From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap

  • Alessandro Armando
  • Giancarlo Pellegrino
  • Roberto Carbone
  • Alessio Merlo
  • Davide Balzarotti
Conference paper

DOI: 10.1007/978-3-642-30473-6_3

Volume 7305 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Armando A., Pellegrino G., Carbone R., Merlo A., Balzarotti D. (2012) From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap. In: Brucker A.D., Julliand J. (eds) Tests and Proofs. TAP 2012. Lecture Notes in Computer Science, vol 7305. Springer, Berlin, Heidelberg

Abstract

Model checkers have been remarkably successful in finding flaws in security protocols. In this paper we present an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. By using our approach we have been able to automatically detect and reproduce an attack witnessing an authentication flaw in the SAML-based Single Sign-On for Google Apps.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Alessandro Armando
    • 1
    • 2
  • Giancarlo Pellegrino
    • 3
    • 4
  • Roberto Carbone
    • 2
  • Alessio Merlo
    • 1
    • 5
  • Davide Balzarotti
    • 3
  1. 1.DISTUniversità degli Studi di GenovaItaly
  2. 2.Security & Trust UnitFBK-irstTrentoItaly
  3. 3.Institute EurecomSophia AntipolisFrance
  4. 4.SAP ResearchMouginsFrance
  5. 5.Università Telematica E-CampusItaly