Using transition systems to model and verify the implementation of security protocol
Authors: 
Yulong Fu, Ousmane KonéAuthors Info & Claims
Pages 210 - 217
Abstract
The transition system is widely used to model and to analyze the properties of protocol implementations. It presents the systems with reachable finite state graphes and can be used to calculate the possible transitions traces to verify the correctness of the protocol implementation. But this method is hard to be used to verify the security of authentication protocol, because some important security properties (such as nonce, encryption etc.) are not compatible in the classic definition of system transition. In addition, the security protocols usually need to consider the actions of possible attackers, which is also an obstacle to use transition system on security protocol. In this article, for the purpose of security protocol verification, we extend the classic IOLTS model to SG-IOLTS model, which defines variables and atoms into transitions to capture the security properties and combines the distribute concurrent components together. We also propose an finite intruder model within this SG-IOLTS, which makes the reachable graph contains the transitions of intruders and makes the security verifying traces can be generated through the transition system.
References
[1]
Principles and Methods of testing finite state machine - A survey. IEEE, August 1996.
[2]
Y. Fu and O. Koné. Network security against threatening requests. Lecture Notes in Computer Science, 7122: 280--294, 2012.
[3]
Y. Fu and O. Koné. A robustness testing method for network security. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 99: 38--45, 2012.
[4]
Y. Fu and O. Koné. Security and robustness by protocol testing. IEEE System Journal, pp: 1, 2012.
[5]
R. Gotzhein and F. Khendek. Compositional testing of communication systems. IFIP International Federation for Information Processing, 3964: 227--244, 2006.
[6]
Guoqiang. Formal Methods and Tools For Testing Communication Protocol System Security. Phd, The Ohio State University, 2008.
[7]
Y. Hsu, G. Shu, and D. Lee. A model-based approach to security flaw detection of network protocol implementations. IEEE International Conference on Network Protocols, ICNP 2008, pages 114--123, 2008.
[8]
O. Koné. Conformance testing to real-time communications systems. Computer Communications, 25: 32--45, 1 January 2002.
[9]
O. Koné and R. Castanet. Test generation for interworking systems. Computer Communication, 23: 642--652, March 2000.
[10]
R. Lai. A survey of communication protocol testing. Journal of Systems and Software, 62: 21--46, 1 May 2002.
[11]
M. Merayo, M. Nunez, and I. Rodriguez. Extending efsms to specify and test timed systems with action durations and time-outs. IEEE Transactions on Computers, 57: 835--844, 2008.
[12]
J.-M. Orset, B. Alcalde, and A. Cavalli. An efsm-based intrusion detection system for ad hoc networks. Lecture Notes in Computer Science, 3737: 400--413, 2005.
[13]
A. Petrenko, S. Boroday, and R. Groz. Confirming configurations in efsm testing. IEEE Transactions On Software Engineering, 3: 29--42, 2004.
[14]
G. Shu and D. Lee. Testing security properties of protocol implementations - a machine learning based approach. 27th International Conference on Distributed Computing Systems (ICDCS'07), 2007.
[15]
J. Tretmans. Conformance testing with labelled transition system: Implementation relations and test generation. Computer Networks and ISDN Systems, pages 49--76, 1996.
Index Terms
- Using transition systems to model and verify the implementation of security protocol
Recommendations
A finite transition model for security protocol verification
SIN '13: Proceedings of the 6th International Conference on Security of Information and NetworksThe reachable graphs and FSM methods are successfully used to analyze the network protocols and to generate computable test traces to verify the correctness of protocol communication. But these methods are hard to use to verify the security of the ...
Model based security verification of protocol implementation
Finite transition models such as Automata, Labeled Transition System, have been widely used to model and analyze the complex system and protocol implementations. Those methods model the systems with states and transitions, and present them with a ...
A Generic Methodology for the Modular Verification of Security Protocol Implementations
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecuritySecurity protocols are essential building blocks of modern IT systems. Subtle flaws in their design or implementation may compromise the security of entire systems. It is, thus, important to prove the absence of such flaws through formal verification. ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2013
483 pages
ISBN:9781450324984
DOI:10.1145/2523514
- General Chairs:
- Atilla Elçi,
- Manoj Singh Gaur,
- Mehmet A. Orgun,
- Oleg B. Makarevich
Copyright © 2013 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- Macquarie U., Austarlia
- MNIT: Malaviya National Institute of Technology
- Aksaray Univ.: Aksaray University
- SFedU: Southern Federal University
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 November 2013
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SIN '13
Sponsor:
- MNIT
- Aksaray Univ.
- SFedU
SIN '13: The 6th International Conference on Security of Information and Networks
November 26 - 28, 2013
Aksaray, Turkey
Acceptance Rates
Overall Acceptance Rate 102 of 289 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 90Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in