ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Automatic verification of the TLS handshake protocol
Full text PdfPdf (214 KB)
Source Symposium on Applied Computing archive
Proceedings of the 2004 ACM symposium on Applied computing table of contents
Nicosia, Cyprus
SESSION: Electronic commerce technologies (ECT) table of contents
Pages: 789 - 794  
Year of Publication: 2004
ISBN:1-58113-812-1
Authors
Gregorio Díaz  University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
Fernando Cuartero  University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
Valentín Valero  University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
Fernando Pelayo  University of Castilla-La Mancha, Campus Universitario, Albacete, Spain
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 14,   Downloads (12 Months): 55,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/967900.968063
What is a DOI?

ABSTRACT

E-commerce is based on transactions between client and server agents. These transactions require a protocol that provides privacy and reliability between these two agents. A widely used protocol on e-commerce is Transport Layer Security (TLS). In this paper we present a way to use Formal Methods to ensure the e-commerce properties of this protocol. Specifically we use a known tool for Model Checking (UPPAAL) to describe and analyze the behaviour of the protocol (by means of timed automata). Thus, with this tool we can make an automatic verification of TLS.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
J. Bengtsson, K. Larsen, F. Larsson, P. Pettersson, Yi Wang, and C. Weise, New Generation of UPPAAL, Int. Workshop on Software Tools for Technology Transfer, June 1998.
 
2
Dominique Bolignano, Towards the Formal Verification of Electronic Commerce Protocols, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.133, June 10-12, 1997
 
3
Philippa Broadfoot and Gavin Lowe, On distributed security transactions that use secure transport protocols, 2003.
 
4
G. Díaz, D. Cazorla, F. Pelayo, F. Cuartero, and V. Valero, Verifying and capturing probabilistic bechaviours of real-time systems, 19th Annual UK Performance Engineering Workshop, 2003.
 
5
Internet Engineering Task Force, The tls protocol version 1.1, work in progress (June 2003), http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-05.txt.
 
6
K. Larsen, P. Pettersson, and Wang Yi, UPPAAL in a Nutshell, Int. Journal on Software Tools for Technology Transfer 1 (1997), no. 1--2, 134--152.
 
7
K. G. Larsen , F. Larsson , P. Pettersson , W. Yi, Efficient verification of real-time systems: compact data structure and state-space reduction, Proceedings of the 18th IEEE Real-Time Systems Symposium (RTSS '97), p.14, December 03-05, 1997
 
8
G. Lowe, Towards a Completeness Result for Model Checking of Security Protocols, Proceedings of the 11th IEEE Computer Security Foundations Workshop, p.96, June 09-11, 1998
 
9
A. Roscoe, Proving Security Protocols with Model Checkers by Data Independence Techniques, Proceedings of the 11th IEEE Computer Security Foundations Workshop, p.84, June 09-11, 1998
 
10
P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, and B. Roscoe, Modelling and analysis of security protocols, Addison Wesley, 2001.

CITED BY  3
G. Diaz , K. Larsen , J. Pardo , F. Cuartero , V. Valero, An approach to handle real time and probabilistic behaviors in e-commerce: validating the SET protocol, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Richard Lai , Tony Tsang, Timed verification of the reliable adaptive multicast protocol, Journal of Systems and Software, v.80 n.2, p.224-239, February, 2007
Octavian Udrea , Cristian Lumezanu , Jeffrey S. Foster, Rule-based static analysis of network protocol implementations, Information and Computation, v.206 n.2-4, p.130-157, February, 2008

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.4 Electronic Commerce

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols

  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.4 Software/Program Verification


Keywords:
authentication protocols, authentication protocols and model checking, e-Commerce, security, system verification and model checking

Collaborative Colleagues:
Gregorio Díaz: colleagues
Fernando Cuartero: colleagues
Valentín Valero: colleagues
Fernando Pelayo: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player