National University of Singapore
"Ideally, security protocol implementations should be formally verified before they are deployed. However, this is not true in practice. Numerous high-profile vulnerabilities have been found in web authentication protocol implementations, especially in Single-Sign On (SSO) protocols implementations recently. Much of the prior work on authentication protocol verification has focused on theoretical foundations and building scalable verification tools for checking manually-crafted specifications. In this paper, the authors address a complementary problem of automatically extracting specifications from implementations. They propose AUTHSCAN, an end-to-end platform to automatically recover authentication protocol specifications from their implementations."