Formal Verification of Security Policies of Cryptographic Software
نویسنده
چکیده
In this paper we present CAOVerif, a deductive verification tool for the CAO language. CAO is a domain-specific language for cryptography with interesting challenges for formal verification. It introduces not only a rich mathematical type system, but it also offers cryptography-oriented language constructions. The toolchain encompasses different transformations of the source code in order to get the VCs and is based in the Jessie plug-in of the Frama-C framework.
منابع مشابه
A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملVerifying Cryptographic Code in C: Some Experience and the Csec Challenge
The security of much critical infrastructure depends in part on cryptographic software coded in C, and yet vulnerabilities continue to be discovered in such software. We describe recent progress on checking the security of C code implementing cryptographic software. In particular, we describe projects that combine verification-condition generation and symbolic execution techniques for C, with m...
متن کاملSpecification and verification of security policies for smart cards
Security systems that use smart cards are nowadays an important part of our daily life, which becomes increasingly dependent on the reliability of such systems, for example cash cards, electronic health cards or identification documents. Since a security policy states both the main security objectives and the security functions of a certain security system, it is the basis for the reliable syst...
متن کاملFormal specification and verification of control software for cryptographic equipment
This paper describes the application of formal specification and verification methods to two microprocessor-based cryptographic devices: a “sman token” system that controls access to a network of workstations, and a message authentication device implementing the ANSI X9.9 message authentication standard. Formal specification and verification were found to be practical, cost-effective tools for ...
متن کامل