Passlab: A Password Security Tool for the Blue Team
It addresses a gap in cybersecurity tools for blue teams, but appears incremental as it builds on existing formal methods.
The paper tackles the lack of tools for defending password-protected systems by developing Passlab, a tool that helps system administrators use formal methods for evidence-based security decisions through an intuitive interface.
If we wish to compromise some password-protected system as an attacker (i.e. a member of the red team), we have a large number of popular and actively-maintained tools to choose from in helping us to realise our goal. Password hash cracking hardware and software, online guessing tools, exploit frameworks, and a wealth of tools for helping us to perform reconnaissance on the target system are widely available. By comparison, if we wish to defend a password-protected system against such an attack (i.e. as a member of the blue team), we have comparatively few tools to choose from. In this research abstract, we present our work to date on Passlab, a password security tool designed to help system administrators take advantage of formal methods in order to make sensible and evidence-based security decisions using a clean and intuitive user interface.