Computationally sound verification of source code

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2010, Pages 387-398

  Backes, Michael ^a   Maffei, Matteo ^a   Unruh, Dominique ^a  

^a SAARLAND UNIVERSITY   (Germany)

Author keywords

Computational soundness; Source code; Verification

Indexed keywords

AUTOMATED VERIFICATION; COMPUTATIONAL SECURITY; COMPUTATIONAL SOUNDNESS; CRYPTOGRAPHIC ALGORITHMS; CRYPTOGRAPHIC PRIMITIVES; CRYPTOGRAPHIC PROTOCOLS; CRYPTOGRAPHIC SECURITY; FORMAL VERIFICATIONS; LAMBDA CALCULUS; MATHEMATICAL PROPERTIES; PROTOCOL ANALYSIS; PROTOCOL IMPLEMENTATION; PUBLIC-KEY ENCRYPTION; SOUND VERIFICATION; SOURCE CODES; VERIFICATION FRAMEWORK;

ALGORITHMS; CRYPTOGRAPHY; DIFFERENTIATION (CALCULUS); NETWORK PROTOCOLS;

NETWORK SECURITY;

EID: 78650000256     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1866307.1866351     Document Type: Conference Paper

References (41)

1. M. Abadi, M. Baudet, and B. Warinschi. Guessing attacks and the computational soundness of static equivalence. In Proc. 9th International Conference on Foundations of Software Science and ComputationStructures (FOSSACS), volume 3921 of Lecture Notes in Computer Science, pages 398-412. Springer, 2006.
2. Martín Abadi and Cédric Fournet. Mobile values, new names, and secure communication. In POPL '01: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 104-115, New York, NY, USA, 2001. ACM Press.
3. Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The spi calculus. In Proc. 4th ACM Conference on Computer and Communications Security, pages 36-47, 1997.
4. Martín Abadi and Jan Jürjens. Formal eavesdropping and its computational interpretation. In Proc. 4th International Symposium on Theoretical Aspects of Computer Software (TACS), pages 82-94, 2001.
5. Martín Abadi and Phillip Rogaway. Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology, 15(2):103-127, 2002.
6. Pedro Adão and Cédric Fournet. Cryptographically sound implementations for communicating processes. In Proc. ICALP, pages 83-94, 2006.
7. Michael Backes, Dennis Hofheinz, and Dominique Unruh. CoSP: A general framework for computational soundness proofs. In ACM CCS 2009, pages 66-78. ACM Press, November 2009. Full version on IACR ePrint 2009/080. Some of the definitions we use only occur in the full version.
8. Michael Backes, Matteo Maffei, and Dominique Unruh. Library source code with F7 type-checking annotations. Available at http: //crypto.m2ci.org/unruh/ misc/rcf/library.zip.
9. Michael Backes, Matteo Maffei, and Dominique Unruh.Computationally sound verification of source code (full version). IACR ePrint archive 2010/416, 2010.
10. Michael Backes and Birgit Pfitzmann. Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In Proc. 17th IEEE ComputerSecurity Foundations Workshop (CSFW), pages 204-218, 2004.
11. Michael Backes, Birgit Pfitzmann, and Michael Waidner. A composable cryptographic library with nested operations (extended abstract). In Proc. 10th ACM Conference on Computer and Communications Security, pages 220-230, 2003. Full version in IACR Cryptology ePrint Archive 2003/015, Jan. 2003.
12. Michael Backes, Birgit Pfitzmann, and Michael Waidner. Symmetric authentication within a simulatable cryptographic library. In Proc. 8th European Symposium on Research in Computer Security (ESORICS), volume 2808 of Lecture Notes in Computer Science, pages 271-290. Springer, 2003.
13. Michael Backes, Birgit Pfitzmann, and Michael Waidner. The reactive simulatability (RSIM) framework for asynchronous systems. Information and Computation, 205(12):1685-1720, 2007.
14. David Basin, Sebastian Mödersheim, and Luca Viganò. OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 2004.
15. M. Baudet, V. Cortier, and S. Kremer. Computationally sound implementations of equational theories against passive adversaries. In Proc. 32nd International Colloquium on Automata, Languages and Programming (ICALP), volume 580 of Lecture Notes in Computer Science, pages 652-663. Springer, 2005.
16. Jesper Bengtson, Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon, and Sergio Maffeis. Refinement types for secure implementations. In Proc. 21st IEEE Security Foundations Symposium (CSF), pages 17-32, 2008. Full version is Microsoft Research technical report MSR-TR-2008-118.
17. K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse. Verified interoperable implementations of security protocols. In Proc. 19th IEEE Computer Security Foundations Workshop (CSFW), pages 139-152. IEEE, 2006.
18. K. Bhargavan, C. Fournet, and A.D. Gordon. Modular verification of security protocol code by typing. In Proc. 37th Symposium on Principles of Programming Languages (POPL). ACM Press, 2010.
19. Karthikeyan Bhargavan, Ricardo Corin, Cédric Fournet, and Eugen Zǎlinescu. Cryptographically verified implementations for TLS. In 15th ACM Conference on Computer and Communications Security (CCS 2008), pages 459-468. ACM Press, 2008.
20. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pages 82-96. IEEE Computer Society Press, 2001.
21. Bruno Blanchet. A computationally sound mechanized prover for security protocols. In IEEE Symposium on Security and Privacy, Proceedings of SSP 2006, pages 140-154. IEEE Computer Society, 2006. Extended version online available as IACR ePrint 2005/401.
22. Sagar Chaki and Anupam Datta. Aspier: Anautomated framework for verifying security protocol implementations. In Proc. 22nd IEEE Computer Security Foundations Symposium (CSF), pages 172-185. IEEE, 2009.
23. Hubert Comon-Lundh. About models of securityprotocols (abstract). In Ramesh Hariharan, Madhavan Mukund, and V Vinay, editors, Proc. FSTTCS, Dagstuhl, Germany, 2008. Schloss Dagstuhl. http://drops.dagstuhl.de/opus/volltexte/2008/ 1766/.
24. Hubert Comon-Lundh and Véronique Cortier. Computational soundness of observational equivalence. In Proc. ACM CCS, pages 109-118, 2008.
25. Danny Dolev and Andrew C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198-208, 1983.
26. Shimon Even and Oded Goldreich. On the security of multi-party ping-pong protocols. In Proc. 24th IEEE FOCS, pages 34-39, 1983.
27. Cédric Fournet. On the computational soundness of cryptographic verification by typing. Workshop on Formal and Computational Cryptography (FCC 2009), 2009.
28. J. Goubault-Larrecq and F. Parrennes. Cryptographic protocol analysis on real c code. In Proc. 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05), volume 3385 of Lecture Notes in Computer Science, pages 363-379. Springer-Verlag, 2005.
29. Jean Goubault-Larrecq and Fabrice Parrennes. Cryptographic protocol analysis on real C code. In 6th International Conference on Verification, Model Checking, and Abstract Interpretation, (VMCAI 2005), pages 363-379. Springer, 2005.
30. A. Gunter. Semantics of Programming Languages:Structures and Techniques. MIT Press, 1992.
31. Jonathan Herzog, Moses Liskov, and Silvio Micali. Plaintext awareness via key registration. In Advances in Cryptology: CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pages 548-564. Springer, 2003.
32. Romain Janvier, Yassine Lakhnech, and Laurent Mazaré. Completing the picture: Soundness of formal encryption in the presence of active adversaries. In Proc. ESOP, pages 172-185, 2005.
33. Richard Kemmerer, Catherine Meadows, and Jon Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79-130, 1994.
34. Peeter Laud. Semantics and program analysis of computationally secure information flow. In Proc. 10th European Symposium on Programming (ESOP), pages 77-91, 2001.
35. Peeter Laud. Symmetric encryption in automatic analyses for confidentiality against active adversaries. In Proc. 25th IEEE Symposium on Security & Privacy, pages 71-85, 2004.
36. Gavin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proc. 2nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 1055 of Lecture Notes in Computer Science, pages 147-166. Springer, 1996.
37. Michael Merritt. Cryptographic Protocols. PhD thesis, Georgia Institute of Technology, 1983.
38. Daniele Micciancio and Bogdan Warinschi. Soundness of formal encryption in the presence of active adversaries. In Proc. 1st Theory of Cryptography Conference (TCC), volume 2951 of Lecture Notes in Computer Science, pages 133-151. Springer, 2004.
39. Lawrence Paulson. The inductive approach to verifying cryptographic protocols. Journal of Cryptology, 6(1):85-128, 1998.
40. Steve Schneider. Security properties and CSP. In Proc.17th IEEE Symposium on Security & Privacy, pages 174-187, 1996.
41. Christoph Sprenger, Michael Backes, David Basin, Birgit Pfitzmann, and Michael Waidner. Cryptographically sound theorem proving. In Proc. 19th IEEE Computer Security Foundations Workshop (CSFW), pages 153-166, 2006.