Property Guided Secure Configuration Space Search

You Li; Kaiyu Hou; Yunqi He; Yan Chen; Hai Zhou

doi:10.1007/978-3-031-75764-8_8

Property Guided Secure Configuration Space Search

You Li^*, Kaiyu Hou, Yunqi He, Yan Chen, Hai Zhou

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Complex reactive systems such as 5G cellular networks must have flexible configuration options to fit different deployment scenarios. However, not every possible configuration combination is risk-free. Some of them may lead to availability issues or even security vulnerabilities. Asking the system engineers to check each configuration via model checking for every deployment or re-configuration is impractical if not impossible. In this paper, we propose the concept of secure configuration space and develop a symbolic model checking algorithm, INCISE, to compute a large configuration space for a given reactive system. Such a space will be characterized by a logical condition (e.g., a Boolean formula). A system engineer can check any candidate configuration against the condition with a single SAT query to know whether it is secure. The target properties could be general safety and liveness properties. The algorithm enjoys the same benefits including efficiency and expressiveness as modern symbolic model checkers. We demonstrate the algorithm’s performance on industrial benchmarks and leverage it to address security issues in cellular network protocols.

Original language	English (US)
Title of host publication	Information Security - 27th International Conference, ISC 2024, Proceedings
Editors	Nicky Mouha, Nick Nikiforakis
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	140-160
Number of pages	21
ISBN (Print)	9783031757631
DOIs	https://doi.org/10.1007/978-3-031-75764-8_8
State	Published - 2025
Event	27th Information Security Conference, ISC 2024 - Arlington, United States Duration: Oct 23 2024 → Oct 25 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	15258 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th Information Security Conference, ISC 2024
Country/Territory	United States
City	Arlington
Period	10/23/24 → 10/25/24

Funding

This work was partially supported by the National Science Foundation (NSF) under grants 2113704, 2148177, and 2229454. Any opinions, recommendations, or findings are those of the authors and do not reflect the views of Alibaba Cloud.

Keywords

Formal analysis
Network system and protocol
Secure configuration space
Symbolic model checking

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-75764-8_8

Cite this

Li, Y., Hou, K., He, Y., Chen, Y., & Zhou, H. (2025). Property Guided Secure Configuration Space Search. In N. Mouha, & N. Nikiforakis (Eds.), Information Security - 27th International Conference, ISC 2024, Proceedings (pp. 140-160). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15258 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-75764-8_8

Li, You ; Hou, Kaiyu ; He, Yunqi et al. / Property Guided Secure Configuration Space Search. Information Security - 27th International Conference, ISC 2024, Proceedings. editor / Nicky Mouha ; Nick Nikiforakis. Springer Science and Business Media Deutschland GmbH, 2025. pp. 140-160 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{2cfdc89174fb4630b7117fd4d50290af,

title = "Property Guided Secure Configuration Space Search",

abstract = "Complex reactive systems such as 5G cellular networks must have flexible configuration options to fit different deployment scenarios. However, not every possible configuration combination is risk-free. Some of them may lead to availability issues or even security vulnerabilities. Asking the system engineers to check each configuration via model checking for every deployment or re-configuration is impractical if not impossible. In this paper, we propose the concept of secure configuration space and develop a symbolic model checking algorithm, INCISE, to compute a large configuration space for a given reactive system. Such a space will be characterized by a logical condition (e.g., a Boolean formula). A system engineer can check any candidate configuration against the condition with a single SAT query to know whether it is secure. The target properties could be general safety and liveness properties. The algorithm enjoys the same benefits including efficiency and expressiveness as modern symbolic model checkers. We demonstrate the algorithm{\textquoteright}s performance on industrial benchmarks and leverage it to address security issues in cellular network protocols.",

keywords = "Formal analysis, Network system and protocol, Secure configuration space, Symbolic model checking",

author = "You Li and Kaiyu Hou and Yunqi He and Yan Chen and Hai Zhou",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 27th Information Security Conference, ISC 2024 ; Conference date: 23-10-2024 Through 25-10-2024",

year = "2025",

doi = "10.1007/978-3-031-75764-8_8",

language = "English (US)",

isbn = "9783031757631",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "140--160",

editor = "Nicky Mouha and Nick Nikiforakis",

booktitle = "Information Security - 27th International Conference, ISC 2024, Proceedings",

address = "Germany",

}

Li, Y, Hou, K, He, Y, Chen, Y & Zhou, H 2025, Property Guided Secure Configuration Space Search. in N Mouha & N Nikiforakis (eds), Information Security - 27th International Conference, ISC 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 15258 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 140-160, 27th Information Security Conference, ISC 2024, Arlington, United States, 10/23/24. https://doi.org/10.1007/978-3-031-75764-8_8

Property Guided Secure Configuration Space Search. / Li, You; Hou, Kaiyu; He, Yunqi et al.
Information Security - 27th International Conference, ISC 2024, Proceedings. ed. / Nicky Mouha; Nick Nikiforakis. Springer Science and Business Media Deutschland GmbH, 2025. p. 140-160 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15258 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Property Guided Secure Configuration Space Search

AU - Li, You

AU - Hou, Kaiyu

AU - He, Yunqi

AU - Chen, Yan

AU - Zhou, Hai

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025

Y1 - 2025

N2 - Complex reactive systems such as 5G cellular networks must have flexible configuration options to fit different deployment scenarios. However, not every possible configuration combination is risk-free. Some of them may lead to availability issues or even security vulnerabilities. Asking the system engineers to check each configuration via model checking for every deployment or re-configuration is impractical if not impossible. In this paper, we propose the concept of secure configuration space and develop a symbolic model checking algorithm, INCISE, to compute a large configuration space for a given reactive system. Such a space will be characterized by a logical condition (e.g., a Boolean formula). A system engineer can check any candidate configuration against the condition with a single SAT query to know whether it is secure. The target properties could be general safety and liveness properties. The algorithm enjoys the same benefits including efficiency and expressiveness as modern symbolic model checkers. We demonstrate the algorithm’s performance on industrial benchmarks and leverage it to address security issues in cellular network protocols.

AB - Complex reactive systems such as 5G cellular networks must have flexible configuration options to fit different deployment scenarios. However, not every possible configuration combination is risk-free. Some of them may lead to availability issues or even security vulnerabilities. Asking the system engineers to check each configuration via model checking for every deployment or re-configuration is impractical if not impossible. In this paper, we propose the concept of secure configuration space and develop a symbolic model checking algorithm, INCISE, to compute a large configuration space for a given reactive system. Such a space will be characterized by a logical condition (e.g., a Boolean formula). A system engineer can check any candidate configuration against the condition with a single SAT query to know whether it is secure. The target properties could be general safety and liveness properties. The algorithm enjoys the same benefits including efficiency and expressiveness as modern symbolic model checkers. We demonstrate the algorithm’s performance on industrial benchmarks and leverage it to address security issues in cellular network protocols.

KW - Formal analysis

KW - Network system and protocol

KW - Secure configuration space

KW - Symbolic model checking

UR - http://www.scopus.com/inward/record.url?scp=85208432053&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85208432053&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-75764-8_8

DO - 10.1007/978-3-031-75764-8_8

M3 - Conference contribution

AN - SCOPUS:85208432053

SN - 9783031757631

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 140

EP - 160

BT - Information Security - 27th International Conference, ISC 2024, Proceedings

A2 - Mouha, Nicky

A2 - Nikiforakis, Nick

PB - Springer Science and Business Media Deutschland GmbH

T2 - 27th Information Security Conference, ISC 2024

Y2 - 23 October 2024 through 25 October 2024

ER -

Li Y, Hou K, He Y, Chen Y , Zhou H. Property Guided Secure Configuration Space Search. In Mouha N, Nikiforakis N, editors, Information Security - 27th International Conference, ISC 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 140-160. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-75764-8_8

Property Guided Secure Configuration Space Search

Abstract

Publication series

Conference

Funding

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this