CISPA
Browse

SpecMon: Modular Black-Box Runtime Monitoring of Security Protocols

Download (1.67 MB)
conference contribution
posted on 2025-01-03, 11:48 authored by Kevin MorioKevin Morio, Robert KünnemannRobert Künnemann
This work addresses the verification gap between formal protocol specifications and their real-world implementations by monitoring compliance with formal specifications. We achieve this by instrumenting the networking and cryptographic libraries used by applications to generate event streams, even without access to the source code. An efficient algorithm is then employed to match these event streams against valid traces defined in the formal specification. Unlike previous approaches, our algorithm is capable of handling non-determinism, allowing it to support multiple concurrent sessions. Furthermore, our method introduces minimal overhead, as demonstrated through experiments on the WireGuard userspace implementation and a case study based on prior work. Notably, we find that the reference Tamarin model for WireGuard requires only minor adjustments, such as defining wire formats and correcting small inaccuracies uncovered during our case study. Finally, we provide formal proofs of soundness and completeness for our algorithm, ensuring that it accepts only valid event streams according to the specification and guarantees that all such valid streams are recognized.

History

Editor

Luo B ; Liao X ; Xu J ; Kirda E ; Lie D

Primary Research Area

  • Reliable Security Guarantees

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

CISPA Affiliation

  • Yes

Journal

CCS

Page Range

2741-2755

Publisher

Association for Computing Machinery (ACM)

Open Access Type

  • Unknown

BibTeX

@conference{Morio:Künnemann:2024, title = "SpecMon: Modular Black-Box Runtime Monitoring of Security Protocols", author = "Morio, Kevin" AND "Künnemann, Robert", editor = "Luo, Bo" AND "Liao, Xiaojing" AND "Xu, Jun" AND "Kirda, Engin" AND "Lie, David", year = 2024, month = 12, journal = "CCS", pages = "2741--2755", publisher = "Association for Computing Machinery (ACM)", doi = "10.1145/3658644.3690197" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC