| Automatic verification of the TLS handshake protocol |
| Full text |
 Pdf
(214 KB)
|
| Source
|
Symposium on Applied Computing
archive
Proceedings of the 2004 ACM symposium on Applied computing
table of contents
Nicosia, Cyprus
SESSION: Electronic commerce technologies (ECT)
table of contents
Pages: 789 - 794
Year of Publication: 2004
ISBN:1-58113-812-1
|
|
Authors
|
|
Gregorio Díaz
|
University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
|
|
Fernando Cuartero
|
University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
|
|
Valentín Valero
|
University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
|
|
Fernando Pelayo
|
University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
|
|
| Sponsor |
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 4, Downloads (12 Months): 34, Citation Count: 3
|
|
|
 ABSTRACT
E-commerce is based on transactions between client and server agents. These transactions require a protocol that provides privacy and reliability between these two agents. A widely used protocol on e-commerce is Transport Layer Security (TLS). In this paper we present a way to use Formal Methods to ensure the e-commerce properties of this protocol. Specifically we use a known tool for Model Checking (UPPAAL) to describe and analyze the behaviour of the protocol (by means of timed automata). Thus, with this tool we can make an automatic verification of TLS.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
J. Bengtsson, K. Larsen, F. Larsson, P. Pettersson, Yi Wang, and C. Weise, New Generation of UPPAAL, Int. Workshop on Software Tools for Technology Transfer, June 1998.
|
| |
2
|
|
| |
3
|
Philippa Broadfoot and Gavin Lowe, On distributed security transactions that use secure transport protocols, 2003.
|
| |
4
|
G. Díaz, D. Cazorla, F. Pelayo, F. Cuartero, and V. Valero, Verifying and capturing probabilistic bechaviours of real-time systems, 19th Annual UK Performance Engineering Workshop, 2003.
|
| |
5
|
Internet Engineering Task Force, The tls protocol version 1.1, work in progress (June 2003), http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-05.txt.
|
| |
6
|
K. Larsen, P. Pettersson, and Wang Yi, UPPAAL in a Nutshell, Int. Journal on Software Tools for Technology Transfer 1 (1997), no. 1--2, 134--152.
|
| |
7
|
|
| |
8
|
|
| |
9
|
|
| |
10
|
P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, and B. Roscoe, Modelling and analysis of security protocols, Addison Wesley, 2001.
|
CITED BY 3
|
G. Diaz , K. Larsen , J. Pardo , F. Cuartero , V. Valero, An approach to handle real time and probabilistic behaviors in e-commerce: validating the SET protocol, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
|
|
|
|
|
|
|
Peer to Peer - Readers of this Article have also read:
-
Web application security assessment by fault injection and behavior monitoring
Proceedings of the 12th international conference on World Wide Web
Yao-Wen Huang
, Shih-Kun Huang
, Tsung-Po Lin
, Chung-Hung Tsai
-
Data structures for quadtree approximation and compression
Communications of the ACM
28, 9
Hanan Samet
-
A hierarchical single-key-lock access control using the Chinese remainder theorem
Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee
, Huizhu Lu
, D. D. Fisher
-
The GemStone object database management system
Communications of the ACM
34, 10
Paul Butterworth
, Allen Otis
, Jacob Stein
-
Putting innovation to work: adoption strategies for multimedia communication systems
Communications of the ACM
34, 12
Ellen Francik
, Susan Ehrlich Rudman
, Donna Cooper
, Stephen Levine
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
K.4