Sciweavers

ESSOS
2010
Springer

Formally-Based Black-Box Monitoring of Security Protocols

14 years 8 months ago
Formally-Based Black-Box Monitoring of Security Protocols
In the challenge of ensuring the correct behaviour of legacy implementations of security protocols, a formally-based approach is presented to design and implement monitors that stop insecure protocol runs executed by such legacy implementations, without the need of their source code. We validate the approach at a case study about monitoring several SSL legacy implementations. Recently, a security bug has been found in the widely deployed OpenSSL client; our case study shows that our monitor correctly stops the protocol runs otherwise allowed by the faulty OpenSSL client. Moreover, our monitoring approach allowed us to detect a new flaw in another open source SSL client implementation.
Alfredo Pironti, Jan Jürjens
Added 17 Mar 2010
Updated 17 Mar 2010
Type Conference
Year 2010
Where ESSOS
Authors Alfredo Pironti, Jan Jürjens
Comments (0)