Telecom Reporting Solution
In this paper, the authors consider the validation of security protocols, whose aim is to ensure some security properties when the communication medium is not reliable. The goal is to uncover protocol vulnerabilities that an attacker can exploit and cause security failures. Their approach uses a fault injector to inject attacks into a communication system and observe whether the security properties are violated. One of the key problems is: how to generate successful attacks that will indicate the existence of vulnerabilities? They propose an approach that is similar to model-based testing, as they derive attack scenarios from an attack model representing known attacks to the protocol under test.