Scenario-based specification of security protocols and transformation to security model checkers
- 16 October 2020
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems
Abstract
Security protocols ensure secure communication between and within systems such as internet services, factories, and smartphones. As evidenced by numerous successful attacks against popular protocols such as TLS, designing protocols securely is a tedious and error-prone task. Model checkers greatly aid protocol verification, yet any single model checker is oftentimes insufficient to check a protocol's security in full. Instead, engineers are forced to maintain multiple overlapping and hopefully non-contradicting and non-diverging specifications, one per model-checking tool---an error-prone task. To address this problem, this paper presents VICE, a scenario-based approach to security-protocol verification. It provides a visual modeling language based for specifying security protocols independent of the model checker. It then automatically transforms the relevant fragments of these models into equivalent inputs to multiple model checkers. In result, VICE completely relieves the security engineer from choosing and specifying queries via a fully automatic generation of all necessary queries. Through a case study involving real-world specifications of eight security protocols, we show that VICE is applicable in practice.Keywords
Funding Information
- European Regional Development Fund (ERDF-0801379)
This publication has 24 references indexed in Scilit:
- Evolution of the UML Interactions MetamodelLecture Notes in Computer Science, 2013
- An evaluation of timed scenario notationsJournal of Systems and Software, 2010
- Guidelines for conducting and reporting case study research in software engineeringEmpirical Software Engineering, 2008
- Assert and negate revisited: Modal semantics for UML sequence diagramsSoftware and Systems Modeling, 2007
- A semantic model for authentication protocolsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- SecureUML: A UML-Based Modeling Language for Model-Driven SecurityLecture Notes in Computer Science, 2002
- Case studies for method and tool evaluationIEEE Software, 1995
- A logic of authenticationACM Transactions on Computer Systems, 1990
- Using one-way functions for authenticationACM SIGCOMM Computer Communication Review, 1989
- Timestamps in key distribution protocolsCommunications of the ACM, 1981