Security protocols, properties, and their monitoring

Andreas Bauer*, Jan Jürjens

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    11 Citations (Scopus)

    Abstract

    This paper examines the suitability and use of runtime verification as means for monitoring security protocols and their properties. In particular, we employ the runtime verification framework introduced in [5] to monitor complex, history-based security-properties of the SSL-protocol. We give a detailed account of the methodology, compare its formal expressiveness to prior art, and describe its application to an open-source Java-implementation of the SSL-protocol. In particular, we show how one can make use of runtime verification to dynamically enforce that assumptions on the crypto-protocol implementations (that are commonly made when statically verifying crypto-protocol specifications against security requirements) are actually satisfied in a given protocol implementation at runtime. Our analysis of these properties shows that some important runtime correctness properties of the SSL-protocol exceed the commonly used class of safety properties, and as such also the expressiveness of other monitoring frameworks.

    Original languageEnglish
    Title of host publication30th International Conference on Software Engineering, ICSE 2008 Co-located Workshops - Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, SESS'08
    Pages33-40
    Number of pages8
    DOIs
    Publication statusPublished - 2008
    Event30th International Conference on Software Engineering, ICSE 2008 - 4th International Workshop on Software Engineering for Secure Systems, SESS'08 - Leipzig, Germany
    Duration: 17 May 200818 May 2008

    Publication series

    NameProceedings - International Conference on Software Engineering
    ISSN (Print)0270-5257

    Conference

    Conference30th International Conference on Software Engineering, ICSE 2008 - 4th International Workshop on Software Engineering for Secure Systems, SESS'08
    Country/TerritoryGermany
    CityLeipzig
    Period17/05/0818/05/08

    Fingerprint

    Dive into the research topics of 'Security protocols, properties, and their monitoring'. Together they form a unique fingerprint.

    Cite this