Formally-Based Black-Box Monitoring of Security Protocols

Capítulo de livro Acesso aberto Revisado por pares

Formally-Based Black-Box Monitoring of Security Protocols

2010; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-11747-3_7

ISSN

1611-3349

Autores

A. Pironti, Jan Jürjens,

Tópico(s)

Access Control and Trust

Resumo

In the challenge of ensuring the correct behaviour of legacy implementations of security protocols, a formally-based approach is presented to design and implement monitors that stop insecure protocol runs executed by such legacy implementations, without the need of their source code. We validate the approach at a case study about monitoring several SSL legacy implementations. Recently, a security bug has been found in the widely deployed OpenSSL client; our case study shows that our monitor correctly stops the protocol runs otherwise allowed by the faulty OpenSSL client. Moreover, our monitoring approach allowed us to detect a new flaw in another open source SSL client implementation.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Formally-Based Black-Box Monitoring of Security Protocols