Clarification of Ambiguity for the Simple Authentication and Security Layer



Al-Shareefi, Farah ORCID: 0000-0002-5537-6086, Lisitsa, Alexei and Dixon, Clare ORCID: 0000-0002-4610-9533
(2018) Clarification of Ambiguity for the Simple Authentication and Security Layer. In: 6th International ABZ Conference ASM, Alloy, B, TLA, VDM, Z, 2018, 2018-6-5 - 2018-6-8, Southampton, UK.

[img] Text
paper_20.pdf - Author Accepted Manuscript

Download (707kB)

Abstract

The Simple Authentication and Security Layer (SASL) is a framework for enabling application protocols to support authentication, integrity and confidentiality services. The SASL was originally specified in RFC 2222, and later updated in RFC 4422, using natural language. However, due to the richness of natural language this involves ambiguities and imprecision. Whilst there is an Oracle implementation of SASL, its documentation also contains informal descriptions and under-defined specifications of the RFCs. This paper provides clarification of ambiguity in SASL using Abstract State Machines (ASMs). This clarification is based on two ASM essential notions: a ground model to capture the intended SASL behavior in an understandable way, and a refinement notion to accurately explicate the ambiguous parts of the behavior. We also show some differences between RFCs and the description of the Oracle implementation. We believe our work can serve as a basis for further implementation and for formal analysis.

Item Type: Conference or Workshop Item (Unspecified)
Depositing User: Symplectic Admin
Date Deposited: 22 Mar 2018 16:19
Last Modified: 19 Jan 2023 06:38
DOI: 10.1007/978-3-319-91271-4_13
Related URLs:
URI: https://livrepository.liverpool.ac.uk/id/eprint/3019347