An intruder model with message inspection for model checking security protocols

Basagiannis, Stylianos; Katsaros, Panagiotis; Pombortsis, Andreas

doi:10.1016/j.cose.2009.08.003

Cited by 8 publications

(3 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, we intend to provide support for additional nonfunctional requirements related to energy consumption() and security aspects. For the latter, it has been planned to extend the design flow with BIP components that model the security mechanisms of the Contiki OS for being able to identify vulnerabilities and verify the IoT system's protection against node spoofing attacks and denial of service attempts. In another perspective, it is worth to consider using the secure BIP extension as a means for the analysis and synthesis of security configurations in IoT applications that can ensure data and event noninterference…”

Section: Resultsmentioning

confidence: 99%

Model‐based design of IoT systems with the BIP component framework

et al. 2018

Self Cite

View full text Add to dashboard Cite

The design of software for networked systems with nodes running an Internet of things operating system faces important challenges due to the heterogeneity of interacting things and the constraints stemming from the often limited amount of available resources. In this context, it is hard to build confidence that a design solution fulfills the application's requirements. This paper introduces a design flow for web service applications of the representational state transfer style that is based on a formal modeling language, the behaviour, interaction, priority (BIP) component framework. The proposed flow applies the principles of separation of concerns in a component-based design process that supports the modular design and reuse of model artifacts. The BIP tools for state-space exploration allow verifying qualitative properties for service responsiveness, ie, the timely handling of events. Moreover, essential quantitative properties are validated through statistical model checking of a stochastic BIP model. All properties are preserved in actual implementation by ensuring that the deployed code is consistent with the validated model. We illustrate the design of a representational state transfer sense-compute-control application for a Wireless Personal Area Network architecture with nodes running the Contiki operating system. The results validate qualitative and quantitative properties for the system and include the study of error behaviours.

show abstract

Section: Resultsmentioning

confidence: 99%

Model‐based design of IoT systems with the BIP component framework

et al. 2018

Self Cite

View full text Add to dashboard Cite

show abstract

“…A -> S: {Kab}_Kas S -> B: {Kab}_Kbs [18]. Support for other intruder models such as algebraic intruder model [11], message-based inspection model [7], and multiagent based systems semantics [25], can be integrated with AVISPA's communication channel in the future [30]. AVISPA's selection of this model is supported by the fact that this model can emulate the actions of an arbitrary adversary [12], and it is also very challenging because it gives advantage to the intruder as opposed to other models [12].…”

Section: High Level Protocol Specification Languagementioning

confidence: 99%

Formal validation of the security properties of AMT's three-way handshake

Salem

Atwood

2011

2011 IEEE 36th Conference on Local Computer Networks

View full text Add to dashboard Cite

Formal Validation of Security Properties of AMT's Three-way Handshake Ali SalemMulticasting is a technique for transmitting the same information to multiple receivers over IP networks. It is often deployed on streaming media applications over the Internet and private networks. The biggest problem multicast introduces today is that it is an "all or nothing" solution. Every element on the path between the source and the receivers (links, routers, firewalls) requires multicast protocols to be enabled. Furthermore, multicast has a conceptual business model, and therefore is not an easy case to make. These factors, embedded deep in technology, but ultimately shaped by economics, led to a lack of multicast deployment. To address this problem, the AMT (Automatic IP Multicast without explicit Tunnels) specification has been developed by the Network Working Group at the IETF. This specification is designed to provide a mechanism for a migration path to a fully multicast-enabled backbone.It allows multicast to reach unicast-only receivers without the need for any explicit tunnels between the receiver and the source. We have formally validated the three-way handshake in the AMT specification using AVISPA against two main security goals: secrecy and authentication. We have demonstrated that the authentication goal is not met: an attacker can masquerade as an AMT relay, and the AMT gateway (at the end user) cannot distinguish a valid relay from an invalid one. Another attack was also found where an intruder can disconnect or shutdown a valid session for a valid end-user using a replay attack.

show abstract

“…Considering the proposed flow for IoT systems, we intend to provide support for additional extra-functional requirements, related to energy consumption [136], [153] and security aspects. For the latter, it has been planned to extend the design flow with BIP components that model security mechanisms of the Contiki OS [154], for being able to identify vulnerabilities and verify the IoT system's protection against malicious attacks, such as node spoofing [155] and denial of service [156].…”

Section: Future Research Prospectsmentioning

confidence: 99%

Correct by construction model based design for systems and software

Stachtiari¹,

Στάχτιαρη²

View full text Add to dashboard Cite

Η παρούσα διατριβή εισάγει τεχνικές για την αυστηρή και από κατασκευής ορθή σχεδίαση συστημάτων. Ειδικότερα, εστιάσαμε στο πώς μπορούμε να παράγουμε και να επικυρώνουμε ένα λειτουργικό μοντέλο της εφαρμογής που προκύπτει από ένα σύνολο απαιτήσεων ή από τον κώδικα της εφαρμογής. Αρχικά, ασχοληθήκαμε με την πρώιμη επικύρωση των απαιτήσεων και της σχεδίασης του συστήματος, ώστε να εξαλειφθεί η ανάγκη επαλήθευσης εκ των υστέρων και να περιοριστούν οι έλεγχοι επικύρωσης κατά τα τελευταία στάδια ανάπτυξης. Δεύτερον, εστιάσαμε στην αυτόματη δημιουργία λειτουργικών μοντέλων εφαρμογών από προγράμματα με εμφωλευμένη σύνταξη, διατηρώντας τη σημασιολογία των προγραμμάτων. Τέλος, προτείναμε μία ροή σχεδίασης που αποσκοπεί στη διατήρηση της συνέπειας μεταξύ του λειτουργικού μοντέλου και του κώδικα εφαρμογής μέσω της χρήσης μιας νέας γλώσσας ειδικού σκοπού, κατάλληλης για τη σχεδίαση συστημάτων περιορισμένων πόρων του διαδικτύου των αντικειμένων.

show abstract

An intruder model with message inspection for model checking security protocols

Cited by 8 publications

References 35 publications

Model‐based design of IoT systems with the BIP component framework

Model‐based design of IoT systems with the BIP component framework

Formal validation of the security properties of AMT's three-way handshake

Correct by construction model based design for systems and software

Contact Info

Product

Resources

About