ASPIER: An Automated Framework for Verifying Security Protocol Implementations

Download Now Free registration required

Executive Summary

The authors present ASPIER - the first framework that combines software model checking with a standard protocol security model to analyze authentication and secrecy properties of protocol implementations in an automated manner. ASPIER incorporates a standard symbolic attacker model and provides analogous guarantees about protocol implementations as previous work does for protocol specifications. They have implemented ASPIER and used it to verify authentication and secrecy properties of a part of an industrial strength protocol implementation - the handshake in OpenSSL 0.9.6c - for configurations consisting of up to 3 servers and 3 clients.

  • Format: PDF
  • Size: 290 KB