Expanding test script for full MPA analysis.
This commit is contained in:
parent
fcf694dbd9
commit
96e52a3724
123
gui/test-mpa.py
123
gui/test-mpa.py
@ -32,23 +32,44 @@ Author: Cas Cremers
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
from Scyther import Scyther
|
from Scyther import Scyther
|
||||||
|
import time
|
||||||
|
try:
|
||||||
|
from progressbar import *
|
||||||
|
PROGRESSBAR = True
|
||||||
|
except ImportError:
|
||||||
|
from progressbarDummy import *
|
||||||
|
PROGRESSBAR = False
|
||||||
|
print """
|
||||||
|
Missing the progressbar library.
|
||||||
|
|
||||||
def MyScyther(protocollist,filter=None):
|
It can be downloaded from:
|
||||||
|
|
||||||
|
http://code.google.com/p/python-progressbar/
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
def MyScyther(protocollist,filt=None,options=None):
|
||||||
"""
|
"""
|
||||||
Evaluate the composition of the protocols in protocollist.
|
Evaluate the composition of the protocols in protocollist.
|
||||||
If there is a filter, i.e. "ns3,I1" then only this specific claim
|
If there is a filter, i.e. "ns3,I1" then only this specific claim
|
||||||
will be evaluated.
|
will be evaluated.
|
||||||
"""
|
"""
|
||||||
s = Scyther.Scyther()
|
s = Scyther.Scyther()
|
||||||
# untyped matching
|
|
||||||
s.options = "--match=2"
|
if options == None:
|
||||||
|
# untyped matching
|
||||||
|
s.options = "--match=2"
|
||||||
|
else:
|
||||||
|
s.options = options
|
||||||
|
|
||||||
for protocol in protocollist:
|
for protocol in protocollist:
|
||||||
s.addFile(protocol)
|
s.addFile(protocol)
|
||||||
s.verifyOne(filter)
|
s.verifyOne(filt)
|
||||||
return s
|
return s
|
||||||
|
|
||||||
|
|
||||||
def getCorrectIsolatedClaims(protocolset):
|
def getCorrectIsolatedClaims(protocolset,options=None):
|
||||||
"""
|
"""
|
||||||
Given a set of protocols, determine the correct claims when run in
|
Given a set of protocols, determine the correct claims when run in
|
||||||
isolation.
|
isolation.
|
||||||
@ -58,17 +79,28 @@ def getCorrectIsolatedClaims(protocolset):
|
|||||||
"""
|
"""
|
||||||
correctclaims = []
|
correctclaims = []
|
||||||
goodprotocols = []
|
goodprotocols = []
|
||||||
|
|
||||||
|
widgets = ['Scanning for claims that are correct in isolation: ', Percentage(), ' ',
|
||||||
|
Bar(marker='#',left='[',right=']')
|
||||||
|
]
|
||||||
|
pbar = ProgressBar(widgets=widgets, maxval=len(protocolset))
|
||||||
|
pbar.start()
|
||||||
|
count = 0
|
||||||
for protocol in protocolset:
|
for protocol in protocolset:
|
||||||
# verify protocol in isolation
|
# verify protocol in isolation
|
||||||
s = MyScyther([protocol])
|
s = MyScyther([protocol],options=options)
|
||||||
# investigate the results
|
# investigate the results
|
||||||
goodprotocols.append(protocol)
|
goodprotocols.append(protocol)
|
||||||
for claim in s.claims:
|
for claim in s.claims:
|
||||||
if claim.okay:
|
if claim.okay:
|
||||||
correctclaims.append((protocol,claim.id))
|
correctclaims.append((protocol,claim.id))
|
||||||
|
count += 1
|
||||||
|
pbar.update(count)
|
||||||
|
pbar.finish()
|
||||||
return (goodprotocols,correctclaims)
|
return (goodprotocols,correctclaims)
|
||||||
|
|
||||||
def verifyMPAlist(mpalist,claimid):
|
|
||||||
|
def verifyMPAlist(mpalist,claimid,options=None):
|
||||||
"""
|
"""
|
||||||
Verify the existence of an attack in this context
|
Verify the existence of an attack in this context
|
||||||
|
|
||||||
@ -76,7 +108,8 @@ def verifyMPAlist(mpalist,claimid):
|
|||||||
needed for the iteration later.
|
needed for the iteration later.
|
||||||
"""
|
"""
|
||||||
# This should be a more restricted verification
|
# This should be a more restricted verification
|
||||||
s = MyScyther(mpalist,claimid)
|
print time.asctime(), mpalist, claimid, options # [DEBUG]
|
||||||
|
s = MyScyther(mpalist,claimid,options)
|
||||||
claim = s.getClaim(claimid)
|
claim = s.getClaim(claimid)
|
||||||
if claim:
|
if claim:
|
||||||
if not claim.okay:
|
if not claim.okay:
|
||||||
@ -87,7 +120,7 @@ def verifyMPAlist(mpalist,claimid):
|
|||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
def constructMPAlist(protocolset,claimid,mpalist,length,start,callback):
|
def constructMPAlist(protocolset,claimid,mpalist,length,start,callback,options=None):
|
||||||
"""
|
"""
|
||||||
Append a list of parallel protocols, without duplicates,
|
Append a list of parallel protocols, without duplicates,
|
||||||
such that the added part is lexicographically ordered (from
|
such that the added part is lexicographically ordered (from
|
||||||
@ -101,15 +134,15 @@ def constructMPAlist(protocolset,claimid,mpalist,length,start,callback):
|
|||||||
for pn in range(start,len(protocolset)):
|
for pn in range(start,len(protocolset)):
|
||||||
p = protocolset[pn]
|
p = protocolset[pn]
|
||||||
if p not in mpalist:
|
if p not in mpalist:
|
||||||
if not constructMPAlist(protocolset,claimid,mpalist + [p],length,pn+1,callback):
|
if not constructMPAlist(protocolset,claimid,mpalist + [p],length,pn+1,callback,options=options):
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
# list is long enough: callback
|
# list is long enough: callback
|
||||||
return callback(mpalist,claimid)
|
return callback(mpalist,claimid,options)
|
||||||
|
|
||||||
|
|
||||||
def findMPA(protocolset,protocol,claimid,maxcount=3):
|
def findMPA(protocolset,protocol,claimid,maxcount=3,options=None):
|
||||||
"""
|
"""
|
||||||
The protocol claim is assumed to be correct. When does it break?
|
The protocol claim is assumed to be correct. When does it break?
|
||||||
"""
|
"""
|
||||||
@ -125,37 +158,87 @@ def findMPA(protocolset,protocol,claimid,maxcount=3):
|
|||||||
|
|
||||||
# the actual incremental search loop
|
# the actual incremental search loop
|
||||||
while count <= maxcount:
|
while count <= maxcount:
|
||||||
constructMPAlist(protocolset,claimid,[protocol],count,0,verifyMPAlist)
|
constructMPAlist(protocolset,claimid,[protocol],count,0,verifyMPAlist,options)
|
||||||
count += 1
|
count += 1
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def findAllMPA(protocolset,maxcount=3):
|
def findAllMPA(protocolset,maxcount=3,options=None):
|
||||||
"""
|
"""
|
||||||
Given a set of protocols, find multi-protocol attacks
|
Given a set of protocols, find multi-protocol attacks
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Find all correct claims in each protocol
|
# Find all correct claims in each protocol
|
||||||
(protocolset,correct) = getCorrectIsolatedClaims(protocolset)
|
(protocolset,correct) = getCorrectIsolatedClaims(protocolset,options)
|
||||||
|
print "We found %i correct claims." % (len(correct))
|
||||||
# For all these claims...
|
# For all these claims...
|
||||||
|
widgets = ['Scanning for MPA attacks: ', Percentage(), ' ',
|
||||||
|
Bar(marker='#',left='[',right=']')
|
||||||
|
]
|
||||||
|
pbar = ProgressBar(widgets=widgets, maxval=len(correct))
|
||||||
|
pbar.start()
|
||||||
|
count = 0
|
||||||
for (protocol,claimid) in correct:
|
for (protocol,claimid) in correct:
|
||||||
# Try to find multi-protocol attacks
|
# Try to find multi-protocol attacks
|
||||||
findMPA(protocolset,protocol,claimid,maxcount=3)
|
findMPA(protocolset,protocol,claimid,maxcount,options)
|
||||||
|
count += 1
|
||||||
|
pbar.update(count)
|
||||||
|
pbar.finish()
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def bigTest():
|
||||||
|
"""
|
||||||
|
Perform the tests as reported in the book.
|
||||||
|
"""
|
||||||
|
import os
|
||||||
|
|
||||||
|
testpath = "Protocols/MultiProtocolAttacks/"
|
||||||
|
fl = os.listdir(testpath)
|
||||||
|
nl = []
|
||||||
|
for fn in fl:
|
||||||
|
if fn.endswith(".spdl"):
|
||||||
|
nl.append(fn)
|
||||||
|
|
||||||
|
# Report list
|
||||||
|
print "Performing multi-protocol analysis for the following protocols:", nl
|
||||||
|
|
||||||
|
# Prepend again the path
|
||||||
|
l = []
|
||||||
|
for fn in nl:
|
||||||
|
l.append(testpath+fn)
|
||||||
|
|
||||||
|
defopts = "--max-runs=3 -T 360"
|
||||||
|
|
||||||
|
# First typed
|
||||||
|
print "Scanning without type flaws"
|
||||||
|
findAllMPA(l,maxcount=2,options = defopts + " --match=0")
|
||||||
|
# Basic type flaws
|
||||||
|
print "Scanning for basic type flaws"
|
||||||
|
findAllMPA(l,maxcount=2,options = defopts + " --match=1")
|
||||||
|
# All type flaws
|
||||||
|
print "Scanning for any type flaws"
|
||||||
|
findAllMPA(l,maxcount=2,options = defopts + " --match=2")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def simpleTest():
|
||||||
"""
|
"""
|
||||||
Simple test case with a few protocols
|
Simple test case with a few protocols
|
||||||
"""
|
"""
|
||||||
|
|
||||||
list = ['nsl3-broken.spdl','ns3.spdl','nsl3.spdl']
|
l = ['nsl3-broken.spdl','ns3.spdl','nsl3.spdl']
|
||||||
print "Performing multi-protocol analysis for the following protocols:", list
|
print "Performing multi-protocol analysis for the following protocols:", l
|
||||||
print
|
print
|
||||||
findAllMPA(list)
|
findAllMPA(l)
|
||||||
print
|
print
|
||||||
print "Analysis complete."
|
print "Analysis complete."
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
bigTest()
|
||||||
|
#simpleTest()
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main()
|
main()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user