Model Learning and Model Checking of SSH Implementations

P. Fiterau-Brostean, Toon Lenaerts, E. Poll, J. de Ruiter, F.W. Vaandrager, and P. Verleg. Model Learning and Model Checking of SSH Implementations. In Proceedings 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software, 13-14 July 2017, Santa Barbara, CA, USA, pages 142-151. ACM, NY, 2017.

Abstract

We apply model learning on three SSH implementations to infer state machine models, and then use model checking to verify that these models satisfy basic security properties and conform to the RFCs. Our analysis showed that all tested SSH server models satisfy the stated security properties. However, our analysis uncovered several violations of the standard.

Local copy (pdf)
Published version
Presentation (pdf)
Source code and data