Expanding test script for full MPA analysis.

This commit is contained in:
Cas Cremers 2010-11-09 10:07:49 +01:00
parent fcf694dbd9
commit 96e52a3724

View File

@ -32,23 +32,44 @@ Author: Cas Cremers
""" """
from Scyther import Scyther from Scyther import Scyther
import time
try:
from progressbar import *
PROGRESSBAR = True
except ImportError:
from progressbarDummy import *
PROGRESSBAR = False
print """
Missing the progressbar library.
def MyScyther(protocollist,filter=None): It can be downloaded from:
http://code.google.com/p/python-progressbar/
"""
def MyScyther(protocollist,filt=None,options=None):
""" """
Evaluate the composition of the protocols in protocollist. Evaluate the composition of the protocols in protocollist.
If there is a filter, i.e. "ns3,I1" then only this specific claim If there is a filter, i.e. "ns3,I1" then only this specific claim
will be evaluated. will be evaluated.
""" """
s = Scyther.Scyther() s = Scyther.Scyther()
if options == None:
# untyped matching # untyped matching
s.options = "--match=2" s.options = "--match=2"
else:
s.options = options
for protocol in protocollist: for protocol in protocollist:
s.addFile(protocol) s.addFile(protocol)
s.verifyOne(filter) s.verifyOne(filt)
return s return s
def getCorrectIsolatedClaims(protocolset): def getCorrectIsolatedClaims(protocolset,options=None):
""" """
Given a set of protocols, determine the correct claims when run in Given a set of protocols, determine the correct claims when run in
isolation. isolation.
@ -58,17 +79,28 @@ def getCorrectIsolatedClaims(protocolset):
""" """
correctclaims = [] correctclaims = []
goodprotocols = [] goodprotocols = []
widgets = ['Scanning for claims that are correct in isolation: ', Percentage(), ' ',
Bar(marker='#',left='[',right=']')
]
pbar = ProgressBar(widgets=widgets, maxval=len(protocolset))
pbar.start()
count = 0
for protocol in protocolset: for protocol in protocolset:
# verify protocol in isolation # verify protocol in isolation
s = MyScyther([protocol]) s = MyScyther([protocol],options=options)
# investigate the results # investigate the results
goodprotocols.append(protocol) goodprotocols.append(protocol)
for claim in s.claims: for claim in s.claims:
if claim.okay: if claim.okay:
correctclaims.append((protocol,claim.id)) correctclaims.append((protocol,claim.id))
count += 1
pbar.update(count)
pbar.finish()
return (goodprotocols,correctclaims) return (goodprotocols,correctclaims)
def verifyMPAlist(mpalist,claimid):
def verifyMPAlist(mpalist,claimid,options=None):
""" """
Verify the existence of an attack in this context Verify the existence of an attack in this context
@ -76,7 +108,8 @@ def verifyMPAlist(mpalist,claimid):
needed for the iteration later. needed for the iteration later.
""" """
# This should be a more restricted verification # This should be a more restricted verification
s = MyScyther(mpalist,claimid) print time.asctime(), mpalist, claimid, options # [DEBUG]
s = MyScyther(mpalist,claimid,options)
claim = s.getClaim(claimid) claim = s.getClaim(claimid)
if claim: if claim:
if not claim.okay: if not claim.okay:
@ -87,7 +120,7 @@ def verifyMPAlist(mpalist,claimid):
return True return True
def constructMPAlist(protocolset,claimid,mpalist,length,start,callback): def constructMPAlist(protocolset,claimid,mpalist,length,start,callback,options=None):
""" """
Append a list of parallel protocols, without duplicates, Append a list of parallel protocols, without duplicates,
such that the added part is lexicographically ordered (from such that the added part is lexicographically ordered (from
@ -101,15 +134,15 @@ def constructMPAlist(protocolset,claimid,mpalist,length,start,callback):
for pn in range(start,len(protocolset)): for pn in range(start,len(protocolset)):
p = protocolset[pn] p = protocolset[pn]
if p not in mpalist: if p not in mpalist:
if not constructMPAlist(protocolset,claimid,mpalist + [p],length,pn+1,callback): if not constructMPAlist(protocolset,claimid,mpalist + [p],length,pn+1,callback,options=options):
return False return False
return True return True
else: else:
# list is long enough: callback # list is long enough: callback
return callback(mpalist,claimid) return callback(mpalist,claimid,options)
def findMPA(protocolset,protocol,claimid,maxcount=3): def findMPA(protocolset,protocol,claimid,maxcount=3,options=None):
""" """
The protocol claim is assumed to be correct. When does it break? The protocol claim is assumed to be correct. When does it break?
""" """
@ -125,37 +158,87 @@ def findMPA(protocolset,protocol,claimid,maxcount=3):
# the actual incremental search loop # the actual incremental search loop
while count <= maxcount: while count <= maxcount:
constructMPAlist(protocolset,claimid,[protocol],count,0,verifyMPAlist) constructMPAlist(protocolset,claimid,[protocol],count,0,verifyMPAlist,options)
count += 1 count += 1
return None return None
def findAllMPA(protocolset,maxcount=3): def findAllMPA(protocolset,maxcount=3,options=None):
""" """
Given a set of protocols, find multi-protocol attacks Given a set of protocols, find multi-protocol attacks
""" """
# Find all correct claims in each protocol # Find all correct claims in each protocol
(protocolset,correct) = getCorrectIsolatedClaims(protocolset) (protocolset,correct) = getCorrectIsolatedClaims(protocolset,options)
print "We found %i correct claims." % (len(correct))
# For all these claims... # For all these claims...
widgets = ['Scanning for MPA attacks: ', Percentage(), ' ',
Bar(marker='#',left='[',right=']')
]
pbar = ProgressBar(widgets=widgets, maxval=len(correct))
pbar.start()
count = 0
for (protocol,claimid) in correct: for (protocol,claimid) in correct:
# Try to find multi-protocol attacks # Try to find multi-protocol attacks
findMPA(protocolset,protocol,claimid,maxcount=3) findMPA(protocolset,protocol,claimid,maxcount,options)
count += 1
pbar.update(count)
pbar.finish()
def main(): def bigTest():
"""
Perform the tests as reported in the book.
"""
import os
testpath = "Protocols/MultiProtocolAttacks/"
fl = os.listdir(testpath)
nl = []
for fn in fl:
if fn.endswith(".spdl"):
nl.append(fn)
# Report list
print "Performing multi-protocol analysis for the following protocols:", nl
# Prepend again the path
l = []
for fn in nl:
l.append(testpath+fn)
defopts = "--max-runs=3 -T 360"
# First typed
print "Scanning without type flaws"
findAllMPA(l,maxcount=2,options = defopts + " --match=0")
# Basic type flaws
print "Scanning for basic type flaws"
findAllMPA(l,maxcount=2,options = defopts + " --match=1")
# All type flaws
print "Scanning for any type flaws"
findAllMPA(l,maxcount=2,options = defopts + " --match=2")
def simpleTest():
""" """
Simple test case with a few protocols Simple test case with a few protocols
""" """
list = ['nsl3-broken.spdl','ns3.spdl','nsl3.spdl'] l = ['nsl3-broken.spdl','ns3.spdl','nsl3.spdl']
print "Performing multi-protocol analysis for the following protocols:", list print "Performing multi-protocol analysis for the following protocols:", l
print print
findAllMPA(list) findAllMPA(l)
print print
print "Analysis complete." print "Analysis complete."
def main():
bigTest()
#simpleTest()
if __name__ == '__main__': if __name__ == '__main__':
main() main()