Cryptographic protocol analysis on real C code

Lecture Notes in Computer Science

Volumn 3385, Issue , 2005, Pages 363-379

  Goubault Larrecq, Jean ^a   Parrennes, Fabrice ^a,b  

^a UNIVERSITÉ PARIS SACLAY   (France)

^b RATP   (France)

Author keywords

[No Author keywords available]

Indexed keywords

C (PROGRAMMING LANGUAGE); CODES (SYMBOLS); CRYPTOGRAPHY; PROBLEM SOLVING; SECURITY OF DATA;

BUGS; CRYPTANALYSIS; CRYPTOGRAPHIC PROTOCOLS; VERIFICATION;

NETWORK PROTOCOLS;

EID: 24144470036     PISSN: 03029743     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/978-3-540-30579-8_24     Document Type: Conference Paper

References (27)

1. R. M. Amadio and W. Charatonik. On name generation and set-based analysis in the Dolev-Yao model. In 13th International Conference on Concurrency Theory CONCUR'02, volume 2421 of Lecture Notes in Computer Science, pages 499-514. Springer-Verlag, 2002.
2. L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994. (DIKU report 94/19).
3. B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82-96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.
4. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter. In T. Mogensen, D. A. Schmidt, and I. H. Sudborough, editors, The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones, volume 2566 of Lecture Notes on Computer Science, pages 85-108. Springer Verlag, Dec. 2002.
5. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A Static Analyzer for Large Safety-Critical Software. In ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI'03), pages 196-207, San Diego, California, June 2003. ACM.
6. P. Boury and N. Elkhadi. Static Analysis of Java Cryptographic Applets. In ECOOP'2001 Workshop on Formal Techniques for Java Programs. Fern Universität Hagen, 2001.
7. H. Comon-Lundh and V. Cortier. Security properties: Two agents are sufficient. In Proc. 12th European Symposium on Programming (ESOP'2003), pages 99-113, Warsaw, Poland, Apr. 2003. Springer-Verlag LNCS 2618.
8. D. Dolev and A. C. Yao. On security of public key protocols. IEEE trans. on Information Theory, IT-30:198-208, 1983.
9. N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. Undecidability of bounded security protocols. In N. Heintze and E. Clarke, editors, Proceedings of the Workshop on Formal Methods and Security Protocols - FMSP, Trento, Italy, July 1999.
10. A. Freier, P. Karlton, and P. Kocher. The SSL protocol. Version 3.0., 1996. http://home.netscape.com/eng/ssl3/.
11. O. Gay. Exploitation avancée de buffer overflows. Technical report, LASEC, Ecole Polytechnique Fédérale de Lausanne, June 2002. http://diwww.epfl.ch/~ogay/advbof/advbof.pdf.
12. J. Goubault-Larrecq, editor. Special Issue on Models and Methods for Cryptographic Protocol Verification, volume 4. Instytut Ła̧csności (Institute of Telecommunications), Warsaw, Poland, Dec. 2002.
13. J. Goubault-Larrecq. Une fois qu'on n'a pas trouvé de preuve, comment le faire comprendre à un assistant de preuve ? In Actes 15èmes journées francophones sur les langages applicatifs (JFLA'04), Sainte-Marie-de-Ré France, Janvier 2004. INRIA.
14. N. Heintze and O. Tardieu. Ultra-fast aliasing analysis using cla: a million lines of c code in a second. In Proc. of the ACM SIGPLAN'01 conference on Programming language design and implementation, pages 254-263. ACM Press, 2001.
15. M. Hind. Pointer analysis: haven't we solved this problem yet? In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pages 54-61. ACM Press, 2001.
16. N. E. Kadhi. Automatic verification of confidentiality properties of cryptographic programs. Networking and Information Systems, 3(6), 2001.
17. G. Lowe. An attack on the needham-schroeder public-key authentication protocol. Information Processing Letters, 56(3): 131-133, 1995.
18. R. Milner. Communication and concurrency. Prentice Hall International (UK) Ltd., 1995.
19. R. Needham and M. Schroeder. Using encryption for authentification in large networks of computers. Communications of the ACM, 21(12), December 1978.
20. F. Nielson, H. R. Nielson, and H. Seidl. Normalizable horn clauses, strongly recognizable relations, and spi. In Proceedings of the 9th International Symposium on Static Analysis, volume 2477, pages 20-35. Springer-Verlag, 2002.
21. F. Parrennes. The CSur project, http://www.lsv.ens-cachan.fr/csur/, 2004.
22. S. Sagiv, T. W. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Trans. Prog. Lang. Sys., 24(3):217-298, may 2002.
23. P. Selinger. Models for an adversary-centric protocol logic. Electronic Notes in Theoretical Computer Science, 55(1):73-87, July 2001. Proceedings of the 1st Workshop on Logical Aspects of Cryptographic Protocol Verification (LACPV'01), J. Goubault-Larrecq, ed.
24. A. Simon and A. King. Analyzing string buffers in C. In Intl. Conf. on Algebraic Methods and Software Methodology (AMAST'2002), pages 365-379, 2002.
25. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3-17, San Diego, CA, February 2000.
26. C. Weidenbach. Towards an automatic analysis of security protocols. In H. Ganzinger, editor, 16th International Conference on Automated Deduction CADE-16, volume 1632, pages 378-382. Springer, 1999.
27. C. Weidenbach, U. Brahm, T. Hillenbrand, E. Keen, C. Theobald, and D. Topic. SPASS version 2.0. In Proc. 18th Conference on Automated Deduction (CADE 2002), pages 275-279. Springer-Verlag LNCS 2392, 2002.