SPLIT - Security Protocol Interaction Testing in Practice

Most of today's protocols for secure communication have not been thoroughly tested and we have witnessed some astonishing discoveries regarding flaws or backdoors in their implementations (e.g. Heartbleed bug, NSA BULLRUN project). The main research question of this proposal is whether model-based and combinatorial interaction testing can advance the state of the art of secure software development, e.g. security testing, in terms of finding and exploiting new vulnerabilities within the context of information security. For this purpose we consider mainly security protocols, like TLS/SSL, SSH and IKE. For carrying out the SPLIT project the aims of the team as a whole are i) to develop new approaches and methods in model-based testing and combinatorial testing, and ii) to use and combine these methods to automate security testing in the context of software development This project will contribute substantially towards protecting the information of communicating parties in a digitally connected society by providing quality assurance of security protocols and thus ensuring the privacy of the respective users. Moreover, the project will also contribute to the international efforts currently being carried out by the academic and industrial community to provide bug-free and secure communication protocols for society.