SATMC: A SAT-Based Model Checker for Security-Critical Systems

We present SATMC 3.0, a SAT-based bounded model checker for security-critical systems that stems from a successful combination of encoding techniques originally developed for planning with techniques developed for the analysis of reactive systems. SATMC has been successfully applied in a variety of application domains (security protocols, security-sensitive business processes, and cryptographic APIs) and for different purposes (design-time security analysis and security testing). SATMC strikes a balance between general purpose model checkers and security protocol analyzers as witnessed by a number of important success stories including the discovery of a serious man-in-the-middle attack on the SAML-based Single Sign-On (SSO) for Google Apps, an authentication flaw in the SAML 2.0 Web Browser SSO Profile, and a number of attacks on PKCS#11 Security Tokens. SATMC is integrated and used as back-end in a number of research prototypes (e.g., the AVISPA Tool, Tookan, the SPaCIoS Tool) and industrial-strength tools (e.g., the Security Validator plugin for SAP NetWeaver BPM).

[1]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[2]  Achim D. Brucker,et al.  Business Process Compliance via Security Validation as a Service , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[3]  Graham Steel,et al.  An Introduction to Security API Analysis , 2011, FOSAD.

[4]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[5]  Luca Viganò The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[6]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[7]  Roberto Gorrieri,et al.  Foundations of Security Analysis and Design VII , 2014, Lecture Notes in Computer Science.

[8]  Bart Selman,et al.  Encoding Plans in Propositional Logic , 1996, KR.

[9]  Philip Wadler Call-by-Value Is Dual to Call-by-Name - Reloaded , 2005, RTA.

[10]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[11]  Alessandro Armando,et al.  An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations , 2013, Comput. Secur..

[12]  Sebastian Mödersheim,et al.  The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures , 2012, TACAS.

[13]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[14]  J. LaFountain Inc. , 2013, American Art.

[15]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .

[16]  Toby Walsh,et al.  Handbook of satisfiability , 2009 .

[17]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[18]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[19]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[20]  Alessandro Armando,et al.  SAT-based model-checking for security protocols analysis , 2008, International Journal of Information Security.

[21]  Alessandro Armando,et al.  LTL Model Checking for Security Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[22]  Alessandro Armando,et al.  Model Checking of Security-Sensitive Business Processes , 2009, Formal Aspects in Security and Trust.

[23]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[24]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[25]  Alessandro Armando,et al.  Formal Modeling and Automatic Security Analysis of Two-Factor and Two-Channel Authentication Protocols , 2013, NSS.

[26]  Luca Compagna,et al.  Security Validation of Business Processes via Model-Checking , 2011, ESSoS.

[27]  Alessandro Armando,et al.  LTL model checking for security protocols , 2009, J. Appl. Non Class. Logics.

[28]  Sebastian Mödersheim,et al.  OFMC: A Symbolic Model-Checker for Security Protocols , 2004 .

[29]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[30]  Úlfar Erlingsson,et al.  Engineering Secure Software and Systems , 2011, Lecture Notes in Computer Science.

[31]  Frank Wolter,et al.  Semi-qualitative Reasoning about Distances: A Preliminary Report , 2000, JELIA.

[32]  Marco Pistore,et al.  Nusmv version 2: an opensource tool for symbolic model checking , 2002, CAV 2002.

[33]  Avrim Blum,et al.  Fast Planning Through Planning Graph Analysis , 1995, IJCAI.

[34]  Alessandro Armando,et al.  SATMC: a SAT-based model checker for security protocols, business processes, and security APIs , 2004, International Journal on Software Tools for Technology Transfer.