Formal analysis for robust anti-SPIT protection using model checking

International Journal of Information Security

Volumn 11, Issue 2, 2012, Pages 121-135

  Gritzalis, Dimitris ^a   Katsaros, Panagiotis ^b   Basagiannis, Stylianos ^b   Soupionis, Yannis ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

^b ARISTOTLE UNIVERSITY OF THESSALONIKI   (Greece)

Author keywords

Anti SPIT security policies; Model checking; Robustness analysis; Voice over IP (VoIP)

Indexed keywords

COMMUNICATION ERRORS; COMPLEX INTERACTION; EXECUTION SCENARIO; FORMAL ANALYSIS; HUMAN BEING; MODEL CHECKER; NON-DETERMINISM; PARAMETERIZED; POLICY DECISIONS; POLICY MANAGEMENT; ROBUSTNESS ANALYSIS; SECURITY POLICY; SESSION INITIATION PROTOCOL; SIP PROTOCOL; SIP SESSION; SPIN MODELS; VOICE OVER IP (VOIP); VOIP SERVICE;

COMMUNICATION; INTERNET; INTERNET PROTOCOLS; INTERNET TELEPHONY; SECURITY SYSTEMS; VOICE/DATA COMMUNICATION SYSTEMS;

MODEL CHECKING;

EID: 84858290269     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-012-0159-4     Document Type: Article

References (42)

1. Walsh, T., Kuhn, D.: Challenges in securing voice over IP. IEEE Secur. Priv. 3(3), 44-49 (2005)
2. Sawda, S., Urien, O.: SIP security attacks and solutions: a stateof-the-art review. In: Proceedings of the IEEE International Conference on Information and Communication Technologies: From Theory to Applications (ICTTA '06), vol. 2, pp. 3187-3191 (2006)
3. Rosenberg, J., Jennings, C.: The session initiation protocol and spam. Network Working Group, RFC 5039 (2008)
4. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley M, Schooler E.: Session Initiation Protocol (SIP), RFC 3261 (2002)
5. Marias, G., Dritsas, S., Theoharidou, M., Mallios, Y., Gritzalis, D.: SIP vulnerabilities and anti SPIT mechanisms assessment. In: Proceedings of the 16th IEEE International Conference on Computer Communications andNetworks (ICCCN 2007), USA, pp. 597-604 (2007)
6. Gritzalis, D., Mallios, Y.: A SIP-based SPIT management framework. Comput. Secur. 27(5-6), 136-153 (2008)
7. Dritsas, S., Soupionis, Y., Theoharidou, M., Mallios, J., Gritzalis, D. et al.: SPIT identification criteria implementations: effectiveness and lessons learned. In: Samarati, P. (ed.) Proceedings of the 23rd International Information Security Conference (SEC-2008), pp. 381-395. Springer, Berlin (2008)
8. Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT calls by checking human communication patterns. In: Proceedings of IEEE International Conference on Communications (ICC'07), pp. 1979-1984 (2007)
9. Graham-Rowe, D.: A Sentinel to screen phone calls technology, Technology review (http://www.technologyreview.com/read_article.aspx?id=17300&ch=infotech) (2006). Accessed 8 Nov 2010)
10. Winslett, M.: Policy-driven distributed authorization: status and prospects. In: Proceedings of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 12-18 (2007)
11. Soupionis, Y., Dritsas, S., Gritzalis, D.: An adaptive policy-based approach to SPIT management. In: Lopez, J., Jajodia, S. (eds.) Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS 2008), pp. 446-460. Springer, Berlin (2008)
12. Soupionis, Y., Basagiannis, S., Katsaros, P., Gritzalis, D.: A formally verified mechanism for countering SPIT. In: Xenakis C., Wolthusen S. (eds.) Proceedings of the 5th International Conference on Critical Information Infrastructure Security (CRITIS-2010), pp. 128-139, Springer (2010)
13. Antispit Policy Schema (http://users.auth.gr/~basags/sip/AntiSpit_Policy_Schema_1.xsd)
14. Quittek, J., Niccolini, S., Tarterelli, S., Schlegel, R.: Prevention of Spam over IP Telephony (SPIT). NEC Tech. J. 1(2), 114-119 (2006)
15. Agrawal, D., Giles, J., Lee, K.-W., Voruganti, K., Filali-Adib, K.: Policy-based validation of san configuration. In: Proceedings of International Workshop on Policies for Distributed Systems and Networks (2004)
16. Agrawal, D., Calo, S., Giles, J., Lee, K.-W. Verma, D.: Policymanagement for networked systems and applications. In: Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (2005)
17. Baralis, E., Widom, J.: An algebraic approach to static analysis of active database rules. ACM Trans. Database Syst. 25(3), 269-332 (2000)
18. Sloman, M., Lupu, E.: Security and management policy specification. IEEE Network Special Issue on Policy-Based Networking 16(2), 10-19 (2002)
19. Gama, P., Ferreira P.: Obligation policies: an enforcement platform. In: Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY '05) (2005)
20. Basagiannis, S., Katsaros, P., Pombortsis, A.: Intrusion attack tactics for the model checking of e-Commerce security guarantees. In: Proceedings of the 26th International Conference on Computer Safety, Reliability and Security (SAFECOMP '07), pp. 238-252, Springer, Berlin (2007)
21. Basagiannis S., Katsaros, S., Katsaros, P., Pombortsis, A.: Synthesis of attack actions using model checking for the verification of security protocols. Secur. Commun. J. 4(2), 147-161(2011)
22. Lowe, G., Roscoe, A.: Using CSP to detect errors in the TMN protocol. IEEE Trans. Softw. Eng. 23(10), 659-669 (1997)
23. Holzmann, G.: The model-checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279-295 (1997)
24. The SPIN model checker website (http://spinroot.com/) (2011). Accessed 23 May 2011
25. Holzmann, G.: The SPIN Model Checker-Primer and Reference Manual. Addison-Wesley, Reading, MA (2003)
26. ITU-TRecommendation H.323, Packet-based multimedia communications systems (2009)
27. Zave, P.: Understanding SIP through model-checking. In: Proceedings of the 2nd InternationalConference on Principles, Systems and Applications of IP Telecommunications, pp. 256-279, Springer, Berlin (2008)
28. Liu, L.: Verification of the SIP transaction using colored petri nets. In: Proceedings of the 32nd Australasian Computer Science Conference, pp. 63-72 (2009)
29. Schaeffer-Filho, A., Lupu, E., Sloman, M., Eisenbach, S.: Verification of policy-based self-managed cell interactions using alloy. In: Proceedings of the 10th IEEE International Symposium on Policies for Distributed Systems and Networks (Policy-2009), pp.37-40 (2009)
30. IEEE, IEEE Standard Glossary of Software Engineering Terminology, IEEE Standard 610.12-1990 (1990)
31. Saad-Khorchef, F., Rollet, A., Castanet, R.: A framework and a tool for robustness testing of communicating software. In: Proceedings of the ACM Symposium on Applied Computing (SAC), pp. 1461-1466 (2007)
32. Yin, X., Wang, Z., Jing, C., Wu, J.:Aformal approach to robustness testing of network protocol with time constraints. Secur. Commun. Netw. 4(6), 622-632 (2011)
33. Belli, F., Hollmann, A., Eric Wong, W.: Towards scalable robustness testing. In: Proceedings of the 4th International Conference on Secure Software Integration and Reliability Improvement, pp. 208-216 (2010)
34. Laranjeiro, N., Vieira, M., Madeira, H.: Robustness validation in service-oriented architectures. In: Architecting Dependable Systems VI, pp. 98-123, LNCS 5835, Springer, Berlin (2009)
35. Cisco Systems, Session Initiation Protocol gateway call flows and compliance information SIP messages and methods overview(http://www.cisco.com/application/pdf/en/us/guest/products/ps4032/c2001/ccmigration_09186a00800c4bb1.pdf) (2011). Accessed 07 August 2011
36. Cisco Systems, "SIP Messages and Methods Overview". (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/rel_docs/sip_flo/preface.pdf) (2011). Accessed 07 August 2011
37. SER Server, ver. 2.0 (http://www.iptel.org/ser) (2011). Retrieved 22 May 2011
38. SIPp traffic generator for the SIP protocol (http://sipp.sourceforge.net/) (2010). Accessed 17 August 2010
39. The SIP-aSPMv2 Model (http://users.auth.gr/~basags/sip/SIPaSPMv2.prom)
40. Völzer, H., Varacca, D., Kindler, E.: Defining fairness. In: Proceedings of 15th International Conference on Concurrency Theory (CONCUR), pp. 458-472, Springer, Berlin (2005)
41. Sistla, A.: Safety, liveness, and fairness in temporal logic. Formal Aspects Comput. 6, 495-511 (1994)
42. Soupionis, Y., Gritzalis, D.: ASPF: an adaptive anti-SPIT policybased framework. In: Pernul G., et al. (ed.) Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES-2011), pp. 153-160, Austria (2011)