SATMC: A SAT-Based Model Checker for Security-Critical Systems

  • Alessandro Armando
  • Roberto Carbone
  • Luca Compagna
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8413)


We present SATMC 3.0, a SAT-based bounded model checker for security-critical systems that stems from a successful combination of encoding techniques originally developed for planning with techniques developed for the analysis of reactive systems. SATMC has been successfully applied in a variety of application domains (security protocols, security-sensitive business processes, and cryptographic APIs) and for different purposes (design-time security analysis and security testing). SATMC strikes a balance between general purpose model checkers and security protocol analyzers as witnessed by a number of important success stories including the discovery of a serious man-in-the-middle attack on the SAML-based Single Sign-On (SSO) for Google Apps, an authentication flaw in the SAML 2.0 Web Browser SSO Profile, and a number of attacks on PKCS#11 Security Tokens. SATMC is integrated and used as back-end in a number of research prototypes (e.g., the AVISPA Tool, Tookan, the SPaCIoS Tool) and industrial-strength tools (e.g., the Security Validator plugin for SAP NetWeaver BPM).


Model Checker Planning Graph Security Protocol Horn Clause Security Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Armando, A., et al.: The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Armando, A., et al.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: 20th IEEE Computer Security Foundations Symposium (CSF), pp. 385–396. IEEE Computer Society (2007)Google Scholar
  4. 4.
    Armando, A., Carbone, R., Compagna, L.: LTL Model Checking for Security Protocols. In: JANCL, pp. 403–429. Hermes Lavoisier (2009)Google Scholar
  5. 5.
    Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Pellegrino, G., Sorniotti, A.: An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations. Computers & Security 33, 41–58 (2013)CrossRefGoogle Scholar
  6. 6.
    Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, L.: Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps. In: Shmatikov, V. (ed.) Proc. ACM Workshop on Formal Methods in Security Engineering, pp. 1–10. ACM Press (2008)Google Scholar
  7. 7.
    Armando, A., Carbone, R., Zanetti, L.: Formal Modeling and Automatic Security Analysis of Two-Factor and Two-Channel Authentication Protocols. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 728–734. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  8. 8.
    Armando, A., Compagna, L.: SATMC: A SAT-Based Model Checker for Security Protocols. In: Alferes, J.J., Leite, J. (eds.) JELIA 2004. LNCS (LNAI), vol. 3229, pp. 730–733. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Armando, A., Compagna, L.: SAT-based Model-Checking for Security Protocols Analysis. International Journal of Information Security 7(1), 3–32 (2008)CrossRefGoogle Scholar
  10. 10.
    Armando, A., Ponta, S.E.: Model Checking of Security-Sensitive Business Processes. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 66–80. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Arsac, W., Compagna, L., Pellegrino, G., Ponta, S.E.: Security Validation of Business Processes via Model-Checking. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 29–42. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    AVANTSSAR. Deliverable 2.1: Requirements for modelling and ASLan v.1 (2008),
  13. 13.
    Basin, D., Mödersheim, S., Viganò, L.: OFMC: A Symbolic Model-Checker for Security Protocols. International Journal of Information Security (2004)Google Scholar
  14. 14.
    Biere, A.: Bounded Model Checking. In: Biere, A., Heule, M., van Maaren, H., Walsh, T. (eds.) Handbook of Satisfiability. Frontiers in Artificial Intelligence and Applications, vol. 185, pp. 457–481. IOS Press (2009)Google Scholar
  15. 15.
    Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic Model Checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: Computer Security Foundations Workshop (CSFW), pp. 82–96 (2001)Google Scholar
  17. 17.
    Blum, A., Furst, M.: Fast Planning Through Planning Graph Analysis. In: Proc. International Joint Conference on Artificial Intelligence, IJCAI 1995 (1995)Google Scholar
  18. 18.
    Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and Fixing PKCS#11 Security Tokens. In: Proc. ACM Conference on Computer and Communications Security (CCS 2010), Chicago, USA, pp. 260–269. ACM Press (2010)Google Scholar
  19. 19.
    Cimatti, A., Clarke, E., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: NuSMV 2: An OpenSource Tool for Symbolic Model Checking. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 359–364. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Compagna, L., Guilleminot, P., Brucker, A.D.: Business Process Compliance via Security Validation as a Service. In: ICST 2013, pp. 455–462 (2013)Google Scholar
  21. 21.
    OASIS Consortium. SAML V2.0 Technical Overview (March 2008),
  22. 22.
    Eén, N., Sörensson, N.: An Extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Focardi, R., Luccio, F.L., Steel, G.: An Introduction to Security API Analysis. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 35–65. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Holzmann, G.: The Spin model checker: primer and reference manual, 1st edn. Addison-Wesley Professional (2003)Google Scholar
  25. 25.
    RSA Se: Inc. PKCS#11: Cryptographic Token Interface Standard v2.20 (2004)Google Scholar
  26. 26.
    Kautz, H., McAllester, H., Selman, B.: Encoding Plans in Propositional Logic. In: Aiello, L.C., Doyle, J., Shapiro, S. (eds.) KR 1996: Principles of Knowledge Representation and Reasoning, pp. 374–384. Morgan Kaufmann (1996)Google Scholar
  27. 27.
    Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Viganò, L.: The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services. In: ICST 2013, pp. 497–498 (2013)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Alessandro Armando
    • 1
    • 2
  • Roberto Carbone
    • 2
  • Luca Compagna
    • 3
  1. 1.DIBRISUniversity of GenovaGenovaItaly
  2. 2.Security & Trust, FBKTrentoItaly
  3. 3.Product Security ResearchSAP AGSophia AntipolisFrance

Personalised recommendations