LTL model-checking for security protocols

This thesis is about the application of automated reasoning techniques to the formal analysis of security protocols. More in detail, it proposes a general model-checking framework for security protocols based on a set-rewriting formalism that, coupled with the use of Linear Temporal Logic, allows for the specification of assumptions on principals and communication channels as well as complex security properties that are normally not handled by state-of-the-art protocol analyzers. The approach successfully combines encoding techniques originally developed for planning with bounded model-checking techniques. The effectiveness of the approach proposed is assessed against the formal analysis of relevant security protocols, with the detection of a severe security flaw in Google's SAML-based SSO for Google Apps and a previously unknown attack on a patched version of the ASW contract-signing protocol.

[1]  Bart Selman,et al.  Encoding Plans in Propositional Logic , 1996, KR.

[2]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[3]  N. Asokan,et al.  Asynchronous protocols for optimistic fair exchange , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[4]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[5]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[6]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[7]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[8]  Alessandro Armando,et al.  LTL model checking for security protocols , 2009, J. Appl. Non Class. Logics.

[9]  Alessandro Armando,et al.  SAT-based model-checking for security protocols analysis , 2008, International Journal of Information Security.

[10]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.