Paper Info
Title
Compiling Symbolic Attacks To Protocol Implementation Tests
Abstract
Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.
Year
DOI
Venue
2013
10.4204/EPTCS.122.4
ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE
Field
DocType
Issue
Black-box testing,Architecture,Cryptographic protocol,On-Protocol,Computer science,Computer security,Bridging (networking),Theoretical computer science,Implementation,Proof of concept,Vulnerability
Journal
122
ISSN
Citations 
PageRank 
2075-2180
0
0.34
References 
Authors
4
3
Name
Order
Citations
PageRank
Hatem Ghabri100.34
Ghazi Maatoug240.75
Michaël Rusinowitch31377101.15