Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017, Article ID 7042835, 15 pages
https://doi.org/10.1155/2017/7042835
Research Article

A New Method to Analyze the Security of Protocol Implementations Based on Ideal Trace

1Computer School of Wuhan University, Wuhan 430072, China
2Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, China

Correspondence should be addressed to Huanguo Zhang; nc.ude.uhw@ssil

Received 6 May 2017; Revised 12 August 2017; Accepted 20 August 2017; Published 18 October 2017

Academic Editor: Jiankun Hu

Copyright © 2017 Fusheng Wu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. H. Zhang, W. Han, X. Lai, D. Lin, J. Ma, and J. Li, “Survey on cyberspace security,” Science China Information Sciences, vol. 58, no. 11, pp. 1–43, 2015. View at Publisher · View at Google Scholar · View at MathSciNet
  2. M. Asadzadeh Kaljahi, A. Payandeh, and M. B. Ghaznavi-Ghoushchi, “TSSL: Improving SSL/TLS protocol by trust model,” Security and Communication Networks, vol. 8, no. 9, pp. 1659–1671, 2015. View at Publisher · View at Google Scholar · View at Scopus
  3. M. Backes, M. Maffei, and D. Unruh, “Computationally sound verification of source code,” in Proceedings of the 17th ACM Conference on Computer and Communications Security, (CCS '10), pp. 387–398, ACM, New York, NY, USA, October 2010. View at Publisher · View at Google Scholar · View at Scopus
  4. J. Goubault-Larrecq and F. Parrennes, “Cryptographic protocol analysis on real C code,” in Verification, model checking, and abstract interpretation, vol. 3385 of Lecture Notes in Computer Science, pp. 363–379, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar · View at MathSciNet
  5. S. Chaki and A. Datta, “ASPIER: An automated framework for verifying security protocol implementations,” in Proceedings of the 22nd IEEE Computer Security Foundations Symposium, (CSF '09), pp. 172–185, IEEE, Port Jefferson, NY, USA, July 2009. View at Publisher · View at Google Scholar · View at Scopus
  6. M. Aizatulin, A. D. Gordon, and J. Jürjens, “Extracting and verifying cryptographic models from C protocol code by symbolic execution,” in Proceedings of the the 18th ACM conference on Computer and communications security (CCS '11), pp. 331–340, ACM, Chicago, Illinois, USA, October 2011. View at Publisher · View at Google Scholar
  7. M. Aizatulin, A. D. Gordon, and J. Jürjens, “Computational verification of C protocol implementations by symbolic execution,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 712–723, ACM, Raleigh, North Carolina, USA, October 2012. View at Publisher · View at Google Scholar
  8. J. Almeida, E. Bangerter, M. Barbosa, K. Stephan, S. Ahmad-Reza, and T. Schneider, “A certifying compiler for zero-knowledge proofs of knowledge based on Σ- protocols,” in European Symposium on Research in Computer Security, vol. 6345 of Lecture Notes in Computer Science, pp. 151–167, Springer, Berlin, Germany, 2010. View at Google Scholar
  9. S. Kiyomoto, H. Ota, and T. Tanaka, “A security protocol compiler generating C source codes,” in Proceedings of the 2nd international conference on information security and assurance, (SA '08), pp. 20–25, Busan, South Korea, IEEE, April 2008. View at Publisher · View at Google Scholar · View at Scopus
  10. C. Sarah Meiklejohn and C. Erway, “ZKPDL: A language-based system for efficient zero-knowledge proofs and electronic cash,” USENIX Conference on Security, pp. 193–206, 2010. View at Google Scholar
  11. K. Bhargavan, C. Fournet, and A. D. Gordon, “Modular verification of security protocol code by typing,” in Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (POPL '10), vol. 45, pp. 445–456, ACM, Madrid, Spain, January 2010. View at Publisher · View at Google Scholar · View at Scopus
  12. C. Sprenger and D. Basin, “Refining key establishment,” in Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium, (CSF '12), pp. 230–246, IEEE, Cambridge, MA, USA, June 2012. View at Publisher · View at Google Scholar · View at Scopus
  13. R. Milner, Communicating and mobile systems:the π-calculus, Cambridge University Press, Cambridge, UK, 1999.
  14. M. Avalle, A. Pironti, and R. Sisto, “Formal verification of security protocol implementations: a survey,” Formal Aspects of Computing, vol. 26, no. 1, pp. 99–123, 2014. View at Publisher · View at Google Scholar · View at Scopus
  15. A. Yasinsac and J. Childs, “Formal analysis of modern security protocols,” Information Sciences, vol. 171, no. 1-3, pp. 189–211, 2005. View at Publisher · View at Google Scholar · View at Scopus
  16. A. Tang, S. Sethumadhavan, and S. Stolfo, “Heisenbyte: thwarting memory disclosure attacks using destructive code reads,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, (CCS '15), pp. 256–267, Denver, Colorado, USA, October 2015. View at Publisher · View at Google Scholar · View at Scopus
  17. R. Corin and F. A. Manzano, “Efficient symbolic execution for analysing cryptographic protocol implementations,” in Engineering Secure Software and Systems, vol. 6542 of Lecture Notes in Computer Science, pp. 58–72, Springer, Berlin, Germany, 2011. View at Publisher · View at Google Scholar
  18. F. Dupressoir, A. D. Gordon, J. Jürjens, and D. A. Naumann, “Guiding a general-purpose C verifier to prove cryptographic protocols,” Journal of Computer Security, vol. 22, no. 5, pp. 823–866, 2014. View at Publisher · View at Google Scholar · View at Scopus
  19. F. Dupressoir, Proving C Programs Secure with General-Purpose Verification Tools [Ph.D. thesis], thesis Open University, 2013.
  20. L. Jia, S. Sen, D. Garg, and A. Datta, “A logic of programs with interface-confined code,” in Proceedings of the 28th IEEE Computer Security Foundations Symposium, (CSF '15), pp. 512–525, IEEE, Verona, Italy, July 2015. View at Publisher · View at Google Scholar · View at Scopus
  21. C. Fournet, C. Keller, and V. Laporte, “A certified compiler for verifiable computing,” in Proceedings of the 29th IEEE Computer Security Foundations Symposium, (CSF '16), IEEE, Lisbon, Portugal, July 2016. View at Publisher · View at Google Scholar · View at Scopus
  22. B. Mood, D. Gupta, H. Carter, K. Butler, and P. Traynor, “Frigate: A validated, extensible, and efficient compiler and interpreter for secure computation,” in Proceedings of the 1st IEEE European Symposium on Security and Privacy, (EURO S&P), pp. 112–127, IEEE, Saarbrucken, Germany, March 2016. View at Publisher · View at Google Scholar · View at Scopus
  23. B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud et al., “A messy state of the union: taming the composite state machines of TLS,” in Proceedings of the 36th IEEE Symposium on Security and Privacy, (SP '15), pp. 535–552, San Jose, Calif, USA, May 2015. View at Publisher · View at Google Scholar · View at Scopus
  24. A. J. Mashtizadeh, A. Bittau, D. Boneh, and D. Mazières, “CCFI: Cryptographically enforced control flow integrity,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, (CCS '15), pp. 941–951, ACM, Denver, Colorado, USA, October 2015. View at Publisher · View at Google Scholar · View at Scopus
  25. R. Brooks, B. Husain, S. Yun, and J. Deng, “Security and performance evaluation of security protocols,” in Proceedings of the 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, (CSIIRW '13), ACM, Oak Ridge, Tennessee, USA, January 2013. View at Publisher · View at Google Scholar · View at Scopus
  26. E. M. Clarke, “My 27-year Quest to Overcome the State Explosion Problem,” in Proceedings of the 24th Annual IEEE Sympon Longic in Computer Science (LICS '09), IEEE, Los Angeles, Calif, USA, August 2009. View at Publisher · View at Google Scholar
  27. “ITU-TS, Recommendation Z.120:Message Sequnce Chart(MSC)ITU-TS, Genva (1999)”.
  28. Cas Cremers, Sjouke Mauw.Operational Semantics and Verification of Security Protocols, Springer, berlin, Germany, 2012.
  29. L. Kaufman and P. Rousseeuw, Finding Groups in Data: An Introduction to Cluster Analysis, John Wiley & Sons, Canada, 2005.
  30. M. M. Deza and E. Deza, Encyclopedia of distances, Springer-Verlag, Berlin, Germany, 2009. View at Publisher · View at Google Scholar · View at MathSciNet
  31. M. Conti, N. Dragoni, and V. Lesyk, “A survey of man in the middle attacks,” IEEE Communications Surveys and Tutorials, vol. 18, no. 3, pp. 2027–2051, 2016. View at Publisher · View at Google Scholar · View at Scopus
  32. S. A. Menesidou, D. Vardalis, and V. Katos, “Automated key exchange protocol evaluation in delay tolerant networks,” Computers and Security, vol. 59, pp. 1–8, 2016. View at Publisher · View at Google Scholar · View at Scopus
  33. A. C. Yao, M. Yung, and Y. Zhao, “Concurrent knowledge extraction in public-key models,” Journal of Cryptology. The Journal of the International Association for Cryptologic Research, vol. 29, no. 1, pp. 156–219, 2016. View at Publisher · View at Google Scholar · View at MathSciNet