synchronous/korg-paper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more

Browse Source
This commit is contained in:
JakeGinesin
2024-12-03 17:35:01 -05:00
parent b636781367
commit 673782c888
17 changed files with 2417 additions and 2175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
main.bib
View File

@@ -1,3 +1,5 @@
@article{Proverif, title={ProVerif 2.05: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial}, author={Blanchet, Bruno and Smyth, Ben and Cheval, Vincent and Sylvestre, Marc}, language={en} }
@inproceedings{Pacheco2022, address={San Francisco, CA, USA}, title={Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents}, ISBN={978-1-66541-316-9}, url={https://ieeexplore.ieee.org/document/9833673/}, DOI={10.1109/SP46214.2022.9833673}, abstractNote={Automated attack discovery techniques, such as attacker synthesis or model-based fuzzing, provide powerful ways to ensure network protocols operate correctly and securely. Such techniques, in general, require a formal representation of the protocol, often in the form of a finite state machine (FSM). Unfortunately, many protocols are only described in English prose, and implementing even a simple network protocol as an FSM is time-consuming and prone to subtle logical errors. Automatically extracting protocol FSMs from documentation can significantly contribute to increased use of these techniques and result in more robust and secure protocol implementations.}, booktitle={2022 IEEE Symposium on Security and Privacy (SP)}, publisher={IEEE}, author={Pacheco, Maria Leonor and Hippel, Max Von and Weintraub, Ben and Goldwasser, Dan and Nita-Rotaru, Cristina}, year={2022}, month=may, pages={5168}, language={en} }
@article{Hippel2022_anonym,
@@ -41,7 +43,6 @@ concurrent finite-state programs.}, publisher={IEEE Computer Society}, author={V
@article{Basin_Cremers_Dreier_Sasse_2022, title={Tamarin: Verification of Large-Scale, Real-World, Cryptographic Protocols}, volume={20}, rights={https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html}, ISSN={1540-7993, 1558-4046}, DOI={10.1109/MSEC.2022.3154689}, abstractNote={Tamarin is a mature, state-of-the-art tool for cryptographic protocol verification. We introduce Tamarin and survey some of the larger, tour-de-force results achieved with it. We also show how Tamarin can formalize a wide range of protocols, adversary models, and properties, and scale to substantial, real-world, verification problems.}, number={3}, journal={IEEE Security \& Privacy}, author={Basin, David and Cremers, Cas and Dreier, Jannik and Sasse, Ralf}, year={2022}, month=may, pages={2432}, language={en} }
@article{Blanchet_Smyth_Cheval_Sylvestre, title={ProVerif 2.05: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial}, author={Blanchet, Bruno and Smyth, Ben and Cheval, Vincent and Sylvestre, Marc}, language={en} }
@article{Kobeissi_Nicolas_Tiwari, title={Verifpal: Cryptographic Protocol Analysis for the Real World}, abstractNote={Verifpal is a new automated modeling framework and verifier for cryptographic protocols, optimized with heuristics for common-case protocol specifications, that aims to work better for real-world practitioners, students and engineers without sacrificing comprehensive formal verification features. In order to achieve this, Verifpal introduces a new, intuitive language for modeling protocols that is easier to write and understand than the languages employed by existing tools. Its formal verification paradigm is also designed explicitly to provide protocol modeling that avoids user error. Verifpal is able to model protocols under an active attacker with unbounded sessions and fresh values, and supports queries for advanced security properties such as forward secrecy or key compromise impersonation. Furthermore, Verifpals semantics have been formalized within the Coq theorem prover, and Verifpal models can be automatically translated into Coq as well as into ProVerif models for further verification. Verifpal has already been used to verify security properties for Signal, Scuttlebutt, TLS 1.3 as well as the first formal model for the DP-3T pandemic-tracing protocol, which we present in this work. Through Verifpal, we show that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.}, author={Kobeissi, Nadim and Nicolas, Georgio and Tiwari, Mukesh}, language={en} }
@@ -80,3 +81,43 @@ concurrent finite-state programs.}, publisher={IEEE Computer Society}, author={V
@article{Holzmann_Smith_2000, title={Automating software feature verification}, volume={5}, ISSN={1538-7305}, DOI={10.1002/bltj.2223}, abstractNote={A significant part of the call processing software for Lucents new PathStar™ Access Server was checked with formal verification techniques. The verification system we built for this purpose, named FeaVer, is accessed via a standard Web browser. The system maintains a database of feature requirements, together with the results of the most recently performed verifications. Via the browser the user can invoke new verification runs, which are performed in the background with the help of a logic model checking tool. Requirement violations are reported either as high-level message sequence charts or as detailed execution traces of the system source. A main strength of the system is its capability to detect potential feature interaction problems at an early stage of systems design. This type of problem is difficult to detect with traditional testing techniques. Error reports are typically generated by the system within minutes after a comprehensive check is initiated, allowing near-interactive probing of feature requirements and quick confirmation (or rejection) of the validity of tentative software fixes.}, number={2}, journal={Bell Labs Technical Journal}, author={Holzmann, Gerard J. and Smith, Margaret H.}, year={2000}, pages={7287}, language={en} }
@inproceedings{mcp, address={Grenoble, France}, title={Model checking programs}, ISBN={978-0-7695-0710-1}, url={http://ieeexplore.ieee.org/document/873645/}, DOI={10.1109/ASE.2000.873645}, abstractNote={The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers. In this paper we will attempt to give convincing arguments for why we believe it is time for the formal methods community to shift some of its attention towards the analysis of programs written in modern programming languages. In keeping with this philosophy we have developed a verification and testing environment for Java, called Java PathFinder (JPF), which integrates model checking, program analysis and testing. Part of this work has consisted of building a new Java Virtual Machine that interprets Java bytecode. JPF uses state compression to handle big states, and partial order and symmetry reduction, slicing, abstraction, and runtime analysis techniques to reduce the state space. JPF has been applied to a real-time avionics operating system developed at Honeywell, illustrating an intricate error, and to a model of a spacecraft controller, illustrating the combination of abstraction, runtime analysis, and slicing with model checking.}, booktitle={Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering}, publisher={IEEE}, author={Visser, W. and Havelund, K. and Brat, G. and Seungjoon Park}, year={2000}, pages={311}, language={en} }
@misc{wayne_adversaries,
author = {Hillel Wayne},
title = {Modeling Adversaries with TLA+},
year = {2019},
url = {https://www.hillelwayne.com/post/adversaries/},
note = {Accessed: 2024-12-03},
howpublished = {\url{https://www.hillelwayne.com/post/adversaries/}}
}
@article{Pereira, title={EasyCrypt - a (brief) tutorial}, author={Pereira, Vitor}, language={en} }
@article{Kobeissi_Nicolas_Tiwari, title={Verifpal: Cryptographic Protocol Analysis for the Real World}, abstractNote={Verifpal is a new automated modeling framework and verifier for cryptographic protocols, optimized with heuristics for common-case protocol specifications, that aims to work better for real-world practitioners, students and engineers without sacrificing comprehensive formal verification features. In order to achieve this, Verifpal introduces a new, intuitive language for modeling protocols that is easier to write and understand than the languages employed by existing tools. Its formal verification paradigm is also designed explicitly to provide protocol modeling that avoids user error. Verifpal is able to model protocols under an active attacker with unbounded sessions and fresh values, and supports queries for advanced security properties such as forward secrecy or key compromise impersonation. Furthermore, Verifpals semantics have been formalized within the Coq theorem prover, and Verifpal models can be automatically translated into Coq as well as into ProVerif models for further verification. Verifpal has already been used to verify security properties for Signal, Scuttlebutt, TLS 1.3 as well as the first formal model for the DP-3T pandemic-tracing protocol, which we present in this work. Through Verifpal, we show that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.}, author={Kobeissi, Nadim and Nicolas, Georgio and Tiwari, Mukesh}, language={en} }
@inbook{Cremers, address={Berlin, Heidelberg}, series={Lecture Notes in Computer Science}, title={The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols}, volume={5123}, ISBN={978-3-540-70543-7}, ISSN={0302-9743, 1611-3349}, url={http://link.springer.com/10.1007/978-3-540-70545-1_38}, DOI={10.1007/978-3-540-70545-1_38}, booktitle={Computer Aided Verification}, publisher={Springer Berlin Heidelberg}, author={Cremers, Cas J. F.}, editor={Gupta, Aarti and Malik, Sharad}, year={2008}, pages={414418}, collection={Lecture Notes in Computer Science}, language={en} }
@article{Tamarin, title={Tamarin: Verification of Large-Scale, Real-World, Cryptographic Protocols}, volume={20}, rights={https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html}, ISSN={1540-7993, 1558-4046}, DOI={10.1109/MSEC.2022.3154689}, abstractNote={Tamarin is a mature, state-of-the-art tool for cryptographic protocol verification. We introduce Tamarin and survey some of the larger, tour-de-force results achieved with it. We also show how Tamarin can formalize a wide range of protocols, adversary models, and properties, and scale to substantial, real-world, verification problems.}, number={3}, journal={IEEE Security \& Privacy}, author={Basin, David and Cremers, Cas and Dreier, Jannik and Sasse, Ralf}, year={2022}, month=may, pages={2432}, language={en} }
@inproceedings{ParnoSOK, title={SoK: Computer-Aided Cryptography}, ISSN={2375-1207}, url={https://ieeexplore.ieee.org/document/9519449/?arnumber=9519449}, DOI={10.1109/SP40001.2021.00008}, abstractNote={Computer-aided cryptography is an active area of research that develops and applies formal, machine-checkable approaches to the design, analysis, and implementation of cryptography. We present a cross-cutting systematization of the computer-aided cryptography literature, focusing on three main areas: (i) design-level security (both symbolic security and computational security), (ii) functional correctness and efficiency, and (iii) implementation-level security (with a focus on digital side-channel resistance). In each area, we first clarify the role of computer-aided cryptography—how it can help and what the caveats are—in addressing current challenges. We next present a taxonomy of state-of-the-art tools, comparing their accuracy, scope, trustworthiness, and usability. Then, we highlight their main achievements, trade-offs, and research challenges. After covering the three main areas, we present two case studies. First, we study efforts in combining tools focused on different areas to consolidate the guarantees they can provide. Second, we distill the lessons learned from the computer-aided cryptography communitys involvement in the TLS 1.3 standardization effort. Finally, we conclude with recommendations to paper authors, tool developers, and standardization bodies moving forward.}, booktitle={2021 IEEE Symposium on Security and Privacy (SP)}, author={Barbosa, Manuel and Barthe, Gilles and Bhargavan, Karthik and Blanchet, Bruno and Cremers, Cas and Liao, Kevin and Parno, Bryan}, year={2021}, month=may, pages={777795} }
@article{Castro_Liskov_2002, title={Practical byzantine fault tolerance and proactive recovery}, volume={20}, ISSN={0734-2071, 1557-7333}, DOI={10.1145/571637.571640}, abstractNote={Our growing reliance on online services accessible on the Internet demands highly available systems that provide correct service without interruptions. Software bugs, operator mistakes, and malicious attacks are a major cause of service interruptions and they can cause arbitrary behavior, that is, Byzantine faults. This article describes a new replication algorithm, BFT, that can be used to build highly available systems that tolerate Byzantine faults. BFT can be used in practice to implement real services: it performs well, it is safe in asynchronous environments such as the Internet, it incorporates mechanisms to defend against Byzantine-faulty clients, and it recovers replicas proactively. The recovery mechanism allows the algorithm to tolerate any number of faults over the lifetime of the system provided fewer than 1/3 of the replicas become faulty within a small window of vulnerability. BFT has been implemented as a generic program library with a simple interface. We used the library to implement the first Byzantine-fault-tolerant NFS file system, BFS. The BFT library and BFS perform well because the library incorporates several important optimizations, the most important of which is the use of symmetric cryptography to authenticate messages. The performance results show that BFS performs 2% faster to 24% slower than production implementations of the NFS protocol that are not replicated. This supports our claim that the BFT library can be used to build practical systems that tolerate Byzantine faults.}, number={4}, journal={ACM Transactions on Computer Systems}, author={Castro, Miguel and Liskov, Barbara}, year={2002}, month=nov, pages={398461}, language={en} }
@inproceedings{Henda, address={San Jose CA USA}, title={Generic and efficient attacker models in SPIN}, ISBN={978-1-4503-2452-6}, url={https://dl.acm.org/doi/10.1145/2632362.2632378}, DOI={10.1145/2632362.2632378}, abstractNote={In telecommunication networks, it is common that security protocol procedures rely on context information and other parameters of the global system state. Current security verification tools are well suited for analyzing protocols in isolation and it is not clear how they can be used for protocols intended to be run in more “dynamic” settings. Think of protocol procedures sharing parameters, arbitrarily interleaved or used as building blocks in more complex compound procedures. SPIN is a well established general purpose verification tool that has good support for modeling such systems. In contrast to specialized tools, SPIN lacks support for cryptographic primitives and intruder model which are necessary for checking security properties. We consider a special class of security protocols that fit well in the SPIN framework. Our modeling method is systematic, generic and efficient enough so that SPIN could find all the expected attacks on several of the classical key distribution protocols.}, booktitle={Proceedings of the 2014 International SPIN Symposium on Model Checking of Software}, publisher={ACM}, author={Ben Henda, Noomene}, year={2014}, month=jul, pages={7786}, language={en} }
@article{Ginesin, title={A Formal Analysis of SCTP: Attack Synthesis and Patch Verification}, url={http://arxiv.org/abs/2403.05663}, abstractNote={SCTP is a transport protocol offering features such as multi-homing, multi-streaming, and message-oriented delivery. Its two main implementations were subjected to conformance tests using the PacketDrill tool. Conformance testing is not exhaustive and a recent vulnerability (CVE-2021-3772) showed SCTP is not immune to attacks. Changes addressing the vulnerability were implemented, but the question remains whether other flaws might persist in the protocol design. We study the security of the SCTP design, taking a rigorous approach rooted in formal methods. We create a formal Promela model of SCTP, and define 10 properties capturing the essential protocol functionality based on its RFC specification and consultation with the lead RFC author. Then we show using the Spin model checker that our model satisfies these properties. We define 4 attacker models - Off-Path, where the attacker is an outsider that can spoof the port and IP of a peer; Evil-Server, where the attacker is a malicious peer; Replay, where an attacker can capture and replay, but not modify, packets; and On-Path, where the attacker controls the channel between peers. We modify an attack synthesis tool designed for transport protocols, Korg, to support our SCTP model and four attacker models. We synthesize 14 unique attacks using the attacker models - including the CVE vulnerability in the Off-Path attacker model, 4 attacks in the Evil-Server attacker model, an opportunistic ABORT attack in the Replay attacker model, and eight connection manipulation attacks in the On-Path attacker model. We show that the proposed patch eliminates the vulnerability and does not introduce new ones according to our model and protocol properties. Finally, we identify and analyze an ambiguity in the RFC, which we show can be interpreted insecurely. We propose an erratum and show that it eliminates the ambiguity.}, note={arXiv:2403.05663 [cs]}, number={arXiv:2403.05663}, publisher={arXiv}, author={Ginesin, Jacob and von Hippel, Max and Defloor, Evan and Nita-Rotaru, Cristina and Tüxen, Michael}, year={2024}, month=mar }
@inproceedings{TCPwn, address={San Diego, CA}, title={Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach}, ISBN={978-1-891562-49-5}, url={https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_02A-1_Jero_paper.pdf}, DOI={10.14722/ndss.2018.23115}, abstractNote={One of the most important goals of TCP is to ensure fairness and prevent congestion collapse by implementing congestion control. Various attacks against TCP congestion control have been reported over the years, most of which have been discovered through manual analysis. In this paper, we propose an automated method that combines the generality of implementation-agnostic fuzzing with the precision of runtime analysis to find attacks against implementations of TCP congestion control. It uses a model-guided approach to generate abstract attack strategies, by leveraging a state machine model of TCP congestion control to find vulnerable state machine paths that an attacker could exploit to increase or decrease the throughput of a connection to his advantage. These abstract strategies are then mapped to concrete attack strategies, which consist of sequences of actions such as injection or modification of acknowledgements and a logical time for injection. We design and implement a virtualized platform, TCPWN, that consists of a a proxy-based attack injector and a TCP congestion control state tracker that uses only network traffic to create and inject these concrete attack strategies. We evaluated 5 TCP implementations from 4 Linux distributions and Windows 8.1. Overall, we found 11 classes of attacks, of which 8 are new.}, booktitle={Proceedings 2018 Network and Distributed System Security Symposium}, publisher={Internet Society}, author={Jero, Samuel and Hoque, Endadul and Choffnes, David and Mislove, Alan and Nita-Rotaru, Cristina}, year={2018}, language={en} }
@inbook{Khan_Mukund_Suresh_2005, address={Berlin, Heidelberg}, series={Lecture Notes in Computer Science}, title={Generic Verification of Security Protocols}, volume={3639}, ISBN={978-3-540-28195-5}, url={http://link.springer.com/10.1007/11537328_18}, DOI={10.1007/11537328_18}, abstractNote={Security protocols are notoriously difficult to debug. One approach to the automatic verification of security protocols with a bounded set of agents uses logic programming with analysis and synthesis rules to describe how the attacker gains information and constructs new messages.}, booktitle={Model Checking Software}, publisher={Springer Berlin Heidelberg}, author={Khan, Abdul Sahid and Mukund, Madhavan and Suresh, S. P.}, editor={Godefroid, Patrice}, year={2005}, pages={221235}, collection={Lecture Notes in Computer Science}, language={en} }
@article{Clarke_Wang, title={25 Years of Model Checking}, abstractNote={Model Checking is an automatic verification technique for large state transition systems. It was originally developed for reasoning about finite-state concurrent systems. The technique has been used successfully to debug complex computer hardware, communication protocols, and software. It is beginning to be used for analyzing cyberphysical, biological, and financial systems as well. The major challenge for the technique is a phenomenon called the State Explosion Problem. This issue is impossible to avoid in the worst case; but, by using sophisticated data structures and clever search algorithms, it is now possible to verify state transition systems with an astronomical number of states. In this paper, we will briefly review the development of Model Checking over the past 32 years, with an emphasis on model checking stochastic hybrid systems.}, author={Clarke, Edmund M and Wang, Qinsi}, language={en} }
@inbook{Basin_Cremers_Meadows_2018, address={Cham}, title={Model Checking Security Protocols}, ISBN={978-3-319-10574-1}, url={http://link.springer.com/10.1007/978-3-319-10575-8_22}, DOI={10.1007/978-3-319-10575-8_22}, booktitle={Handbook of Model Checking}, publisher={Springer International Publishing}, author={Basin, David and Cremers, Cas and Meadows, Catherine}, editor={Clarke, Edmund M. and Henzinger, Thomas A. and Veith, Helmut and Bloem, Roderick}, year={2018}, pages={727762}, language={en} }
@inbook{Basin_Mödersheim_Viganò_2003, address={Berlin, Heidelberg}, series={Lecture Notes in Computer Science}, title={An On-the-Fly Model-Checker for Security Protocol Analysis}, volume={2808}, rights={http://www.springer.com/tdm}, ISBN={978-3-540-20300-1}, url={http://link.springer.com/10.1007/978-3-540-39650-5_15}, DOI={10.1007/978-3-540-39650-5_15}, abstractNote={We introduce the on-the-fly model-checker OFMC, a tool that combines two ideas for analyzing security protocols based on lazy, demand-driven search. The first is the use of lazy data-types as a simple way of building efficient on-the-fly model checkers for protocols with infinite state spaces. The second is the integration of symbolic techniques and optimizations for modeling a lazy Dolev-Yao intruder, whose actions are generated in a demand-driven way. We present both techniques, along with optimizations and proofs of correctness and completeness.}, booktitle={Computer Security ESORICS 2003}, publisher={Springer Berlin Heidelberg}, author={Basin, David and Mödersheim, Sebastian and Viganò, Luca}, editor={Snekkenes, Einar and Gollmann, Dieter}, year={2003}, pages={253270}, collection={Lecture Notes in Computer Science}, language={en} }
@inproceedings{Narayana_Chen_Zhao_Chen_Fu_Zhou_2006, title={Automatic Vulnerability Checking of IEEE 802.16 WiMAX Protocols through TLA+}, url={https://ieeexplore.ieee.org/document/4110436/?arnumber=4110436}, DOI={10.1109/NPSEC.2006.320346}, abstractNote={Vulnerability analysis is indispensably the first step towards securing a network protocol, but currently remains mostly a best effort manual process with no completeness guarantee. Formal methods are proposed for vulnerability analysis and most existing work focus on security properties such as perfect forwarding secrecy and correctness of authentication. However, it remains unclear how to apply these methods to analyze more subtle vulnerabilities such as denial-of-service (DoS) attacks. To address this challenge, in this paper, we propose use of TLA+ to automatically check DoS vulnerability of network protocols with completeness guarantee. In particular, we develop new schemes to avoid state space explosion in property checking and to model attackers capabilities for finding realistic attacks. As a case study, we successfully identify threats to IEEE 802.16 air interface protocols.}, booktitle={2006 2nd IEEE Workshop on Secure Network Protocols}, author={Narayana, Prasad and Chen, Ruiming and Zhao, Yao and Chen, Yan and Fu, Zhi and Zhou, Hai}, year={2006}, month=nov, pages={4449} }
@article{Delzanno_Tatarek_Traverso_2014, title={Model Checking Paxos in Spin}, volume={161}, ISSN={2075-2180}, DOI={10.4204/EPTCS.161.13}, journal={Electronic Proceedings in Theoretical Computer Science}, author={Delzanno, Giorgio and Tatarek, Michele and Traverso, Riccardo}, year={2014}, month=aug, pages={131146}, language={en} }