Saved in:
Bibliographic Details
Main Authors: Künnemann, Robert, Biehl, Julian
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2410.01568
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912055735353344
author Künnemann, Robert
Biehl, Julian
author_facet Künnemann, Robert
Biehl, Julian
contents Proof-of-concept exploits help demonstrate software vulnerability beyond doubt and communicate attacks to non-experts. But exploits can be configuration-specific, for example when in Security APIs, where keys are set up specifically for the application and enterprise the API serves. In this work, we show how to automatically derive proof-of-concept exploits against Security APIs using formal methods. We extend the popular protocol verifier ProVerif with a language-agnostic template mechanism. Employing program snippets attached to steps in the model, we can transform attack traces (which ProVerif typically finds automatically) into programs. Our method is general, flexible and convenient. We demonstrate its use for the W3C Web Cryptography API, for PKCS#11 and for the YubiHSM2, providing the first formal model of the latter.
format Preprint
id arxiv_https___arxiv_org_abs_2410_01568
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Adaptive Exploit Generation against Security Devices and Security APIs
Künnemann, Robert
Biehl, Julian
Cryptography and Security
Proof-of-concept exploits help demonstrate software vulnerability beyond doubt and communicate attacks to non-experts. But exploits can be configuration-specific, for example when in Security APIs, where keys are set up specifically for the application and enterprise the API serves. In this work, we show how to automatically derive proof-of-concept exploits against Security APIs using formal methods. We extend the popular protocol verifier ProVerif with a language-agnostic template mechanism. Employing program snippets attached to steps in the model, we can transform attack traces (which ProVerif typically finds automatically) into programs. Our method is general, flexible and convenient. We demonstrate its use for the W3C Web Cryptography API, for PKCS#11 and for the YubiHSM2, providing the first formal model of the latter.
title Adaptive Exploit Generation against Security Devices and Security APIs
topic Cryptography and Security
url https://arxiv.org/abs/2410.01568