SPLIT - Security Protocol Interaction Testing in Practice

Project: Research project

Description

Most of today's protocols for secure communication have not been thoroughly tested and we have
witnessed some astonishing discoveries regarding flaws or backdoors in their implementations (e.g.
Heartbleed bug, NSA BULLRUN project). The main research question of this proposal is whether
model-based and combinatorial interaction testing can advance the state of the art of secure
software development, e.g. security testing, in terms of finding and exploiting new vulnerabilities
within the context of information security. For this purpose we consider mainly security protocols,
like TLS/SSL, SSH and IKE.
For carrying out the SPLIT project the aims of the team as a whole are
i) to develop new approaches and methods in model-based testing and combinatorial testing, and
ii) to use and combine these methods to automate security testing in the context of software
development
This project will contribute substantially towards protecting the information of communicating parties
in a digitally connected society by providing quality assurance of security protocols and thus
ensuring the privacy of the respective users. Moreover, the project will also contribute to the
international efforts currently being carried out by the academic and industrial community to provide
bug-free and secure communication protocols for society.
StatusFinished
Effective start/end date1/02/1631/07/18