ASPIER: An Automated Framework for Verifying Security Protocol Implementations

14 years 6 months ago

Download www.ece.cmu.edu

Abstract. We present aspier – the ﬁrst framework that combines software model checking with a standard protocol security model to analyze authentication and secrecy properties of protocol implementations in an automated manner. aspier incorporates a standard symbolic attacker model and provides analogous guarantees about protocol implementations as previous work does for protocol speciﬁcations. We have implemented aspier and used it to verify authentication and secrecy properties of a part of an industrial strength protocol implementation – the handshake in OpenSSL 0.9.6c – for conﬁgurations consisting of up to 3 servers and 3 clients. We have also implemented two distinct methods for reasoning about attacker message derivations, and evaluated them in the context of OpenSSL veriﬁcation. Finally, aspier detected the “versionrollback” vulnerability in OpenSSL 0.9.6c source code.

Sagar Chaki, Anupam Datta

Real-time Traffic

CSFW 2009 | Protocol Implementation | Protocol Security Model | Secrecy Properties | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	20 May 2010
Updated	20 May 2010
Type	Conference
Year	2009
Where	CSFW
Authors	Sagar Chaki, Anupam Datta

Comments (0)

Sciweavers

ASPIER: An Automated Framework for Verifying Security Protocol Implementations

CSFW 2009 | Protocol Implementation | Protocol Security Model | Secrecy Properties | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers