Extracting the Reference Test Suites from Cryptographic Protocol Specifications Written on a Domain-Specific Language

The paper describes a tool for testing the security of cryptographic protocol implementations working on the basis of specifications written in a declarative interoperable domain-specific language implemented as EDSL (Embedded [in Haskell] DSL). The problem of forming high-quality reference test suites for testing the security of cryptoprotocol implementations is considered. A method of addressing this problem within the tool being developed is discussed.

1. H. Kario. Tlsfuzzer. Available at: https://github.com/tomato42/tlsfuzzer, accessed 10.11.2023.

2. M. Ammann, L. Hirschi, S. Kremer. DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing. https://eprint.iacr.org/2023/057.

3. Пакулин Н.В., Шнитман В.З., Никешин А.В. Разработка тестового набора для верификации реализаций протокола безопасности TLS // Труды Института системного программирования РАН, том 23, 2012 г., стр. 387-404.

4. Kenneth L. McMillan and Lenore D. Zuck. 2019. Formal specification and testing of QUIC. In Proceedings of ACM Special Interest Group on Data Communication (SIGCOMM’19). ACM, New York, NY, USA, 14 pages.

5. ABZ – International Conference on Rigorous State Based Methods, Available at: https://abz-conf.org, accessed 10.11.2023.

6. Прокопьев С.Е. Формальный язык первичных спецификаций криптографических протоколов. Труды ИСП РАН. 2021;33(5):117-136. https://doi.org/10.15514/ISPRAS-2021-33(5)-7.

7. Prokopev, S. Cryptographic protocol conformance testing based on domain-specific state machine. J Comput Virol Hack Tech (2023). https://doi.org/10.1007/s11416-023-00474-1.