- Created multi-protocol attack detection script.
This commit is contained in:
ccremers
parent
e2aca6f3ce
commit
1aabf79f08
@ -6,7 +6,7 @@ import Term
|
|||||||
|
|
||||||
class Claim(object):
|
class Claim(object):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.id = None # a unique id string, like 'ns3,r,r3'
|
self.id = None # a unique id string, consisting of 'protocol,label'
|
||||||
self.claimtype = None
|
self.claimtype = None
|
||||||
self.label = None
|
self.label = None
|
||||||
self.shortlabel = None
|
self.shortlabel = None
|
||||||
@ -36,7 +36,7 @@ class Claim(object):
|
|||||||
self.shortlabel = label
|
self.shortlabel = label
|
||||||
|
|
||||||
# determine id
|
# determine id
|
||||||
self.id = "%s,%s,%s" % (self.protocol,self.role,self.shortlabel)
|
self.id = "%s,%s" % (self.protocol,self.shortlabel)
|
||||||
|
|
||||||
# some additional properties
|
# some additional properties
|
||||||
if str(self.claimtype) == 'Reachable':
|
if str(self.claimtype) == 'Reachable':
|
||||||
|
|||||||
BIN
gui/bin/scyther
BIN
gui/bin/scyther
Binary file not shown.
51
gui/mpa.py
51
gui/mpa.py
@ -8,9 +8,16 @@ Test script to execute multi-protocol attacks on some test set.
|
|||||||
|
|
||||||
import Scyther
|
import Scyther
|
||||||
|
|
||||||
def MyScyther(protocollist):
|
def MyScyther(protocollist,filter=None):
|
||||||
|
"""
|
||||||
|
Evaluate the composition of the protocols in protocollist.
|
||||||
|
If there is a filter, i.e. "ns3,I1" then only this specific claim
|
||||||
|
will be evaluated.
|
||||||
|
"""
|
||||||
s = Scyther.Scyther()
|
s = Scyther.Scyther()
|
||||||
s.options = "-m2"
|
s.options = "--match=2"
|
||||||
|
if filter:
|
||||||
|
s.options += " --filter=%s" % (filter)
|
||||||
for protocol in protocollist:
|
for protocol in protocollist:
|
||||||
s.addFile(protocol)
|
s.addFile(protocol)
|
||||||
s.verify()
|
s.verify()
|
||||||
@ -20,48 +27,52 @@ def getCorrectIsolatedClaims(protocolset):
|
|||||||
"""
|
"""
|
||||||
Given a set of protocols, determine the correct claims when run in
|
Given a set of protocols, determine the correct claims when run in
|
||||||
isolation.
|
isolation.
|
||||||
Returns a list of tuples (protocol,claimid)
|
Returns a tuple, consisting of
|
||||||
|
- a list of compiling protocols
|
||||||
|
- a list of tuples (protocol,claimid) wich denote correct claims
|
||||||
"""
|
"""
|
||||||
correct = []
|
correctclaims = []
|
||||||
|
goodprotocols = []
|
||||||
for protocol in protocolset:
|
for protocol in protocolset:
|
||||||
# verify protocol in isolation
|
# verify protocol in isolation
|
||||||
s = MyScyther([protocol])
|
s = MyScyther([protocol])
|
||||||
# investigate the results
|
# investigate the results
|
||||||
for claim in s.claims:
|
if not s.errors:
|
||||||
if claim.okay:
|
goodprotocols.append(protocol)
|
||||||
correct.append((protocol,claim.id))
|
for claim in s.claims:
|
||||||
return correct
|
if claim.okay:
|
||||||
|
correctclaims.append((protocol,claim.id))
|
||||||
|
return (goodprotocols,correctclaims)
|
||||||
|
|
||||||
def findMPA(protocolset,protocol,claimid,maxcount=3):
|
def findMPA(protocolset,protocol,claimid,maxcount=3):
|
||||||
"""
|
"""
|
||||||
The protocol claim is assumed to be correct. When does it break?
|
The protocol claim is assumed to be correct. When does it break?
|
||||||
"""
|
"""
|
||||||
count = 2
|
count = 2
|
||||||
|
if len(protocolset) < maxcount:
|
||||||
|
maxcount = len(protocolset)
|
||||||
|
|
||||||
def verifyMPAlist(mpalist):
|
def verifyMPAlist(mpalist):
|
||||||
# This should be a more restricted verification
|
# This should be a more restricted verification
|
||||||
print "verifying %s" % mpalist
|
s = MyScyther(mpalist,claimid)
|
||||||
s = MyScyther(mpalist)
|
|
||||||
cl = s.getClaim(claimid)
|
cl = s.getClaim(claimid)
|
||||||
if cl:
|
if cl:
|
||||||
if not cl.okay:
|
if not cl.okay:
|
||||||
# This is an MPA attack!
|
# This is an MPA attack!
|
||||||
print "Attack!"
|
print "I've found a multi-protocol attack on claim %s in the context %s." % (claimid,str(mpalist))
|
||||||
return mpalist
|
return mpalist
|
||||||
return None
|
|
||||||
|
|
||||||
def constructMPAlist(mpalist,callback):
|
def constructMPAlist(mpalist,start,callback):
|
||||||
if len(mpalist) < count:
|
if len(mpalist) < count:
|
||||||
for p in protocolset:
|
for pn in range(start,len(protocolset)):
|
||||||
|
p = protocolset[pn]
|
||||||
if p not in mpalist:
|
if p not in mpalist:
|
||||||
return constructMPAlist(mpalist + [p],callback)
|
constructMPAlist(mpalist + [p],pn+1,callback)
|
||||||
else:
|
else:
|
||||||
return callback(mpalist)
|
callback(mpalist)
|
||||||
|
|
||||||
while count <= maxcount:
|
while count <= maxcount:
|
||||||
mpalist = constructMPAlist([protocol],verifyMPAlist)
|
constructMPAlist([protocol],0,verifyMPAlist)
|
||||||
if mpalist:
|
|
||||||
return mpalist
|
|
||||||
count += 1
|
count += 1
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@ -69,7 +80,7 @@ def findAllMPA(protocolset,maxcount=3):
|
|||||||
"""
|
"""
|
||||||
Given a set of protocols, find multi-protocol attacks
|
Given a set of protocols, find multi-protocol attacks
|
||||||
"""
|
"""
|
||||||
correct = getCorrectIsolatedClaims(protocolset)
|
(protocolset,correct) = getCorrectIsolatedClaims(protocolset)
|
||||||
print correct
|
print correct
|
||||||
for (protocol,claimid) in correct:
|
for (protocol,claimid) in correct:
|
||||||
mpalist = findMPA(protocolset,protocol,claimid,maxcount=3)
|
mpalist = findMPA(protocolset,protocol,claimid,maxcount=3)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user