levels, such as an off-path denial of service scenario and an information leak similar to the "heartbleed" vulnerability in OpenSSL.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Formal specification and testing of QUIC

McMillan

Zuck

2019

Proceedings of the ACM Special Interest Group on Data Communication

View full text Add to dashboard Cite

show abstract

“…Among the case studies listed on the CADP web site, the tools are most frequently used for the formal specification and modeling of a system, which are then verified by model checking temporal logic properties and/or equivalence checking against a reference model (e.g., the expected service of a protocol). Some case studies additionally take advantage of more specific tools, e.g., for performance evaluation [18,3,11,7,9,14,45,55], (conformance) test generation [33,12,28,51,54,8,29,41,35,5], or generation of an executable prototype from the formal model [12,28,53,27,41,52,26].…”

Section: αFm: How Can the Approach Be Applied In Practice?mentioning

confidence: 99%

Is CADP an Applicable Formal Method?

Garavel¹,

Lang²,

Mateescu³

et al. 2021

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…We evaluated our approach using the following 16 models of communication protocols and distributed systems 5 : ABP (demo 1) and ABP-data (demo 2) are dataless and data-aware variants of the Alternating Bit Protocol with controllable failures of the communication links; AAP and AAP-big (demo 33) are configurations of an asynchronous agreement protocol [2,33] with 1 and 10 rounds; BRP-basic, BRP, and BRP-big (demo 16) are variants of the Bounded Retransmission Protocol [28] with controllable message-loss, larger messages, and more retries; CAR-LNT is a purely asynchronous variant of a simple autonomous car [26]; CCP (demo 28) is a multi-processor cache-coherency protocol; CFS (demo 25) is a Cluster File System [31]; CIM (demo 34) is a computer-integrated manufacturing architecture [29]; DES and DES-basic (demo 38) are variants of the Data Encryption Standard [36] with visible subkeys [27, Section 3.4] and less iterations; TLS (demo 6) is the Transport Layer Security 2.3 handshake protocol [5]; SMS (demo 40) is a stock management system [7]; and TOY is the running example given in [22].…”

Section: Experimental Evaluationmentioning

confidence: 99%