Guiding a general-purpose C verifier to prove cryptographic protocols

被引：12

作者：

Dupressoir, Francois ^{[1
]}

Gordon, Andrew D. ^{[2
,3
]}

Jurjens, Jan ^{[4
]}

Naumann, David A. ^{[5
]}

机构：

[1] Open Univ, Milton Keynes, Bucks, England

[2] Microsoft Res, Cambridge, England

[3] Univ Edinburgh, Edinburgh, Midlothian, Scotland

[4] Tech Univ Dortmund, ISST, Dortmund, Germany

[5] Stevens Inst Technol, Hoboken, NJ 07030 USA

来源：

JOURNAL OF COMPUTER SECURITY | 2014年 / 22卷 / 05期

基金：

美国国家科学基金会;

关键词：

Symbolic cryptography; program verification; C implementations; security properties; general-purpose verifiers; protocol verification; cryptographic invariants;

D O I：

10.3233/JCS-140508

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We describe how to verify security properties of C code for cryptographic protocols by using a general-purpose verifier. We prove security theorems in the symbolic model of cryptography. Our techniques include: use of ghost state to attach formal algebraic terms to concrete byte arrays and to detect collisions when two distinct terms map to the same byte array; decoration of a crypto API with contracts based on symbolic terms; and expression of the attacker model in terms of C programs. We rely on the general-purpose verifier VCC; we guide VCC to prove security simply by writing suitable header files and annotations in implementation files, rather than by changing VCC itself. We formalize the symbolic model in Coq in order to justify the addition of axioms to VCC.

引用

页码：823 / 866

页数：44

共 54 条

[1] Secrecy by typing in security protocols
Abadi, M
[J]. JOURNAL OF THE ACM, 1999, 46 (05) : 749 - 786
[2] Aizatulin M., 2011, LECT NOTES COMPUTER, P1
[3] Aizatulin M, 2011, PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11), P331
[4] Almeida Jose Bacelar, 2013, 2013 ACM SIGSAC C CO, P1217, DOI 10.1145/2508859.2516652
[5] [Anonymous], 2012, CCS 2012
[6] [Anonymous], [No title captured]
[7] Appel AW, 2011, LECT NOTES COMPUT SC, V6602, P1, DOI 10.1007/978-3-642-19718-5_1
[8] Backes M., 2011, JOINT WORKSH THEOR S
[9] Backes M., 2003, P 10 ACM C COMP COMM, P220, DOI DOI 10.1145/948109.948140
[10] Computationally Sound Verification of Source Code
Backes, Michael
Maffei, Matteo
Unruh, Dominique
[J]. PROCEEDINGS OF THE 17TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'10), 2010, : 387 - 398

← 1 2 3 4 5 6 →