Automated analysis of SSH client state machines / Tim Leonhard Storm ; Supervisors: Prof. Dr.-Ing. Juraj Somorovsky, Prof. Dr. Jörg Schwenk, Fabian Bäumer, M.Sc. Paderborn, 2026
Inhalt
- Introduction
- Background
- SSH
- State Machine Learning
- Finite State Machines and Mealy Machine
- Minimally Adequate Teacher
- Practical Considerations
- SSH-State-Learner
- Membership and Equivalence Oracles
- LTSDiff
- Methodology
- Choice of Clients
- State Machine Learning
- Intermediate Format for Diffing
- State Machine Differentials
- Analyzing State Machines
- Implementation
- SSH-State-Learner Integration
- Re-introducing NetworkSshClientSul to the CLI
- Using NetworkSshClientSul
- Handling Guessed Key Exchanges
- Client Automation
- Intermediate Representation
- State Machine Differentials
- Evaluation
- Learned state machines
- LTSDiff for implementation comparison
- Naive LTSDiff
- LTSDiff with Domain Knowledge
- LTSDiff with Input only
- Impact of Complexity
- Differentials for comparing software versions
- Example Differentials
- Implementation Similarity
- Standard Violations
- De facto Protocol Semantics for SSH Clients
- Limitations
- Discussion
- On the Effectiveness of LTSDiff
- RFC Compliance and Under-specification
- Implications for Automated Protocol Analysis
- Conclusions and Future Work
- Bibliography
- Appendix