Martijn Oostdijk, Vlad Rusu, Jan Tretmans, René G. de Vries, Tim A. C. Willemse. Integrating Verification, Testing, and Learning for Cryptographic Protocols. In Jim Davies, Jeremy Gibbons, editors, Integrated Formal Methods, 6th International Conference, IFM 2007, Oxford, UK, July 2-5, 2007, Proceedings. Volume 4591 of Lecture Notes in Computer Science, pages 538-557, Springer, 2007. [doi]
The verification of cryptographic protocol specifications is an active research topic and has received much attention from the formal verification community. By contrast, the black-box testing of actual implementations of protocols, which is, arguably, as important as verification for ensuring the correct functioning of protocols in the “real†world, is little studied. We propose an approach for checking secrecy and authenticity properties not only on protocol specifications, but also on black-box implementations. The approach is compositional and integrates ideas from verification, testing, and learning. It is illustrated on the Basic Access Control protocol implemented in biometric passports.
Available at http://hal.inria.fr/docs/00/56/42/31/PDF/2007-IFM.pdf