The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services

Viganò, Luca

doi:10.1109/icst.2013.75

Cited by 13 publications

(10 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that the concretisation and the execution of the test cases have been implemented by re-using components of the testing execution engine extracted from the SPaCIoS project [10]. Fig.…”

Section: Stiate Back-endmentioning

confidence: 99%

“…In doing so, STIATE borrows software components developed for the SPaCIoS Tool [10], [11] that are further improved with new usability features (e.g., the STIATE front-end), richer content for the mutation engine, and reduced manual effort for testing execution. We demonstrate STIATE against an application scenario employing the SAML Single Sign-On multi-party protocol, a well-known industrial security standard largely studied in previous literature.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security Threat Identification and Testing

Carbone¹,

Compagna²,

Panichella

et al. 2015

2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)

View full text Add to dashboard Cite

Business applications are more and more collaborative (cross-domains, cross-devices, service composition). Security shall focus on the overall application scenario including the interplay between its entities/devices/services, not only on the isolated systems within it. In this paper we propose the Security Threat Identification And TEsting (STIATE) toolkit to support development teams toward security assessment of their underdevelopment applications focusing on subtle security logic flaws that may go undetected by using current industrial technology. At design-time, STIATE supports the development teams toward threat modeling and analysis by identifying automatically potential threats (via model checking and mutation techniques) on top of sequence diagrams enriched with security annotations (including WHAT-IF conditions). At run-time, STIATE supportsthe development teams toward testing by exploiting the identified threats to automatically generate and execute test cases on the up and running application. We demonstrate the usage of the STIATE toolkit on an application scenario employing the SAML Single Sign-On multi-party protocol, a well-known industrial security standard largely studied in previous literature.

show abstract

“…Note that the concretisation and the execution of the test cases have been implemented by re-using components of the testing execution engine extracted from the SPaCIoS project [10]. Fig.…”

Section: Stiate Back-endmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security Threat Identification and Testing

Carbone¹,

Compagna²,

Panichella

et al. 2015

2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)

View full text Add to dashboard Cite

show abstract

“…We reported the problem to OASIS which subsequently released an errata addressing the issue. 4 We also used SATMC at SAP as a back-end for security protocol analysis and testing (AVANTSSAR [1] and SPaCIoS [28]) to assist development teams in the design and development of the SAP NetWeaver SAML Single Sign-On (SAP NGSSO) and SAP OAuth 2.0 solutions. Overall, more than one hundred different protocol configurations and corresponding formal models have been analyzed, showing that both SAP NGSSO and SAP OAuth2 services are indeed well designed.…”

Section: Success Storiesmentioning

confidence: 99%

“…SATMC has been successfully applied in variety of application domains (namely, security protocols, security-sensitive business processes, and cryptographic APIs) and for different purposes (e.g., design-time security analysis and security testing). SATMC is integrated and used as a backend in a number of research prototypes (the AVISPA Tool [2], Tookan [18], the AVANTSSAR Platform [1], and the SPaCIoS Tool [28]) and industrial-strength tools (the Security Validator plugin for SAP NetWeaver BPM 1 ). The effectiveness of SATMC is witnessed by the key role it played in the discovery of:…”

Section: Introductionmentioning

confidence: 99%

SATMC: A SAT-Based Model Checker for Security-Critical Systems

Armando

Carbone

Compagna³

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We present SATMC 3.0, a SAT-based bounded model checker for security-critical systems that stems from a successful combination of encoding techniques originally developed for planning with techniques developed for the analysis of reactive systems. SATMC has been successfully applied in a variety of application domains (security protocols, securitysensitive business processes, and cryptographic APIs) and for different purposes (design-time security analysis and security testing). SATMC strikes a balance between general purpose model checkers and security protocol analyzers as witnessed by a number of important success stories including the discovery of a serious man-in-the-middle attack on the SAML-based Single Sign-On (SSO) for Google Apps, an authentication flaw in the SAML 2.0 Web Browser SSO Profile, and a number of attacks on PKCS#11 Security Tokens. SATMC is integrated and used as back-end in a number of research prototypes (e.g., the AVISPA Tool, Tookan, the SPaCIoS Tool) and industrial-strength tools (e.g., the Security Validator plugin for SAP NetWeaver BPM).

show abstract

“…While verification is, of course, the optimal result, falsification is also extremely useful as one can often employ the discovered attack trace to directly carry out an attack on the protocol implementation (e.g., [10]) or exploit the trace to devise a suite of test cases so as to be able to analyze the implementation at run-time (e.g., [11][12][13]). …”

Section: Introductionmentioning

confidence: 99%

An interpolation-based method for the verification of security protocols

Rocchetto¹,

Viganò

Volpe

2017

JCS

View full text Add to dashboard Cite

Abstract. Interpolation has been successfully applied in formal methods for model checking and test-case generation for sequential programs. Security protocols, however, exhibit idiosyncrasies that make them unsuitable for the direct application of interpolation. We address this problem and present an interpolation-based method for security protocol verification. Our method starts from a protocol specification and combines Craig interpolation, symbolic execution and the standard Dolev-Yao intruder model to search for possible attacks on the protocol. Interpolants are generated as a response to search failure in order to prune possible useless traces and speed up the exploration. We illustrate our method by means of concrete examples and discuss the results obtained by using a prototype implementation.

show abstract

The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services

Cited by 13 publications

References 20 publications

Security Threat Identification and Testing

Security Threat Identification and Testing

SATMC: A SAT-Based Model Checker for Security-Critical Systems

An interpolation-based method for the verification of security protocols

Contact Info

Product

Resources

About