A Deductive Verification Platform for Cryptographic Software
نویسندگان
چکیده
In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the FramaC framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
منابع مشابه
A Novel Approach to the Automation of Logic-Based Security Protocol Verification
Secure communications over insecure networks relies on the security of cryptographic protocols. Formal verification is an essential step in the design of security protocols. In particular logic-based verification has been shown to be effective and has discovered a number of protocol flaws. However, manual application of the deductive reasoning process is complex, tedious and prone to error. Thi...
متن کاملFormal Verification of Security Policies of Cryptographic Software
In this paper we present CAOVerif, a deductive verification tool for the CAO language. CAO is a domain-specific language for cryptography with interesting challenges for formal verification. It introduces not only a rich mathematical type system, but it also offers cryptography-oriented language constructions. The toolchain encompasses different transformations of the source code in order to ge...
متن کاملAutomatic Verification of Cryptographic Protocols in First-Order Logic
In this paper, a new first-order logical framework and method of formalizing and verifying cryptographic protocols is presented. From the point of view of an intruder, the protocol and abilities of the intruder are modeled in Horn clauses. Based on deductive reasoning method, secrecy of cryptographic protocols is verified automatically, and if the secrecy is violated, attack scenarios can be pr...
متن کاملFormal Verification of a Memory Allocation Module of Contiki with Frama-C: A Case Study
Formal verification is still rarely applied to the IoT (Internet of Things) software, whereas IoT applications tend to become increasingly popular and critical. This short paper promotes the usage of formal verification to ensure safety and security of software in this domain. We present a successful case study on deductive verification of a memory allocation module of Contiki, a popular openso...
متن کاملKeY: A Formal Method for Object-Oriented Systems
This paper gives an overview of the KeY approach and highlights the main features of the KeY system. KeY is an approach (and a system) for the deductive verification of object-oriented software. It aims for integrating design, implementation, formal specification and formal verification as seamlessly as possible. The intention is to provide a platform that allows close collaboration of conventi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- ECEASST
دوره 33 شماره
صفحات -
تاریخ انتشار 2010