Model based security verification of protocol implementation

Abstract

Finite transition models such as Automata, Labeled Transition System, have been widely used to model and analyze the complex system and protocol implementations. Those methods model the systems with states and transitions, and present them with a reachable graph. Properties of the systems such as conformance, robustness, and interoperability, can be verified through the test cases, which are generated from those reachable graphs. But these methods are still hard to adopt the requirements of security protocols, because first of all, in the classic definition of transition model, the non-negligible security properties (such as nonce, encryption etc.) cannot be described and analyzed. In addition, security protocols usually need to concern the malicious actions from the probable intruders, which is also an obstacle to classical transition based modeling. In this article, we firstly extend the standard Input Output Labeled Transition System (IOLTS) model to a secure and glued IOLTS (SG IOLTS) model, which can include security properties and their associated security functions. Then we propose a general finite intruder model, which makes the final reachable graph of the whole system contains the malicious actions from intruders. A corresponding algorithm for automatic test generation is also given and an example of verifying Needham-Schroeder-Lowe (NSL) protocol is proposed in the end.