Servicio de Información Comunitario sobre Investigación y Desarrollo - CORDIS

Environment for the automatic validation of security protocols

The AVISPA Tool is a modular environment for the automatic validation of Internet security protocols and applications. The tool can be employed by external users thanks to the web-interface accessible from the project website (URL:, and it is also downloadable as a single "package'' to be installed on the users' local machines.

The tool takes as input a specification of a security problem written in AVISPA's High-Level Protocol Specification Language HLPSL (that is, it takes as input the specification of a security protocol and of a security property that the protocol should satisfy) and gives in output the results of the analysis by the four different back-ends of the tool. Users can also select to have only one of the back-ends perform the analysis.

More specifically, specifications of security protocols and properties written HLPSL are automatically translated (by the translator HLPSL2IF) into Intermediate Format (IF) specifications, which are then given as input to the different back-ends of the AVISPA Tool: OFMC, CL-AtSe, SATMC, and TA4SP. The back-ends implement a variety of analysis techniques, ranging from falsification (that is, searching for protocol attacks), to bounded verification (that is, proving that the input protocol correctly satisfies the input property in a bounded execution scenario specified by the user), and to unbounded verification. In the latter case, abstraction techniques allow the tool to prove whether protocols satisfy secrecy properties in unbounded execution scenarios, but this comes at the cost of preventing the detection of attacks in some protocols. The IF also provides the interface via which other protocol analysis tools can be connected to the AVISPA environment.

Whenever it terminates, each back-end of the AVISPA Tool outputs the result of its analysis using a common and precisely defined format stating whether the input problem was solved (positively or negatively), some of the system resources were exhausted, or the problem was not tackled by the required back-end for some reason. The results are output in AVISPA's Output Format, so that protocol attacks can then also be represented graphically, in the form of message sequence charts or as postscript files.

In order to assess proof-of-concept the strength of the AVISPA tool, we have defined the AVISPA library, a set of formalised security problems (protocols and security properties) drawn from Internet protocols that have recently been standardised or are currently undergoing standardisation by industry and standardisation organisations. The experiments that we have carried out on the library during the project demonstrate that the AVISPA Tool is a state-of-the-art protocol analysis tool in terms of coverage (number of different security problems that can be specified), effectiveness (number of different security problems that can be analysed), and performance (amount of time required for the analysis). The AVISPA Tool has been able to re-discover all known attacks to protocols in the library as well as find a number of new attacks.

All the project partners will continue to develop the AVISPA technologies and tools: we plan to strengthen the current environment (that is, extending the specification languages and the back-ends) and apply it to a wider spectrum of problems. In particular, we plan to scale up AVISPA from the validation of protocols to the modular design and validation of composed security services, focussing in particular on the development of a framework for the formal specification of security requirements, the formal analysis of security services, and their composition in an automated and validated way.

Información relacionada

Reported by

DIST, U. of Genova
Viale Causa 13
16145 Genova
See on map
Síganos en: RSS Facebook Twitter YouTube Gestionado por la Oficina de Publicaciones de la UE Arriba