Formal prototyping in early stages of protocol design

Goodloe, Alwyn E.; Gunter, Carl A.; Stehr, Mark-Oliver

doi:10.1145/1045405.1045413

Cited by 15 publications

(17 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the attack is not found, then the search or model checking command is repeated for the maxActions/duration-pair (2, 4). And so the process continues with the pairs (3, 3), (2,5), (3,4), (4,3), (2,6), . .…”

Section: A Complete Analysis Methods For Non-zeno Intrudersmentioning

confidence: 99%

“…Another advantage of our approach compared to using domain-specific crypto-analysis tools is that we can include the cryptographic protocol as a part of a larger system, or in combination with other kinds of protocols, and that we can model much larger and complex protocols for which Maude has proved useful in the untimed setting [5]. Furthermore, our tool allows simulation for prototyping purposes, and provides expressive analysis features to allow model checking of a wide range of properties beyond just reachability properties.…”

Section: Time-bounded Ltl Model Checking Can Be Usedmentioning

confidence: 99%

See 1 more Smart Citation

Formal Analysis of Time-Dependent Cryptographic Protocols in Real-Time Maude

Ölveczky

Grimeland

2007

2007 IEEE International Parallel and Distributed Processing Symposium

View full text Add to dashboard Cite

This paper investigates the suitability of applying the general-purpose Real-Time Maude tool to the formal specification and model checking analysis of timedependent cryptographic protocols. We restrict the intruders so that they become non-Zeno, and propose a complete analysis method for finding attacks that are reachable from the initial state. Our method has been used on the benchmark wide-mouthed frog (WMF) and Kerberos protocols, on which we can find all the well known flaws in short time. We use the WMF protocol to illustrate formal specification and the use of our method to analyze timed authentication properties.

show abstract

Section: A Complete Analysis Methods For Non-zeno Intrudersmentioning

confidence: 99%

Section: Time-bounded Ltl Model Checking Can Be Usedmentioning

confidence: 99%

Formal Analysis of Time-Dependent Cryptographic Protocols in Real-Time Maude

Ölveczky

Grimeland

2007

2007 IEEE International Parallel and Distributed Processing Symposium

View full text Add to dashboard Cite

show abstract

“…There has been a large body of work on verifying the correctness of various network protocol design and implementations using proof-based and model-checking techniques [5,16,13]. The program logic presented here is customized to proving safety properties of SANDLog programs, and may not be expressive enough to verify complex correctness properties.…”

Section: Related Workmentioning

confidence: 99%

A Program Logic for Verifying Secure Routing Protocols

Chen

Jia

et al. 2014

Formal Techniques for Distributed Objects, Components, and Systems

View full text Add to dashboard Cite

Abstract. The Internet, as it stands today, is highly vulnerable to attacks. However, little has been done to understand and verify the formal security guarantees of proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In this paper, we develop a sound program logic for SANDLog-a declarative specification language for secure routing protocols-for verifying properties of these protocols. We prove invariant properties of SANDLog programs that run in an adversarial environment. As a step towards automated verification, we implement a verification condition generator (VCGen) to automatically extract proof obligations. VCGen is integrated into a compiler for SANDLog that can generate executable protocol implementations; and thus, both verification and empirical evaluation of secure routing protocols can be carried out in this unified framework. To validate our framework, we encoded several proposed secure routing mechanisms in SANDLog, verified variants of path authenticity properties by manually discharging the generated verification conditions in Coq, and generated executable code based on SANDLog specification and ran the code in simulation.

show abstract

“…In addition to our use of Maude for analyzing BGP instances, there is also a huge literature of using Maude for other complex systems, such as security protocols [11] , real-time systems [20], and active networking [5].…”

Section: Related Workmentioning

confidence: 99%

Analyzing BGP Instances in Maude

Wang

Talcott

Jia

et al. 2011

Formal Techniques for Distributed Systems

View full text Add to dashboard Cite

Analyzing Border Gateway Protocol (BGP) instances is a crucial step in the design and implementation of safe BGP systems. Today, the analysis is a manual and tedious process. Researchers study the instances by manually constructing execution sequences, hoping to either identify an oscillation or show that the instance is safe by exhaustively examining all possible sequences. We propose to automate the analysis by using Maude, a tool based on rewriting logic. We have developed a library specifying a generalized path vector protocol, and methods to instantiate the library with customized routing policies. Protocols can be analyzed automatically by Maude, once users provide specifications of the network topology and routing policies. Using our Maude library, protocols or policies can be easily specified and checked for problems. To validate our approach, we performed safety analysis of well-known BGP instances and actual routing configurations. Abstract. Analyzing Border Gateway Protocol (BGP) instances is a crucial step in the design and implementation of safe BGP systems. Today, the analysis is a manual and tedious process. Researchers study the instances by manually constructing execution sequences, hoping to either identify an oscillation or show that the instance is safe by exhaustively examining all possible sequences. We propose to automate the analysis by using Maude, a tool based on rewriting logic.We have developed a library specifying a generalized path vector protocol, and methods to instantiate the library with customized routing policies. Protocols can be analyzed automatically by Maude, once users provide specifications of the network topology and routing policies. Using our Maude library, protocols or policies can be easily specified and checked for problems. To validate our approach, we performed safety analysis of well-known BGP instances and actual routing configurations.

show abstract

Formal prototyping in early stages of protocol design

Cited by 15 publications

References 26 publications

Formal Analysis of Time-Dependent Cryptographic Protocols in Real-Time Maude

Formal Analysis of Time-Dependent Cryptographic Protocols in Real-Time Maude

A Program Logic for Verifying Secure Routing Protocols

Analyzing BGP Instances in Maude

Contact Info

Product

Resources

About