Security analysis of crypto-based Java programs using automated theorem provers

Proceedings - 21st IEEE/ACM International Conference on Automated Software Engineering, ASE 2006

Volumn , Issue , 2006, Pages 167-176

  Jürjens, Jan ^a  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATED THEOREM PROVERS; CRYPTO-BASED JAVA PROGRAMS; SECURITY ANALYSIS;

JAVA PROGRAMMING LANGUAGE; MODEL CHECKING; PUBLIC KEY CRYPTOGRAPHY; SECURITY OF DATA; THEOREM PROVING;

DATA REDUCTION;

EID: 34547455692     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ASE.2006.60     Document Type: Conference Paper

References (23)

1. A. Armando and D.A. Basin et al. The AVISPA tool for the automated validation of internet security protocols and applications. In CAV2005, volume 3576 of LNCS, pages 281-285. Springer, 2005.
2. V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost? In Conference on Computer Communications (IEEE Infocom), pages 717-725. IEEE, March 1999.
3. L. Burdy, Y. Cheon, D.R. Cok, M.D. Ernst, J.R. Kiniry, G.T. Leavens, K.R.M. Leino, and E. Poll. An overview of JML tools and applications. STTT, 7(3):212-232, 2005.
4. B. Blanchet. An efficient cryptographic protocol verifier based on prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), pages 82-96. IEEE, 2001.
5. M. Broy and K. Stølen. Specification and Development of Interactive Systems. Springer, 2001.
6. CEPSCO. Common Electronic Purse Specifications, 2001. Business Requirements Version 7.0, Functional Requirements Version 6.3, Technical Specification Version 2.3, available from http://www.cepsco.com.
7. M. Clint. Program proving: Coroutines. Acta Informatica, 2:53-60, 1973.
8. E. Cohen. First-order verification of cryptographic protocols. Journal of Computer Security, 11 (2):189-216, 2003.
9. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2): 198-208, 1983.
10. G.J. Holzmann and M.H. Smith. Software model checking: extracting verification models from source code. Software Testing, Verification & Reliability, 11(2):65-79, 2001.
11. K. Honda, V.T. Vasconcelos, and N. Yoshida. Secure information flow as typed process behaviour. In G. Smolka, editor, ESOP2000, volume 1782 of LNCS, pages 180-199. Springer, 2000.
12. JavaSectool. http://www4.in.tum.de/~javasec.
13. http://java.sun.com/products/javacard/index.jsp.
14. Java™ cryptography architecture, http://java.sun.eom/j2se/1.5.0/ docs/guide/security/CryptoSpec.html.
15. Jessie: A free implementation of the JSSE, 2003. http://www.nongnu.org/ Jessie.
16. J. Jurjens. Secure information flow for concurrent processes. In CONCUR 2000, volume 1877 of LNCS, pages 395-409. Springer, 2000.
17. J. Jürjens. Secure Systems Development with UML. Springer, 2004.
18. J. Jürjens. Sound methods and effective tools for model-based security engineering with UML. In ICSE 2005. IEEE, 2005.
19. J. Jürjens and M. Yampolskiy. Code security analysis with assertions. In ASE 2005, pages 392-395. ACM, 2005.
20. A. Myers. Jflow: Practical mostly-static information flow control. In 26th ACM Symposium on Principles of Programming Languages (POPL), 1999.
21. J. Schumann. Automatic verification of cryptographic protocols with SETHEO. In CADE-14, volume 1249 of LNCS, pages 87-100. Springer, 1997.
22. 3 theorem prover. In TABLEAUX 2000, volume 1847 of LNCS, pages 436-440. Springer, 2000.
23. C. Weidenbach. Towards an automatic analysis of security protocols in first-order logic. In CADE-16, volume 1632 of LNCS, pages 314-328, 1999.