Deductive verification of cryptographic software

Innovations in Systems and Software Engineering

Volumn 6, Issue 3, 2010, Pages 203-218

  Almeida, José Bacelar ^a   Barbosa, Manuel ^a   Pinto, Jorge Sousa ^a   Vieira, Bárbara ^a  

^a UNIVERSITY OF MINHO   (Portugal)

Author keywords

Cryptographic algorithms; Program equivalence; Program verification; Self composition

Indexed keywords

AUTOMATIC PROOFS; CRYPTOGRAPHIC ALGORITHMS; CRYPTOGRAPHIC SOFTWARE; DEDUCTIVE VERIFICATION; ERROR PROPAGATION; INTERACTIVE PROOF ASSISTANTS; LEVELS OF AUTOMATION; PROGRAM EQUIVALENCE; PROGRAM VERIFICATION; REFERENCE IMPLEMENTATION; SELF-COMPOSITION; STATE OF THE ART;

CRYPTOGRAPHY;

VERIFICATION;

EID: 77956423308     PISSN: 16145046     EISSN: 16145054     Source Type: Journal    
DOI: 10.1007/s11334-010-0127-y     Document Type: Article

References (37)

1. Almeida JB, Barbosa M, Pinto JS, Vieira B (2009) Deductive verification of cryptographic software. Technical Report DI-CCTC-09-03, CCTC, Univ. Minho, Available from http://cctc. uminho. pt/publications?year=2009.
2. Ball T, Rajamani SK (2002) The SLAM project: debugging system software via static analysis. In: POPL '02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 1-3.
3. Banerjee A, Naumann DA (2005) Stack-based access control and secure information flow. J Funct Program 15(2): 131-177.
4. Barnett M, Rustan K, Leino M, Schulte W (2004) The Spec# programming system: an overview. In: Construction and analysis of safe, secure, and interoperable smart devices. Springer, Berlin, pp 49-69.
5. Barthe G, D'Argenio PR, Rezk T (2004) Secure information flow by self-composition. In: CSFW. IEEE Computer Society, USA, pp 100-114.
6. Baudin P, Filliâtre J-C, Marché C, Monate B, Moy Y, Prevosto V (2008) ACSL: ANSI/ISO C Specfication Language. CEA LIST and INRIA, Preliminary design (version 1. 4, December 12, 2008).
7. Benton N (2004) Simple relational correctness proofs for static analyses and program transformations. In: Jones ND, Leroy X (eds) POPL. ACM, New York, pp 14-25.
8. Computer Aided Cryptography Engineering. EU FP7. http://www. cace-project. eu/.
9. Chrzaszcz J (2003) Implementation of modules in the Coq system. In: Basin D, Wolff B (eds) Proceedings of the theorem proving in higher order logics 16th international conference. LNCS, vol 2758. Rome, Italy, September 2003. Springer, Berlin, pp 270-286.
10. Clarkson MR, Schneider FB (2008) Hyperproperties. In: CSF. IEEE Computer Society, USA, pp 51-65.
11. Conchon S, Contejean E, Kanig J (2006) Ergo: a theorem prover for polymorphic first-order logic modulo theories. Available from http://alt-ergo. lri. fr/.
12. Cook SA (1978) Soundness and completeness of an axiom system for program verification. SIAM J Comput 7(1): 70-90.
13. de Moura L, Bjørner N (2008) Z3: an efficient SMT solver. Lecture Notes in Computer Science, vol 4963/2008. Springer, Berlin, pp 337-340.
14. Denning DE, Denning PJ (1977) Certification of programs for secure information flow. Commun ACM 20(7): 504-513.
15. Detlefs D, Nelson G, Saxe JB (2005) Simplify: a theorem prover for program checking. J ACM 52(3): 365-473.
16. Dufay G, Felty A, Matwin S (2005) Privacy-sensitive information flow with JML. In: Automated deduction-CADE-20. Springer, Berlin, pp 116-130.
17. Filliâtre J-C, Marché C (2007) The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm W, Hermanns H (eds) CAV. Lecture notes in computer science, vol 4590. Springer, Berlin, pp 173-177.
18. Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: POPL '02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 58-70.
19. Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12: 576-580.
20. Jacobs BPF, Kiniry JR, Warnier ME, Jacobs B, Kiniry J, Warnier M (2003) Java program verification challenges. In: Proceedings of the formal methods for component objects, FMCO 2002. Lecture notes in computer science, vol 2852. Springer, Berlin, pp 202-219.
21. Jhala R, Majumdar R (2009) Software model checking. ACM Comput Surv 41(4): 1-54.
22. Leavens GT, Ruby C, Leino KRM, Poll E, Jacobs B (2000) JML (poster session): notations and tools supporting detailed design in Java. In OOPSLA '00: Addendum to the 2000 proceedings of the conference on Object-oriented programming, systems, languages, and applications (Addendum). ACM, New York, pp 105-106.
23. Leino KRM, Joshi R (1998) A semantic approach to secure information flow. Lect Notes Comput Sci 1422: 254-271.
24. Leivant D (1985) Logical and mathematical reasoning about imperative programs. In: POPL, pp 132-140.
25. Myers AC (1999) Jflow: Practical mostly-static information flow control. In: POPL, pp 228-241.
26. Myers AC, Sabelfeld A, Zdancewic S (2006) Enforcing robust declassification and qualified robustness. J Comput Secur 14(2): 157-196.
27. Naumann DA (2006) From coupling relations to mated invariants for checking information flow. In: Computer Security-ESORICS 2006. LNCS, vol 4189, pp 279-296.
28. Page D (ed) (2009) CACE Deliverable D1. 1: Complete CAO and qhasm specifications. Available from http://www. cace-project. eu.
29. Sabelfeld A, Myers A (2003) Language-based information-flow security. IEEE J Selected Areas Commun 21(1): 5-19.
30. Schneier B (1996) Applied cryptography: protocols, algorithms, and source code in C, 2nd edn. Wiley, New York.
31. Terauchi T, Aiken A (2005) Secure information flow as a safety problem. In: Hankin C, Siveroni I (eds) SAS. Lecture notes in computer science, vol 3672. Springer, Berlin, pp 352-367.
32. The Coq Development Team. The Coq Proof Assistant Reference Manual-Version V8. 2, 2008. http://coq. inria. fr.
33. The OpenSSL Project. http://www. openssl. org.
34. Tse S, Zdancewic S (2005) A design for a security-typed language with certificate-based declassification. In: Sagiv S (ed) ESOP. Lecture notes in computer science, vol 3444. Springer, Berlin, pp 279-294.
35. Vaughan JA, Zdancewic S (2007) A cryptographic decentralized label model. In: IEEE symposium on security and privacy. IEEE Computer Society, USA, pp 192-206.
36. Volpano DM, Smith G (1997) A type-based approach to program security. In: Bidoit M, Dauchet M (eds) TAPSOFT. Lecture notes in computer science, vol 1214. Springer, Berlin, pp 607-621.
37. Warnier M, Oostdijk M (2005) Non-interference in JML. Technical Report ICIS-R05034, Nijmegen Institute for Computing and Information Sciences.