SAT-based model-checking for security protocols analysis

International Journal of Information Security

Volumn 7, Issue 1, 2008, Pages 3-32

  Armando, Alessandro ^a   Compagna, Luca ^a,b  

^a UNIVERSITY OF GENOA   (Italy)

^b SAP RESEARCH   (France)

Author keywords

Bounded model checking; Multi set rewriting; SAT based model checking; Security protocols

Indexed keywords

DATA PRIVACY; DATA STRUCTURES; NETWORK PROTOCOLS; NETWORK SECURITY;

MODEL CHECKING TECHNIQUE; SECURITY PROTOCOL ANALYSIS;

SECURITY OF DATA;

EID: 38149132464     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-007-0041-y     Document Type: Conference Paper

References (64)

1. Abadi M. (1999). Secrecy by typing in security protocols. J. ACM 46(5): 749-786
2. Aho A.V. and Sloane N.J.A. (1973). Some doubly exponential sequences. Fibonacci Q. 11: 429-437
3. Aiello L.C. and Massacci F. (2001). Verifying security protocols as planning in logic programming. ACM Trans. Comput. Logic 2(4): 542-580
4. Allamigeon, X., Blanchet, B.: Reconstruction of attacks against cryptographic protocols. In: 18th IEEE Computer Security Foundations Workshop (CSFW-18 2005), 20-22 June 2005, Aix- en-Provence, France, pp. 140-154 (2005)
5. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heam, P., Kouchnarenko, O., Mantovani, J., Moedersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Proceedings of the 17th International Conference on Computer-Aided Verification (CAV'05) (2005)
6. Armando, A., Basin, D., Bouallagui, M., Chevalier, Y., Compagna, L., Mödersheim, S., Rusinowitch, M., Turuani, M., Viganò, L., Vigneron, L.: The AVISS security protocol analysis tool. In: Proceedings of CAV'02, LNCS, vol. 2404, pp. 349-354. Springer (2002). URL of the AVISS and AVISPA projects: http://www.avispa-project.org
7. Armando, A., Compagna, L.: Automatic SAT-compilation of protocol insecurity problems via reduction to planning. In: Proceedings of FORTE 2002, LNCS, vol. 2529, pp. 210-225. Springer (2002)
8. Armando, A., Compagna, L.: Abstraction-driven SAT-based analysis of security protocols. In: Giunchiglia, E., Tacchella, A. (eds.) Theory and Applications of Satisfiability Testing, LNCS, vol. 2919, pp. 257-271. Springer (2004). Selected Revised Papers. Presented to SAT 2003, S. Margherita Ligure, Italy. Available at http://www.avispa-project.org
9. AAmando, A., Compagna, L.: SATMC: a SAT-based model checker for security protocols. In: Proceedings of the 9th European Conference on Logics in Artificial Intelligence (JELIA 2004), LNAI, vol. 3229. Springer, Lisbon (2004)
10. Armando, A., Compagna, L., Ganty, P.: SAT-based model- checking of security protocols using planning graph analysis. In: Proceedings of FME'2003, LNCS, vol. 2805. Springer (2003)
11. Armando, A., Compagna, L., Lierler, Y.: Automatic compilation of protocol insecurity problems into logic programming. In: Proceedings of the 9th European Conference on Logics in Artificial Intelligence (JELIA 2004), LNAI, vol. 3229. Springer, Lisbon (2004)
12. Basin, D., Mödersheim, S., Viganò, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) Proceedings of ESORICS'03, LNCS, vol. 2808, pp. 253-270. Springer (2003). Available at http://www.avispa-project.org
13. Basin, D., Mödersheim, S., Viganò, L.: Constraint differentiation: A new reduction technique for constraint-based analysis of security protocols. In: Atluri, V., Liu, P. (eds.) Proceedings of CCS'03, pp. 335-344. ACM Press (2003). Available at http:// www.avispa-project.org
14. Aasin, D., Mödersheim, S., Viganò, L.: OFMC: a symbolic model-checker for security protocols. Int. J. Information Security (2004) (in press)
15. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) Proceedings of TACAS'99, LNCS, vol. 1579, pp. 193-207. Springer (1999)
16. Blanchet, P.: Verification of cryptographic protocols: Tagging enforces termination. Theor. Comput. Sci. 333 (2005) (in press)
17. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of CSFW'01, pp. 82-96. IEEE Computer Society Press (2001)
18. Blanchet, B.: Automatic verification of cryptAgraphic protocols: a logic programming approach (invited talk). In: Proceedings of PPDP'03, pp. 1-3. ACM Press (2003)
19. Blanchet, B.: Automatic proof of strong secrecy for security protocols. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 86-100. IEEE Computer Society Press (2004)
20. Blum, A., Furst, M.: Fast planning through planning graph analysis. In: Proceedings of the 14th International Joint Conference on Artificial Intelligence (IJCAI 95), pp. 1636-1642 (1995). URL http:// citeseer.nj.nec.com/blum95fast.html
21. Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Control flow analysis can find new flaws too. In: Proceedings of Workshop on Issues in the Theory of Security (WITS 04) (2004). URL http://www2.imm.dtu.dk/pubdb/p.php?3058
22. Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: Proceedings of CSFW'03, pp. 126-140. IEEE Computer Society Press (2003)
23. Bugliesi, M., Focardi, R., Maffei, M.: Compositional analysis of authentication protocols. In: Schmidt, D.A. (ed.) ESOP, Lecture Notes in Computer Science, vol. 2986, pp. 140-154. Springer (2004). URL http:// springerlink.metapress.com/openurl.asp?genre=article&issn= 0302-9743&volume=2986&spage=140
24. Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55-69 (1999). URL http://citeseer.nj.nec.com/cervesato99metanotation.html
25. Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drieslma, P., Mantovani, J., Mödersheim, S., Vigneron, L.: A high level protocol specification language for industrial security-sensitive protocols. In: Proceedings of SAPS'2004 (2004)
26. Chevalier, Y., Vigneron, L.: Automated unbounded verification of security protocols. In: Brinksma, E., Larsen, K.G. (eds.) Proceedings of CAV'02, LNCS, vol. 2404, pp. 324-337. Springer (2002)
27. Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0, 17. Nov. 1997 (1997). URL: http://www.cs.york.ac.uk/~jac/ papers/drareview.ps.gz
28. Clarke, E.M., Jha, S., Marrero, W.R.: Partial order reductions for security protocol verification. In: TACAS, pp. 503-518 (2000)
29. Compagna, L.: SAT-based model-checking of security protocols. Ph.D. thesis, Università degli Studi di Genova and the University of Edinburgh (joint programme) (2005)
30. Corin, R., Etalle, S.: An improved constraint-based system for the verification of security protocols. In: Proceedings of SAS 2002, LNCS, vol. 2477, pp. 326-341. Springer (2002)
31. Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2 (29) (1983) (in press)
32. Donovan, B., Norris, P., Lowe, G.: Analyzing a library of security protocols using Casper and FDR. In: Proceedings of the Workshop on Formal Methods and Security Protocols (1999)
33. Durante F., Gorrieri: CVS at work: a report on new failures upon some cryptographic protocols. In: MMMACNS: International Workshop on Methods, Models and Architectures for Network Security, LNCS (2001)
34. Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols (2002)
35. Ernst, M.D., Millstein, T.D., Weld, D.S.: Automatic SAT- compilation of planning problems. In: Proceedings of the 15th International Joint Conference on Artificial Intelligence (IJCAI-97), pp. 1169-1177. Morgan Kaufmann (1997)
36. Even, S., Goldreich, O.: On the security of multi-party ping pong protocols. In: Proceedings of 24th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society (1983)
37. FáWrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: why a security protocol is correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 160-171. IEEE Computer Society Press, New York (1998)
38. Focardi, R., Gorrieri, R., Martinelli, F.: Secrecy in security protocols as non interference. Electr. Notes Theor. Comput. Sci 32 (2000). URL http://www.elsevier.com/gej-ng/31/29/23/57/23/show/Products/notes/ index.htt#007
39. Ghallab, M., Howe, A., Knoblock, C., McDermott, D., Ram, A., Veloso, M., Weld, D., Wilkins, D.: The PDDL planning domain definition language (1998). The AIPS-98 Planning Competition Commitee
40. Gordon, J.: Typing correspondence assertions for communication protocols. Theor. Comput. Sci. 300 (2003) (in press)
41. Gordon A.D. and Jeffrey A. (2003). Authenticity by typing for security protocols. J. Comput. Security 11(4): 451-520
42. Hansen, S.M., Skriver, J., Nielson, H.R.: Using static analysis to validate the SAML single sign-on protocol. In: WITS (2005). URL http:// www2.imm.dtu.dk/pubdb/p.php?3657
43. Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. In: Proceedings of the 13th computer Security Foundations Workshop (CSFW'00). IEEE Computer Society Press (2000)
44. ISO/IEC: ISO/IEC 9798-3: Information technology - Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques (1997)
45. Kautz, H., McAllester, H., Selman, B.: Encoding plans in propositional logic. In: Aiello, L.C., Doyle, J., Shapiro S. (eds.) KR'96: Principles of Knowledge Representation and Reasoning, pp. 374-384. Morgan Kaufmann (1996)
46. Kautz, H.A., Selman, B.: Planning as satisfiability. In: ECAI, pp. 359-363 (1992)
47. Lifschitz, V.: Answer set programming and plan generation. Artif. Intell. 138 (1-2), 39-54 (2002). doi: http://dx.doi.org/10.1016/ S0004-3702(02)00186-8
48. Lin F. and Zhao Y. (2004). ASSAT: Computing answer sets of a logic program by SAT solvers. Artif. Intell. 157(1-2): 115-137
49. Lowe, G.: Breaking and fixing the Needham-Shroeder Public-Key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) Proceedings of TACAS'96, LNCS, vol. 1055, pp. 147-166. Springer (1996)
50. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW'97), pp. 31-43. IEEE Computer Society Press (1997)
51. Lowe, G.: Towards a completeness result for model checking of security protocols. In: Proceedings of CSFW'98. IEEE Computer Society Press (1998). URL http://citeseer.nj.nec.com/article/lowe98towards.html
52. Marrero, W.R., Clarke, E.M., Jha, S.: Model checking for security protocols. In: DIMACS Workshop on Design and Formal Verication of Security Protocols (1997)
53. Martinelli F. (2003). Analysis of security protocols as open systems. Theor. Comput Sci. 290(1): 1057-1106
54. Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the ACM Conference on Computer and Communications Security CCS'01, pp. 166-175 (2001)
55. Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using murphi. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 141-153 (1997)
56. Moskewicz, M.W., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: engineering an efficient SAT solver. In: Proceedings of the 38th Design Automation Conference (DAC'01) (2001). URL http://www.ee.princeton.edu/ ~chaff/DAC2001v56.pdf
57. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Tech. Rep. CSL-78-4, Xerox Palo Alto Research Center, Palo Alto (1978). Reprinted June 1982
58. Niemelä I. (1999). Logic programs with stable model semantics as a constraint programming paradigm. Ann. Math. Artif. Intell. 25(3-4): 241-273
59. Paulson L.C. (1998). The inductive approach to verifying cryptographic protocols. J. Comput. Security 6(1): 85-128
60. Rintanen, J., Heljanko, K., Niemelä, I.: Planning as satisfiability: Parallel plans and algorithms for plan search (2005). Submitted for journal publication. Eearlier version: Technical report 216, Albert-Ludwigs-Universität Freiburg, Institut fnr Informatik, 2005. Available at URL http://www.informatik.uni-freiburg.de/~rintanen
61. Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions is NP-complete. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press (2001)
62. Song D., Berezin S. and Perrig A. (2001). Athena: A novel approach to efficient automatic security protocol analysis. J. Comput. Security 9: 47-74
63. Sperschneider V. and Antoniou G. (1991). Logic: A Foundation for Computer Science. Addison-Wesley, Reading
64. Turuani, M.: Sécurité des Protocoles Cryptographiques: Décidabilité et Complexité. Ph.D. thesis, Université Henri Poincaré, Nancy (2003)