CAOVerif: An open-source deductive verification platform for cryptographic software implementations

被引：1

作者：

Almeida, Jose Bacelar ^{[1
,2
]}

Barbosa, Manuel ^{[1
,2
]}

Filliatre, Jean-Christophe ^{[3
,4
]}

Pinto, Jorge Sousa ^{[1
,2
]}

Vieira, Barbara ^{[1
,2
]}

机构：

[1] HASLab INESC TEC, Braga, Portugal

[2] Univ Minho, Braga, Portugal

[3] INRIA Saclay Ile de France, ProVal, Orsay, France

[4] Univ Paris 11, CNRS, LRI, F-91405 Orsay, France

来源：

SCIENCE OF COMPUTER PROGRAMMING | 2014年 / 91卷

关键词：

Formal verification; Program verification; Cryptographic software; Deductive verification; CERTIFICATION; SECURITY; SYSTEM; PROVER; TOOL;

D O I：

10.1016/j.scico.2012.09.019

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified. (C) 2012 Elsevier B.V. All rights reserved.

引用

页码：216 / 233

页数：18

共 44 条

[1]

Abadi M., 2007, J. Cryptol, V20, P395, DOI DOI 10.1007/S00145-007-0203-0

[2]

Affeldt R, 2007, LECT NOTES COMPUT SC, V4435, P346

[3] Certifying assembly with formal security proofs: The case of BBS [J].

Affeldt, Reynald ;

Nowak, David ;

Yamada, Kiyoshi .

SCIENCE OF COMPUTER PROGRAMMING, 2012, 77 (10-11) :1058-1074

[4]

Aizatulin M, 2011, PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11), P331

[5] Deductive verification of cryptographic software [J].

Almeida, Jose Bacelar ;

Barbosa, Manuel ;

Pinto, Jorge Sousa ;

Vieira, Barbara .

INNOVATIONS IN SYSTEMS AND SOFTWARE ENGINEERING, 2010, 6 (03) :203-218

[6]

Almeida JB, 2009, LECT NOTES COMPUT SC, V5825, P37, DOI 10.1007/978-3-642-04570-7_5

[7]

[Anonymous], 2009, C D1 1 DET CAO QHASM

[8]

[Anonymous], 2019, LCP ISABELLE 2019

[9]

[Anonymous], COQ PROOF ASS REF MA

[10]

[Anonymous], 2003, High Integrity Software: The SPARK Approach to Safety and Security

← 1 2 3 4 5 →