SATMC: a SAT-based model checker for security protocols, business processes, and security APIs

  • Alessandro Armando
  • Roberto Carbone
  • Luca Compagna
Tacas 2014

DOI: 10.1007/s10009-015-0385-y

Cite this article as:
Armando, A., Carbone, R. & Compagna, L. Int J Softw Tools Technol Transfer (2016) 18: 187. doi:10.1007/s10009-015-0385-y

Abstract

We present SATMC 3.0, a SAT-based bounded model checker for security-critical systems that stems from a successful combination of encoding techniques originally developed for planning with techniques developed for the analysis of reactive systems. SATMC has been successfully applied in a variety of application domains (security protocols, security-sensitive business processes, and cryptographic APIs) and for different purposes (design-time security analysis and security testing). SATMC strikes a balance between general purpose model checkers and security protocol analyzers as witnessed by a number of important success stories including the discovery of a serious man-in-the-middle attack on the SAML-based single sign-on (SSO) for Google Apps, an authentication flaw in the SAML 2.0 Web Browser SSO Profile, and a number of attacks on PKCS#11 Security Tokens. SATMC is integrated and used as back-end in a number of research prototypes (e.g., the AVISPA Tool, Tookan, the SPaCIoS Tool) and industrial-strength tools (e.g., the Security Validator plugin for SAP NetWeaver BPM).

Keywords

SAT-based model checker Security protocols Business processes Security APIs 

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Alessandro Armando
    • 1
    • 2
  • Roberto Carbone
    • 2
  • Luca Compagna
    • 3
  1. 1.DIBRISUniversity of GenovaGenoaItaly
  2. 2.Security & Trust, FBKTrentoItaly
  3. 3.Product Security Research, SAP SESophia AntipolisFrance