Pages: [1]   Go Down
Author Topic: Seminario-Model-Checking Driven Security Testing of Web-based Security Protocols  (Read 4220 times)
0 Members e 1 Utente non registrato stanno visualizzando questa discussione.
Gianni Nigita
Offline Offline

Gender: Male
Posts: 74


« on: 03-11-2011, 15:15:08 »

Cari ragazzi,

volevo avvisarvi (e per i dottorandi ricordarvi) che oggi si terrà un seminario dal titolo "Model-Checking Driven Security Testing of Web-based Security Protocols". Nell'aula 24 dalle ore 17:00 alle 18:30. Parlerà il dott. Giancarlo Pellegrino (PhD student at SAP Labs France/Institut Eurécom). L'abstract del seminario è il seguente:

Model checkers have been remarkably successful in finding flaws in security protocols. Given a model of the protocol and a specification of the expected security property, a model checker automatically carries out a systematic exploration of the state space and in doing so is able to spot flaws that are very difficult to find by using traditional verification techniques (e.g. testing). Since implementations of the protocol often feature mechanisms that are abstracted away in the model, attack traces found by the model checker are not necessarily reproducible in the implementation. Unfortunately checking the feasibility of attack traces returned by a model checker is a difficult and a labor-intensive activity. This talk illustrates an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. The approach has been able to automatically detect and reproduce an attack witnessing an authentication flaw in the SAML-based Single Sign-On for Google Apps.
Pages: [1]   Go Up
Jump to: