Heuristic Methods for Security Protocols

Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks

Analysis of security protocols as open systems

We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represent a hostile environment wherein the protocol runs and whose behavior cannot be predicted a priori. We define a language for the description of security protocols, namely Crypto-CCS, and a logical language for expressing their properties. We provide an effective verification method for security protocols which is based on a suitable extension of partial model checking. Indeed, we obtain a decidability result for the secrecy analysis of protocols with a finite number of sessions, bounded message size and new nonce generation

Specifying and Verifying Meta-Security by Means of Semantic Web Methods

In order to achieve a systematic treatment of security protocols, organizations release a number of technical briefings for describing how security incidents have to be managed. These documents can suffer semantic deficiencies, mainly due to ambiguity or different granularity levels of description and analysis. Ontological Engineering (OE) is a powerful instrument that can be applied for both, cleaning methods and knowledge in incident protocols, and specifying (meta)security requirements on protocols for solving security incidents. We also show how the ontology built from security reports can be used as the knowledge core for semantic systems in order to work with resolution incidents in a safe way. The method has been illustrated with a case studyJunta de Andalucía TIC-606