The Simple Authentication and Security Layer (SASL) is a framework for enabling application protocols to support authentication, integrity and confidentiality services. The SASL was originally specified in RFC 2222, and later updated in RFC 4422, using natural language. However, due to the richness of natural language this involves ambiguities and imprecision. Whilst there is an Oracle implementation of SASL, its documentation also contains informal descriptions and under-defined specifications of the RFCs. This paper provides clarification of ambiguity in SASL using Abstract State Machines (ASMs). This clarification is based on two ASM essential notions: a ground model to capture the intended SASL behavior in an understandable way, and a refinement notion to accurately explicate the ambiguous parts of the behavior. We also show some differences between RFCs and the description of the Oracle implementation. We believe our work can serve as a basis for further implementation and for formal analysis.
If you cannot see the document below, the PDF document is most likely not freely accessible. In this case, please try to access the document via this link.
% BibTex
@inproceedings{Al-ShareefiLD18,
author = {Farah Al{-}Shareefi and
Alexei Lisitsa and
Clare Dixon},
editor = {Michael J. Butler and
Alexander Raschke and
Thai Son Hoang and
Klaus Reichl},
title = {Clarification of Ambiguity for the Simple Authentication and Security
Layer},
booktitle = {Abstract State Machines, Alloy, B, TLA, VDM, and {Z} - 6th International
Conference, {ABZ} 2018, Southampton, UK, June 5-8, 2018, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {10817},
pages = {189--203},
publisher = {Springer},
year = {2018},
url = {https://doi.org/10.1007/978-3-319-91271-4\_13},
doi = {10.1007/978-3-319-91271-4\_13},
timestamp = {Sun, 02 Oct 2022 15:55:03 +0200},
biburl = {https://dblp.org/rec/conf/asm/Al-ShareefiLD18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}