Formal verification of security protocol implementations: a survey

Avalle, Matteo; Pironti, A.; Sisto, Riccardo

doi:10.1007/s00165-012-0269-9

Cited by 52 publications

(39 citation statements)

References 76 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Those tools seem to be mostly academic; a commercial one is VISUALETHER PROTOCOL ANALYZER 7.0 13 , which uses the output of Wireshark (a network protocol analyzer) to generate sequence and callflow diagrams. Avalle et al [14] survey state-of-the-art research aimed at automatically getting formal security proofs of models close to the source code of real protocol-logic implementations. They comment extensively on work that extracts models to further validate widely deployed existing protocol implementations written in C (rather than libraries as in our case), limited to a subset of the language.…”

Section: Related Tools and Approachesmentioning

confidence: 99%

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Sandoval

Lenzini

2018

2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

Abstract-Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little or no help from the developers to better understand it. Security protocols implementations frequently use services provided by libraries coded in the C programming language; automatic tools for codelevel reverse engineering offer good support to comprehend the behavior of code in object-oriented languages but are ineffective to deal with libraries in C. Here we propose a systematic, yet human-dependent approach, which combines the capabilities of state-of-the-art tools in order to help the analyst to retrieve, step by step, the security protocol specifications from a library in C. Those specifications can then be used to create the formal model needed to carry out the analysis.

show abstract

Section: Related Tools and Approachesmentioning

confidence: 99%

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Sandoval

Lenzini

2018

2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

show abstract

“…A few e-mails were just blatantly rude. Upon investigating one of the complaints in depth it was discovered that there was a bug in the dovecot mail server that caused a sub-process of the software to crash 7 . This bug was fixed by the software maintainers shortly after notification.…”

Section: Ethical Issuesmentioning

confidence: 99%

No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large

Mayer

Zauner

Schmiedecker

et al. 2016

2016 11th International Conference on Availability, Reliability and Security (ARES)

View full text Add to dashboard Cite

Abstract-TLS is the most widely used cryptographic protocol on the Internet. While many recent studies focused on its use in HTTPS, none so far analyzed TLS usage in e-mail related protocols, which often carry highly sensitive information. Since end-to-end encryption mechanisms like PGP are seldomly used, today confidentiality in the e-mail ecosystem is mainly based on the encryption of the transport layer. A well-positioned attacker may be able to intercept plaintext passively and at global scale.In this paper we are the first to present a scalable methodology to assess the state of security mechanisms in the e-mail ecosystem using commodity hardware and open-source software. We draw a comprehensive picture of the current state of every e-mail related TLS configuration for the entire IPv4 range. We collected and scanned a massive data-set of 20 million IP/port combinations of all related protocols (SMTP, POP3, IMAP) and legacy ports. Over a time span of approx. three months we conducted more than 10 billion TLS handshakes. Additionally, we show that securing server-to-server communication using e.g. SMTP is inherently more difficult than securing client-toserver communication. Lastly, we analyze the volatility of TLS certificates and trust anchors in the e-mail ecosystem and argue that while the overall trend points in the right direction, there are still many steps needed towards secure e-mail.

show abstract

“…Security protocols play a key role in protecting communications and user's digital assets, but evidence shows [1] that despite considerable efforts, their implementation remains challenging and error-prone. In fact, low-level implementation bugs that need to be manually patched, are discovered even in ubiquitous protocols like TLS and SSH which are thoroughly tested.…”

Section: Introductionmentioning

confidence: 99%

AnBx: Automatic Generation and Verification of Security Protocols Implementations

Modesti

2016

Foundations and Practice of Security

View full text Add to dashboard Cite

The AnBx compiler is a tool for automatic generation of Java implementations of security protocols specified in a simple and abstract model that can be formally verified. In our model-driven development approach, protocols are described in AnBx , an extension of the Alice & Bob notation. Along with the synthesis of consistency checks, the tool analyses the security goals and produces annotations that allow the verification of the generated implementation with ProVerif.

show abstract

Formal verification of security protocol implementations: a survey

Cited by 52 publications

References 76 publications

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large

AnBx: Automatic Generation and Verification of Security Protocols Implementations

Contact Info

Product

Resources

About