From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap

Abstract

Model checkers have been remarkably successful in finding flaws in security protocols. In this paper we present an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. By using our approach we have been able to automatically detect and reproduce an attack witnessing an authentication flaw in the SAML-based Single Sign-On for Google Apps.

DOI: 10.1007/978-3-642-30473-6_3

Extracted Key Phrases

4 Figures and Tables

051015201520162017
Citations per Year

Citation Velocity: 5

Averaging 5 citations per year over the last 3 years.

Learn more about how we calculate this metric in our FAQ.

Cite this paper

@inproceedings{Armando2012FromMT, title={From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap}, author={Alessandro Armando and Giancarlo Pellegrino and Roberto Carbone and Alessio Merlo and Davide Balzarotti}, booktitle={TAP}, year={2012} }