Security protocol testing using attack trees

Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009

Volumn 2, Issue , 2009, Pages 690-697

  Morais, Anderson ^a   Martins, Eliane ^a   Cavalli, Ana ^b   Jimenez, Willy ^b  

^a UNIVERSITY OF CAMPINAS   (Brazil)

^b TELECOM PARISTECH   (France)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK TREE; DOS ATTACKS; FAULT INJECTOR; INJECTION METHOD; INJECTION TEST; MOBILE SECURITY; MODEL BASED APPROACH; SECURITY PROPERTIES; SECURITY PROTOCOLS; TEST SCENARIO; VULNERABILITY DETECTION;

COMPUTER CRIME; JET PUMPS; MAINTAINABILITY; NETWORK PROTOCOLS; REUSABILITY; TEST FACILITIES; UBIQUITOUS COMPUTING; WIRELESS NETWORKS;

NETWORK SECURITY;

EID: 70749141080     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSE.2009.206     Document Type: Conference Paper

References (24)

1. S. Dawson, F. Jahanian, and T. Mitton. Orchestra: A fault injection environment for distributed systems. Proc. 26th International Symposium on Fault-Tolerant Computing (FTCS), pp 404-414, Sendai, Japan, June 1996.
2. R.J. Drebes, G. Jacques-Silva J. F. da Trindade, T. S. Weber. A Kernel-based Communication Fault Injector for Dependability Testing of Distributed Systems. Parallel andDistributed Systems: Testing and Debugging (PADTAD-3), 2005, Haifa, Israel.
3. Herbert H. Thompson, James A. Whittaker, Florence E. Mottay. Software security vulnerability testing in hostile environments. ACM Symposium on Applied Computing (SAC) 2002: 260-264. Madrid, Spain.
4. P.C.H. Wanner, R.F. Weber. Fault Injection Tool for Network Security Evaluation. LNCS Volume 2847/2003. Dependable Computing. Pp 127-136, Sept/2003.
5. N. Neves, J. Antunes, M. Correia, P. Veríssimo, R. Neves. Using Attack Injection to Discover New Vulnerabilities. In: Proc. of the International Conference on Dependable Systems and Networks (DSN), 2006, pp 457-466.
6. PROTOS - Security Testing of Protocol Implementations. Obtained in Mai/2008 at: http://www.ee.oulu.fi/research/ouspg/protos/.
7. Avizienis, A. Laprie J.-C. Randell, B. Landwehr, C. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, Volume: 1, Issue: 1, Jan.-March 2004, pp 11-33.
8. M. Rodriguez, J.-C. Fabre, Jean Arlat. Building SWIFI Tools from Temporal Logic Specifications. In: Proc. of the International Conference on Dependable Systems and Networks (DSN), 2003, pp 95-104.
9. Hussein, M., Zulkernine, M., UMLintr: a UML profile for specifying intrusions. In Proceedings of the IEEE International Conference and Workshop on the Engineering of Computer-Based Systems, Tucson, AZ, USA, pp. 279-288 (2006).
10. B. Schneier, B., Attack Trees: Modeling Security Threats, Dr. Dobb's Journal, December 1999.
11. F. Cristian, H. Aghili, H. R. Strong, and D. Dolev. Atomic broadcast: From simple message diffusion to Byzantine agreement, in Proc. 15th Fault-Tolerant Comput. Symp., Ann Arbor, MI, 1985, pp. 200-205.
12. A. Cavalli, E. Martins, A. Morais. Use of invariant properties to evaluate the results of fault-injection-based robustness testing of protocol implementations. Proc. of 4th Workshop on Advances in Model Based Testing (AMOST'08), Lillehammer, Norway, 9-11/Abr/2008.
13. N. Paton, O. Díaz, M.H. Williams, J. Campin, A. Dinn, and A. Jaime. Dimensions of Active Behaviour. In N. Paton et M. Williams, editor, Proceedings of 1st Int. Workshop on Rules in Database Systems (RIDS'93), Edinburgh - Scotland, September 1993. Springer Verlag.
14. WAP Forum, Wireless Transport Layer Security, Version 06-Apr-2001. Obtained in May/2008 at: http://www.openmobilealliance.org/tech/affiliates/wap/ wapindex.html.
15. M.J. Saarinen, M.J., Attacks Against the WAP WTLS Protocol, May 2000. Obtained in May/2008 at: http://www.cc.jyu.fi/-mjos/.
16. D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pages 29-40, Berkeley, 1996.
17. Amenaza Technologies Limited, SecureITree. Obtained in May/2008 at: http://www.amenaza.com/.
18. J. Arlat, M. Aguera, L. Amat, Y. Crouzet, J.-C. Fabre, J.-C. Laprie, E. Martins and D. Powell. Fault Injection for Dependability Validation - A Methodology and Some Applications. IEEE Transactions on Software Engineering, 16 (2), February 1990, pp.166-182.
19. D. Dolev and A. Yao. On the security of public-key protocols. IEEE Transactions on Information Theory, 2(29): 198-208, 1983.
20. E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley, 1995.
21. ReSIST NoE. Resilience-Building Technologies: State of Knowledge, Deliverable D12, URL: http://www.resistnoe.org/outcomes/outcomes.html.
22. R. Zhang, and K. Chen, Improvements on the WTLS protocol to avoid denial of service attacks, Computers and Security, Elsevier Science, Vol. 24, No 1, pp. 76-82, 2005.
23. A.P. Moore, R.J. Ellison, R.C. Linger. Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001. March 2001.
24. F. Bachmann et al. "Volume II:. Technical Concepts of Component-Based Software Engineering - 2nd Edition". Obtained in Fev/2009 at: www.sei.cmu.edu/pub/documents/00.reports/pdf/00tr008.pdf.