SATMC: A SAT-Based Model Checker for Security-Critical Systems

Armando, Alessandro; Carbone, Roberto; Compagna, Luca

doi:10.1007/978-3-642-54862-8_3

Cited by 26 publications

(15 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead of designing a crafted algorithm for equivalence, we use more general verification techniques, namely Graph planning [14], [15] and SATsolving. The idea of using Graph planning and SAT-solvers for analyzing protocols has already been explored in [16], yielding the tool SATMC [17] for trace properties. Moving from trace to equivalence properties is far from being straightforward as exemplified by the research effort on equivalence these past 10 years (see e.g.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SAT-Equiv: An Efficient Tool for Equivalence Properties

Cortier

Dallon

Delaune

2017

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

To cite this version:Véronique Cortier, Antoine Dallon, Stéphanie Delaune. SAT Abstract-Automatic tools based on symbolic models have been successful in analyzing security protocols. Such tools are particularly adapted for trace properties (e.g. secrecy or authentication), while they often fail to analyse equivalence properties.Equivalence properties can express a variety of security properties, including in particular privacy properties (vote privacy, anonymity, untraceability). Several decision procedures have already been proposed but the resulting tools are rather inefficient.In this paper, we propose a novel algorithm, based on graph planning and SAT-solving, which significantly improves the efficiency of the analysis of equivalence properties. The resulting implementation, SAT-Equiv, can analyze several sessions where most tools have to stop after one or two sessions.

show abstract

Section: Introductionmentioning

confidence: 99%

“…In [16], [17], the authors simply assume protocols to be given with a (finite) format for the messages. Here, we do not bound a priori the format of the messages.…”

Section: Introductionmentioning

confidence: 99%

SAT-Equiv: An Efficient Tool for Equivalence Properties

Cortier

Dallon

Delaune

2017

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…SATMC carries out an iterative deepening strategy on k. Initially k is set to 0, and then it is incremented till either an attack is found or an upper bound is reached. More details on SATMC can be found in [9]. When developing the STIATE back-end we also added two important features to SATMC: (i) a multi-attack module to identify multiple abstract attack traces (if any) from a single formal specification; and (ii) a multi-thread environment allowing the execution of SATMC over multiple ASLan++ models in parallel using multiple and dependent threads.…”

Section: Example 7 As Shown In Example 3 Sp Is Marked As Optional Imentioning

confidence: 99%

“…Once obtained the proper input files, the SAT-based bounded model checker SATMC [9] is used to check whether the protocols meet the expected security goals. Given a formal specification (in ASLan) of a protocol and a security goal, SATMC reduces the problem of determining whether the protocol violates the security goal in k > 0 steps to the problem of checking the satisfiability of a propositional formula (the SAT problem).…”

Section: Example 7 As Shown In Example 3 Sp Is Marked As Optional Imentioning

confidence: 99%

See 1 more Smart Citation

Security Threat Identification and Testing

Carbone¹,

Compagna²,

Panichella

et al. 2015

2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)

Self Cite

View full text Add to dashboard Cite

Business applications are more and more collaborative (cross-domains, cross-devices, service composition). Security shall focus on the overall application scenario including the interplay between its entities/devices/services, not only on the isolated systems within it. In this paper we propose the Security Threat Identification And TEsting (STIATE) toolkit to support development teams toward security assessment of their underdevelopment applications focusing on subtle security logic flaws that may go undetected by using current industrial technology. At design-time, STIATE supports the development teams toward threat modeling and analysis by identifying automatically potential threats (via model checking and mutation techniques) on top of sequence diagrams enriched with security annotations (including WHAT-IF conditions). At run-time, STIATE supportsthe development teams toward testing by exploiting the identified threats to automatically generate and execute test cases on the up and running application. We demonstrate the usage of the STIATE toolkit on an application scenario employing the SAML Single Sign-On multi-party protocol, a well-known industrial security standard largely studied in previous literature.

show abstract

Modeling and Formal Verification of the Ticket-Based Handoff Authentication Protocol for Wireless Mesh Networks

Ansaroudi

Pashazadeh

2019

Pervasive Systems, Algorithms and Networks

View full text Add to dashboard Cite

SATMC: A SAT-Based Model Checker for Security-Critical Systems

Cited by 26 publications

References 24 publications

SAT-Equiv: An Efficient Tool for Equivalence Properties

SAT-Equiv: An Efficient Tool for Equivalence Properties

Security Threat Identification and Testing

Modeling and Formal Verification of the Ticket-Based Handoff Authentication Protocol for Wireless Mesh Networks

Contact Info

Product

Resources

About