posted on 2023-11-29, 18:26authored byDavid Basin, Cas CremersCas Cremers, Catherine A. Meadows
The formal analysis of security protocols is a prime example of a domain where model checking has been successfully applied. Although security protocols are typically small, analysis by hand is difficult as a protocol should work even when arbitrarily many runs are interleaved and in the presence of an adversary. Specialized model-checking techniques have been developed that address both the problems of unbounded, interleaved runs and a prolific, highly nondeterministic adversary.These techniques have been implemented in model-checking tools that now scale to protocols of realistic size and can be used to aid protocol design and standardization.In this chapter, we provide an overview of the main applications of model checking in security protocol analysis. We explain the central concepts involved in the analysis of security protocols: the abstraction of messages, protocols as role automata, the adversary model, and property specification. We explain and relate the main algorithms used and describe systems based on them. We also give examples of the successful applications of model checking to protocol standards. Finally, we provide an outlook on the field: What is possible with the state of the art and what are the future challenges?
History
Preferred Citation
David Basin, Cas Cremers and Catherine Meadows. Model Checking Security Protocols. In: Handbook of Model Checking. 2018.
Primary Research Area
Reliable Security Guarantees
Secondary Research Area
Threat Detection and Defenses
Legacy Posted Date
2020-02-27
Book Title
Handbook of Model Checking
Page Range
727-762
Edition
1
Publisher
Springer Cham
Open Access Type
Unknown
BibTeX
@incollection{cispa_all_2998,
title = "Model Checking Security Protocols",
author = "Basin, David and Cremers, Cas and Meadows, Catherine A.",
booktitle="{Handbook of Model Checking}",
year="2018",
}