Abstract
We introduce AVISS, a tool for security protocol analysis that supports the integration of back-ends implementing different search techniques, allowing for their systematic and quantitative comparison and paving the way to their effective interaction. As a significant example, we have implemented three back-ends, and used the AVISS tool to analyze and find flaws in 36 protocols, including 31 problems in the Clark-Jacob’s protocol library and a previously unreported flaw in the Denning-Sacco protocol.
This work was supported by the FET Open Assessment Project IST-2000-26410, “AVISS: Automated Verification of Infinite State Systems”.
Chapter PDF
Similar content being viewed by others
References
D. Basin. Lazy infinite-state analysis of security protocols. In Secure Networking — CQRE’99, LNCS 1740, pp. 30–42. Springer, 1999.
J. Clark and J. Jacob. A Survey of Authentication Protocol Literature: Version 1.0, 17. Nov. 1997. URL http://www.cs.york.ac.uk/~jac/papers/drareview.ps.gz.
G. Denker and J. Millen. CAPSL Intermediate Language. In Proc. of FMSP’99. URL for CAPSL and CIL: http://www.csl.sri.com/~millen/capsl/.
B. Donovan, P. Norris, and G. Lowe, Analyzing a library of protocols using Casper and FDR. In Proc. of FMSP’99.
F. Jacquemard, M. Rusinowitch, and L. Vigneron. Compiling and Verifying Security Protocols. In Proc. of LPAR’00, LNCS 1955, pp. 131–160. Springer, 2000.
G. Lowe. Casper: a compiler for the analysis of security protocols. J. of Computer Security, 6(1):53–84, 1998. URL for Casper: http://web.comlab.ox.ac.uk/ oucl/work/gavin.lowe/Security/Casper/index.html.
C. Meadows. The NRL protocol analyzer: An overview. J. of Logic Programming, 26(2):113–131, 1996. http://chacs.nrl.navy.mil/projects/crypto.html.
M. W. Moskewicz, C. F. Madigan, Y. Zhao, L. Zhang, and S. Malik. Chaff: Engineering an Efficient SAT Solver. In Proc. of DAC’01. 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Armando, A. et al. (2002). The AVISS Security Protocol Analysis Tool. In: Brinksma, E., Larsen, K.G. (eds) Computer Aided Verification. CAV 2002. Lecture Notes in Computer Science, vol 2404. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45657-0_27
Download citation
DOI: https://doi.org/10.1007/3-540-45657-0_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43997-4
Online ISBN: 978-3-540-45657-5
eBook Packages: Springer Book Archive