Model based security verification of protocol implementation

Finite transition models such as Automata, Labeled Transition System, have been widely used to model and analyze the complex system and protocol implementations. Those methods model the systems with states and transitions, and present them with a reachable graph. Properties of the systems such as conformance, robustness, and interoperability, can be verified through the test cases, which are generated from those reachable graphs. But these methods are still hard to adopt the requirements of security protocols, because first of all, in the classic definition of transition model, the non-negligible security properties (such as nonce, encryption etc.) cannot be described and analyzed. In addition, security protocols usually need to concern the malicious actions from the probable intruders, which is also an obstacle to classical transition based modeling. In this article, we firstly extend the standard Input Output Labeled Transition System (IOLTS) model to a secure and glued IOLTS (SG IOLTS) model, which can include security properties and their associated security functions. Then we propose a general finite intruder model, which makes the final reachable graph of the whole system contains the malicious actions from?intruders. A corresponding algorithm for automatic test generation is also given and?an example of verifying Needham-Schroeder-Lowe (NSL) protocol is proposed in the?end.

[1]  Ousmane Koné,et al.  Test generation for interworking systems , 2000, Comput. Commun..

[2]  Ferhat Khendek,et al.  Compositional Testing of Communication Systems , 2006, TestCom.

[3]  David Lee,et al.  Formal methods and tools for testing communication protocol system security , 2008 .

[4]  David Lee,et al.  A model-based approach to security flaw detection of network protocol implementations , 2008, 2008 IEEE International Conference on Network Protocols.

[5]  Ousmane Koné,et al.  Network Securing against Threatening Requests , 2011, DPM/SETOP.

[6]  Ousmane Koné Conformance testing to real-time communications systems , 2002, Comput. Commun..

[7]  Ousmane Koné,et al.  Security and Robustness by Protocol Testing , 2014, IEEE Systems Journal.

[8]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[9]  Ana R. Cavalli,et al.  An EFSM-Based Intrusion Detection System for Ad Hoc Networks , 2005, ATVA.

[10]  David Lee,et al.  Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[11]  Ousmane Koné,et al.  A Robustness Testing Method for Network Security , 2011, ICGS3/e-Democracy.

[12]  Alexandre Petrenko,et al.  Confirming configurations in EFSM testing , 2004, IEEE Transactions on Software Engineering.

[13]  Mercedes G. Merayo,et al.  Extending EFSMs to Specify and Test Timed Systems with Action Durations and Time-Outs , 2008, IEEE Transactions on Computers.

[14]  Richard Lai,et al.  A survey of communication protocol testing , 2002, J. Syst. Softw..