{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T12:13:51Z","timestamp":1743077631567,"version":"3.40.3"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031757631"},{"type":"electronic","value":"9783031757648"}],"license":[{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75764-8_8","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:03:12Z","timestamp":1729594992000},"page":"140-160","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Property Guided Secure Configuration Space Search"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2632-3804","authenticated-orcid":false,"given":"You","family":"Li","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7551-1345","authenticated-orcid":false,"given":"Kaiyu","family":"Hou","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1108-089X","authenticated-orcid":false,"given":"Yunqi","family":"He","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4103-1498","authenticated-orcid":false,"given":"Yan","family":"Chen","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4824-7179","authenticated-orcid":false,"given":"Hai","family":"Zhou","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,17]]},"reference":[{"key":"8_CR1","unstructured":"3GPP: Formal Analysis of the 3G Authentication Protocol. Technical Report (TR) 33.902, 3rd Generation Partnership Project (3GPP) (2001), version 4.0.0"},{"key":"8_CR2","unstructured":"3GPP: IP Multimedia Subsystem (IMS) emergency sessions. Technical Specification (TS) 23.167, 3rd Generation Partnership Project (3GPP) (2020), version 16.2.0"},{"key":"8_CR3","unstructured":"3GPP: Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3. Technical Specification (TS) 24.501, 3rd Generation Partnership Project (3GPP) (2020), version 16.5.1"},{"key":"8_CR4","unstructured":"3GPP: Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3. Technical Specification (TS) 24.301, 3rd Generation Partnership Project (3GPP) (2020), version 16.5.1"},{"key":"8_CR5","unstructured":"3GPP: Service aspects; Service principles. Technical Specification (TS) 22.101, 3rd Generation Partnership Project (3GPP) (2020), version 17.2.0"},{"key":"8_CR6","unstructured":"Al\u00a0Ishtiaq, A., et\u00a0al.: Hermes: unlocking security analysis of cellular network protocols by synthesizing finite state machines from natural language specifications. In: 33rd USENIX Security Symposium (USENIX Security 24) (2024)"},{"issue":"4","key":"8_CR7","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/s10817-006-9063-9","volume":"37","author":"O Bailleux","year":"2006","unstructured":"Bailleux, O., Marquis, P.: Some computational aspects of distance-sat. J. Autom. Reason. 37(4), 231\u2013260 (2006)","journal-title":"J. Autom. Reason."},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Basin, D., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5G authentication. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1383\u20131396. ACM (2018)","DOI":"10.1145\/3243734.3243846"},{"issue":"2","key":"8_CR9","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1016\/S1571-0661(04)80410-9","volume":"66","author":"A Biere","year":"2002","unstructured":"Biere, A., Artho, C., Schuppan, V.: Liveness checking as safety checking. Electron. Notes Theor. Comput. Sci. 66(2), 160\u2013177 (2002)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"8_CR10","doi-asserted-by":"publisher","unstructured":"Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (eds.) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 1999. LNCS, vol. 1579, pp. 193\u2013207. Springer, Berlin, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-49059-0_14","DOI":"10.1007\/3-540-49059-0_14"},{"key":"8_CR11","unstructured":"Biere, A., Claessen, K.: Hardware model checking competition. In: Hardware Verification Workshop (2010)"},{"key":"8_CR12","unstructured":"Bradley, A.: Ic3-ref (2015). https:\/\/github.com\/arbrad\/IC3ref"},{"key":"8_CR13","unstructured":"Bradley, A., Cox, A., Dooley, M., Hassan, Z., Somenzi, F., Zhang, Y.: Iimc (2018). https:\/\/github.com\/mgudemann\/iimc"},{"key":"8_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-642-18275-4_7","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"AR Bradley","year":"2011","unstructured":"Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70\u201387. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-18275-4_7"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Bradley, A.R., Manna, Z.: Checking safety by inductive generalization of counterexamples to induction. In: Formal Methods in Computer Aided Design (FMCAD\u201907), pp. 173\u2013180. IEEE (2007)","DOI":"10.1109\/FAMCAD.2007.15"},{"key":"8_CR16","unstructured":"Bradley, A.R., Somenzi, F., Hassan, Z., Zhang, Y.: An incremental approach to model checking progress properties. In: 2011 Formal Methods in Computer-Aided Design (FMCAD), pp. 144\u2013153. IEEE (2011)"},{"key":"8_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/978-3-642-14295-6_5","volume-title":"Computer Aided Verification","author":"R Brayton","year":"2010","unstructured":"Brayton, R., Mishchenko, A.: ABC: an academic industrial-strength verification tool. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 24\u201340. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14295-6_5"},{"issue":"8","key":"8_CR18","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1109\/TC.1986.1676819","volume":"100","author":"RE Bryant","year":"1986","unstructured":"Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. Comput. IEEE Trans. 100(8), 677\u2013691 (1986)","journal-title":"Comput. IEEE Trans."},{"key":"8_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1007\/978-3-642-54862-8_4","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"A Cimatti","year":"2014","unstructured":"Cimatti, A., Griggio, A., Mover, S., Tonetta, S.: IC3 modulo theories via implicit predicate abstraction. In: \u00c1brah\u00e1m, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 46\u201361. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54862-8_4"},{"key":"8_CR20","unstructured":"Claessen, K., S\u00f6rensson, N.: A liveness checking algorithm that counts. In: 2012 Formal Methods in Computer-Aided Design (FMCAD), pp. 52\u201359. IEEE (2012)"},{"key":"8_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-10575-8_1","volume-title":"Handbook of Model Checking","author":"EM Clarke","year":"2018","unstructured":"Clarke, E.M., Henzinger, T.A., Veith, H.: Introduction to Model Checking. In: Handbook of Model Checking, pp. 1\u201326. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-10575-8_1"},{"key":"8_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1007\/978-3-642-35873-9_10","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"P Cousot","year":"2013","unstructured":"Cousot, P., Cousot, R., F\u00e4hndrich, M., Logozzo, F.: Automatic inference of necessary preconditions. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 128\u2013148. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-35873-9_10"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Cremers, C., Dehnel-Wild, M.: Component-based formal analysis of 5G-AKA: channel assumptions and session confusion. In: Symposium on Network and Distributed Systems Security (NDSS) (2019)","DOI":"10.14722\/ndss.2019.23394"},{"key":"8_CR24","unstructured":"Een, N., Mishchenko, A., Brayton, R.: Efficient implementation of property directed reachability. In: 2011 Formal Methods in Computer-Aided Design (FMCAD), pp. 125\u2013134. IEEE (2011)"},{"key":"8_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1007\/978-3-030-45190-5_23","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"A Goel","year":"2020","unstructured":"Goel, A., Sakallah, K.: AVR: abstractly verifying reachability. In: TACAS 2020. LNCS, vol. 12078, pp. 413\u2013422. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45190-5_23"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Guthmann, O., Strichman, O., Trostanetski, A.: Minimal unsatisfiable core extraction for SMT. In: 2016 Formal Methods in Computer-Aided Design (FMCAD), pp. 57\u201364. IEEE (2016)","DOI":"10.1109\/FMCAD.2016.7886661"},{"key":"8_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-642-21581-0_17","volume-title":"Theory and Applications of Satisfiability Testing - SAT 2011","author":"MJH Heule","year":"2011","unstructured":"Heule, M.J.H., J\u00e4rvisalo, M., Biere, A.: Efficient CNF simplification based on binary implication graphs. In: Sakallah, K.A., Simon, L. (eds.) SAT 2011. LNCS, vol. 6695, pp. 201\u2013215. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21581-0_17"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"Hou, K., Li, Y., Yu, Y., Chen, Y., Zhou, H.: Discovering emergency call pitfalls for cellular networks with formal methods. In: Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services, pp. 296\u2013309 (2021)","DOI":"10.1145\/3458864.3466625"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Hou, K., Li, Y., Yu, Y., Chen, Y., Zhou, H.: Discovering emergency call pitfalls for cellular networks with formal methods. In: Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), pp. 296\u2013309 (2021)","DOI":"10.1145\/3458864.3466625"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Hussain, S.R., Chowdhury, O., Mehnaz, S., Bertino, E.: LTEInspector: a systematic approach for adversarial testing of 4G LTE. In: Symposium on Network and Distributed Systems Security (NDSS), pp. 18\u201321 (2018)","DOI":"10.14722\/ndss.2018.23313"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"Li, Y., Hou, K., Zhou, H., Chen, Y.: Network protocol safe configuration search in one shot. In: Proceedings of the SIGCOMM\u201920 Poster and Demo Sessions, pp. 21\u201323 (2020)","DOI":"10.1145\/3405837.3411377"},{"key":"8_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1007\/978-3-642-31612-8_34","volume-title":"Theory and Applications of Satisfiability Testing \u2013 SAT 2012","author":"N Manthey","year":"2012","unstructured":"Manthey, N.: Coprocessor 2.0 \u2013 a flexible CNF simplifier. In: Cimatti, A., Sebastiani, R. (eds.) SAT 2012. LNCS, vol. 7317, pp. 436\u2013441. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-31612-8_34"},{"key":"8_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1007\/3-540-45657-0_19","volume-title":"Computer Aided Verification","author":"KL McMillan","year":"2002","unstructured":"McMillan, K.L.: Applying SAT methods in unbounded symbolic model checking. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 250\u2013264. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45657-0_19"},{"key":"8_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-45069-6_1","volume-title":"Computer Aided Verification","author":"KL McMillan","year":"2003","unstructured":"McMillan, K.L.: Interpolation and SAT-based model checking. In: Hunt, W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 1\u201313. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45069-6_1"},{"key":"8_CR35","unstructured":"Mitzenmacher, M., Upfal, E.: Probability and Computing: Randomization and Probabilistic Techniques in Algorithms and Data Analysis. Cambridge University Press, Cambridge (2017)"},{"key":"8_CR36","doi-asserted-by":"crossref","unstructured":"Pacheco, M.L., von Hippel, M., Weintraub, B., Goldwasser, D., Nita-Rotaru, C.: Automated attack synthesis by extracting finite state machines from protocol specification documents. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 51\u201368. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833673"},{"key":"8_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/978-3-540-30579-8_2","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"S Sankaranarayanan","year":"2005","unstructured":"Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 25\u201341. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30579-8_2"},{"issue":"2","key":"8_CR38","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s10009-003-0121-x","volume":"5","author":"V Schuppan","year":"2004","unstructured":"Schuppan, V., Biere, A.: Efficient reduction of finite state model checking to reachability analysis. Int. J. Softw. Tools Technol. Transf. 5(2), 185\u2013204 (2004)","journal-title":"Int. J. Softw. Tools Technol. Transf."},{"key":"8_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/3-540-40922-X_8","volume-title":"Formal Methods in Computer-Aided Design","author":"M Sheeran","year":"2000","unstructured":"Sheeran, M., Singh, S., St\u00e5lmarck, G.: Checking safety properties using induction and a SAT-solver. In: Hunt, W.A., Johnson, S.D. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 127\u2013144. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-40922-X_8"},{"key":"8_CR40","unstructured":"Sheng, S., Hsiao, M.: Efficient preimage computation using a novel success-driven ATPG. In: 2003 Design, Automation and Test in Europe Conference and Exhibition, pp. 822\u2013827. IEEE (2003)"},{"key":"8_CR41","doi-asserted-by":"publisher","unstructured":"Tseitin, G.S.: On the complexity of derivation in propositional calculus. In: Siekmann, J.H., Wrightson, G. (eds.) Automation of Reasoning. Symbolic Computation, LNCS, pp. 466\u2013483. Springer, Berlin, Heidelberg (1983). https:\/\/doi.org\/10.1007\/978-3-642-81955-1_28","DOI":"10.1007\/978-3-642-81955-1_28"},{"key":"8_CR42","doi-asserted-by":"crossref","unstructured":"Tu, G.H., Li, Y., Peng, C., Li, C.Y., Wang, H., Lu, S.: Control-plane protocol interactions in cellular networks. In: ACM SIGCOMM, pp. 223\u2013234. ACM (2014)","DOI":"10.1145\/2619239.2626302"},{"key":"8_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-319-08867-9_17","volume-title":"Computer Aided Verification","author":"Y Vizel","year":"2014","unstructured":"Vizel, Y., Gurfinkel, A.: Interpolating property directed reachability. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 260\u2013276. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-08867-9_17"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75764-8_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:07:10Z","timestamp":1729595230000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75764-8_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,17]]},"ISBN":["9783031757631","9783031757648"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75764-8_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,17]]},"assertion":[{"value":"17 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc24.cs.gmu.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}