The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

Armando, Alessandro; Arsac, Wihem; Avanesov, Tigran; Barletta, Michele; Calvi, Alberto; Cappai, Alessandro; Carbone, Roberto; Chevalier, Yannick; Compagna, Luca; Cuéllar, Jorge; Erzse, Gabriel; Frau, Simone; Minea, Marius; Mödersheim, Sebastian; Oheimb, David von; Pellegrino, Giancarlo; Ponta, Serena Elisa; Rocchetto, Marco; Rusinowitch, Michaël; Dashti, Mohammad Torabi; Turuani, Mathieu; Viganò, Luca

doi:10.1007/978-3-642-28756-5_19

Cited by 75 publications

(83 citation statements)

References 28 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We reported the problem to OASIS which subsequently released an errata addressing the issue. 4 We also used SATMC at SAP as a back-end for security protocol analysis and testing (AVANTSSAR [1] and SPaCIoS [28]) to assist development teams in the design and development of the SAP NetWeaver SAML Single Sign-On (SAP NGSSO) and SAP OAuth 2.0 solutions. Overall, more than one hundred different protocol configurations and corresponding formal models have been analyzed, showing that both SAP NGSSO and SAP OAuth2 services are indeed well designed.…”

Section: Success Storiesmentioning

confidence: 99%

“…SATMC has been successfully applied in variety of application domains (namely, security protocols, security-sensitive business processes, and cryptographic APIs) and for different purposes (e.g., design-time security analysis and security testing). SATMC is integrated and used as a backend in a number of research prototypes (the AVISPA Tool [2], Tookan [18], the AVANTSSAR Platform [1], and the SPaCIoS Tool [28]) and industrial-strength tools (the Security Validator plugin for SAP NetWeaver BPM 1 ). The effectiveness of SATMC is witnessed by the key role it played in the discovery of:…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SATMC: A SAT-Based Model Checker for Security-Critical Systems

Armando

Carbone

Compagna³

2014

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Abstract. We present SATMC 3.0, a SAT-based bounded model checker for security-critical systems that stems from a successful combination of encoding techniques originally developed for planning with techniques developed for the analysis of reactive systems. SATMC has been successfully applied in a variety of application domains (security protocols, securitysensitive business processes, and cryptographic APIs) and for different purposes (design-time security analysis and security testing). SATMC strikes a balance between general purpose model checkers and security protocol analyzers as witnessed by a number of important success stories including the discovery of a serious man-in-the-middle attack on the SAML-based Single Sign-On (SSO) for Google Apps, an authentication flaw in the SAML 2.0 Web Browser SSO Profile, and a number of attacks on PKCS#11 Security Tokens. SATMC is integrated and used as back-end in a number of research prototypes (e.g., the AVISPA Tool, Tookan, the SPaCIoS Tool) and industrial-strength tools (e.g., the Security Validator plugin for SAP NetWeaver BPM).

show abstract

Section: Success Storiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

SATMC: A SAT-Based Model Checker for Security-Critical Systems

Armando

Carbone

Compagna³

2014

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Pre-Processing and Verification AnBx → AnB → (verif ication) The AnBx protocol is lexed, parsed and then compiled to AnB [12], a format suitable for verification with the external tool OFMC [8], a state of the art model checker which is part of the AVISPA [25] and AVANTSSAR [9] platforms. The compiler can also read protocols directly in AnB .…”

Section: Architecture Of the Anbx Compilermentioning

confidence: 99%

“…It not only allows reasoning about the high-level security property, abstracting from the low-level details of the cryptographic implementation, but it also helps to reduce the problem to a size that can be handled efficiently by automatic verification tools [7,8,9,10].…”

Section: Introductionmentioning

confidence: 99%

Efficient Java Code Generation of Security Protocols Specified in AnB/AnBx

Modesti

2014

Security and Trust Management

View full text Add to dashboard Cite

The implementation of security protocols is challenging and error-prone, as experience has proved that even widely used and heavily tested protocols like TLS and SSH need to be patched every year due to low-level implementation bugs. A model-driven development approach allows automatic generation of an application, from a simpler and abstract model that can be formally verified. In this work we present the AnBx compiler, a tool for automatic generation of Java code of security protocols specified in the popular Alice & Bob notation, suitable for agile prototyping. In contrast with the existing tools, the AnBx compiler uses a simpler specification language and computes the consistency checks that agents has to perform on reception of messages. This is an important feature for robust implementations. Moreover, the tool applies various optimization strategies to achieve efficiency both at compile time and at run time. A support library interfaces the Java Cryptographic Architecture allowing for easy customization of the application. AbstractThe implementation of security protocols is challenging and error-prone, as experience has proved that even widely used and heavily tested protocols like TLS and SSH need to be patched every year due to low-level implementation bugs. A model-driven development approach allows automatic generation of an application, from a simpler and abstract model that can be formally verified. In this work we present the AnBx compiler, a tool for automatic generation of Java code of security protocols specified in the popular Alice & Bob notation, suitable for agile prototyping. In contrast with the existing tools, the AnBx compiler uses a simpler specification language and computes the consistency checks that agents has to perform on reception of messages. This is an important feature for robust implementations. Moreover, the tool applies various optimization strategies to achieve efficiency both at compile time and at run time. A support library interfaces the Java Cryptographic Architecture allowing for easy customization of the application. About the authors Suggested keywords SECURITY PROTOCOLS JAVA CODE GENERATION APPLIED FORMAL METHODSEfficient Java Code Generation of Security Protocols specified in AnB/AnBx Paolo ModestiSchool of Computing Science, Newcastle University, UK paolo.modesti@newcastle.ac.ukAbstract. The implementation of security protocols is challenging and error-prone, as experience has shown that even widely used and heavily tested protocols like TLS and SSH need to be patched every year due to low-level implementation bugs. A model-driven development approach allows the automatic generation of an application, from a simpler and abstract model that can be formally verified. In this work we present the AnBx compiler, a tool for automatic generation of Java code of security protocols specified in the popular Alice & Bob notation, suitable for agile prototyping. In contrast with existing tools, the AnBx compiler uses a simpler specification language and computes t...

show abstract

“…In particular, our notion of formats allows to integrate the particular way of structuring messages of real-world protocols like TLS, rather than academic toy implementations; at the same time, we can use a sound abstraction of these formats in the formal verification. We have implemented the low-level semantics in a translator that can generate both formal models in the input languages of popular security protocol analysis tools (e.g., Applied π calculus in the syntax of ProVerif [10] or ASLAN for AVANTSSAR [5]) and implementations in JavaScript for the execution environment of the FutureID project (www.futureid.eu). We have demonstrated practical feasibility with a number of major and minor case studies, including TLS and the EAC/PACE protocols used in the German eID card.…”

Section: Introductionmentioning

confidence: 99%

Alice and Bob: Reconciling Formal Models and Implementation

Almousa¹,

Mödersheim²,

Viganò

2015

Programming Languages With Applications to Biology and Security

Self Cite

View full text Add to dashboard Cite

Abstract. This paper defines the "ultimate" formal semantics for Alice and Bob notation, i.e., what actions the honest agents have to perform, in the presence of an arbitrary set of cryptographic operators and their algebraic theory. Despite its generality, this semantics is mathematically simpler than any previous attempt. For practical applicability, we introduce the language SPS and an automatic translation to robust real-world implementations and corresponding formal models, and we prove this translation correct with respect to the semantics.

show abstract

The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

Cited by 75 publications

References 28 publications

SATMC: A SAT-Based Model Checker for Security-Critical Systems

SATMC: A SAT-Based Model Checker for Security-Critical Systems

Efficient Java Code Generation of Security Protocols Specified in AnB/AnBx

Alice and Bob: Reconciling Formal Models and Implementation

Contact Info

Product

Resources

About