Generating attack scenarios for the validation of security protocol implementations

Eliane MartinsAnderson MoraisAna Cavalli

In this paper we consider the validation of security protocols, whose aim is to ensure some security properties when the communication medium is not reliable. The goal is to uncover protocol vulnerabilities that an attacker can exploit and cause security failures. Our approach uses a fault injector to inject attacks into a communication system and observe whether the security properties are violated. One of the key problems is: how to generate successful attacks that will indicate the existence of vulnerabilities? We propose an approach that is similar to model-based testing, as we derive attack scenarios from an attack model representing known attacks to the protocol under test. The approach can be completely supported by tools, as is shown in the paper.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: