Reference : Experience report: How to extract security protocols’ specifications from C libraries
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/36266
Experience report: How to extract security protocols’ specifications from C libraries
English
Vazquez Sandoval, Itzel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Lenzini, Gabriele mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Jun-2018
2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Volume 2
IEEE
719-724
Yes
International
978-1-5386-2666-5
COMPSAC 2018: 42nd IEEE International Conference on Computers, Software and Applications
23-27 July 2018
IEEE
[en] Security protocol specifications ; formal manalysis ; C reverse engineering
[en] Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little or no help from the developers to better understand it. Security protocols implementations frequently use services provided by libraries coded in the C programming language; automatic tools for codelevel reverse engineering offer good support to comprehend the behavior of code in object-oriented languages but are ineffective to deal with libraries in C. Here we propose a systematic, yet human-dependent approach, which combines the capabilities of state-of-the-art tools in order to help the analyst to retrieve, step by step, the security protocol specifications from a library in C. Those specifications can then be used to create the formal model needed to carry out the analysis.
http://hdl.handle.net/10993/36266
10.1109/COMPSAC.2018.10325
https://doi.org/10.1109/COMPSAC.2018.10325

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
11307.pdfAuthor postprint261.37 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.