Guiding a general-purpose C verifier to prove cryptographic protocols

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2011, Pages 3-17

  Dupressoir, François ^a   Gordon, Andrew D ^b   Jürjens, Jan ^c,e   Naumann, David A ^d  

^a OPEN UNIVERSITY   (United Kingdom)

^b MICROSOFT RESEARCH   (United States)

^c TU DORTMUND UNIVERSITY   (Germany)

^d STEVENS INSTITUTE OF TECHNOLOGY   (United States)

^e Fraunhofer ISST   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

C (PROGRAMMING LANGUAGE); THEOREM PROVING;

ATTACKER MODELS; C PROGRAMS; C++ CODES; CRYPTOGRAPHIC PROTOCOLS; HEADER FILES; SECURITY PROPERTIES; SECURITY THEOREM; SYMBOLIC MODELING;

CRYPTOGRAPHY;

EID: 80052648343     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2011.8     Document Type: Conference Paper

References (41)

1. M. Abadi and R. M. Needham, "Prudent engineering practice for cryptographic protocols," IEEE Trans. Software Eng., vol. 22, no. 1, pp. 6-15, 1996. (Pubitemid 126771654)
2. M. Aizatulin, A. D. Gordon, and J. Jürjens, "Extracting and verifying cryptographic models from C protocol code by symbolic execution," 2011, unpublished draft. [Online]. Available: http://users.mct.open.ac.uk/ ma4962/files/paper-full.pdf
3. A. W. Appel, "Verified software toolchain," in ESOP, ser. LNCS, vol. 6602, 2011, pp. 1-17.
4. M. Backes, C. Hriţcu, and M. Maffei, "Union and intersection types for secure protocol implementations," in TOSCA, 2011.
5. M. Backes, M. Maffei, and D. Unruh, "Computationally sound verification of source code," in ACM CCS, 2010, pp. 387-398.
6. M. Backes, B. Pfitzmann, and M. Waidner, "A composable cryptographic library with nested operations," in ACM CCS, 2003, pp. 220-230.
7. M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino, "Boogie: A modular reusable verifier for object-oriented programs," in FMCO, ser. LNCS, vol. 4111, 2005, pp. 364-387. (Pubitemid 44548955)
8. G. Barthe, B. Grégoire, and S. Z. Béguelin, "Formal certification of code-based cryptographic proofs," in POPL, 2009, pp. 90-101.
9. J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis, "Refinement types for secure implementations,"ACM TOPLAS, vol. 33, no. 2, p. 8, 2011.
10. K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse, "Verified interoperable implementations of security protocols," ACM TOPLAS, vol. 31, pp. 5:1-5:61, December 2008.
11. K. Bhargavan, C. Fournet, R. Corin, and E. Zalinescu, "Cryptographically verified implementations for tls," in ACM CCS, 2008, pp. 459-468.
12. K. Bhargavan, C. Fournet, and A. D. Gordon, "Modular verification of security protocol code by typing," in POPL, 2010, pp. 445-456.
13. B. Blanchet, "An efficient cryptographic protocol verifier based on prolog rules," in CSFW, 2001, pp. 82-96.
14. -, "A computationally sound mechanized prover for security protocols," in IEEE Symposium on Security and Privacy, 2006, pp. 140-154.
15. I. Cervesato, A. D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad, "Breaking and fixing public-key Kerberos," in ASIAN, ser. LNCS, vol. 4435, 2006, pp. 167-181.
16. S. Chaki and A. Datta, "ASPIER: an automated framework for verifying security protocol implementations," CyLab, Carnegie Mellon University, Technical CMU-CyLab-08-012, 2008.
17. E. Cohen, "First-order verification of cryptographic protocols,"Journal of Computer Security, vol. 11, no. 2, pp. 189-216, 2003.
18. E. Cohen, M. Dahlweid, M. A. Hillebrand, D. Leinenbach, M. Moskal, T. Santen, W. Schulte, and S. Tobies, "VCC: A practical system for verifying concurrent C," in TPHOLs, ser. LNCS, vol. 5674, 2009, pp. 23-42.
19. E. Cohen, M. Moskal, W. Schulte, and S. Tobies, "Local verification of global invariants in concurrent programs," in CAV, ser. LNCS, vol. 6174, 2010, pp. 480-494.
20. E. Cohen and B. Schirmer, "From total store order to sequential consistency: A practical reduction theorem," in Interactive Theorem Proving, ser. LNCS, vol. 6172, 2010, pp. 403-418.
21. R. Corin and F. A. Manzano, "Efficient symbolic execution for analysing cryptographic protocol implementations," in ESSoS, ser. LNCS, vol. 6542, 2011, pp. 58-72.
22. L. Correnson, P. Cuoq, A. Puccetti, and J. Signoles, Frama-C User Manual. [Online]. Available: http://frama-c. com/download/frama-c-user-manual.pdf
23. L. M. De Moura and N. Bjørner, "Z3: An efficient SMT solver," in TACAS, ser. LNCS, vol. 4963, 2008, pp. 337-340.
24. D. Dolev and A. C.-C. Yao, "On the security of public key protocols," IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198-207, 1983.
25. F. Dupressoir, A. Gordon, and J. Jürjens, "Verifying authentication properties of C security protocol code using general verifiers," in Workshop on Analysis of Security APIs (ASA-4 - FLOC 2010), 2010, presentations only.
26. F. Dupressoir, A. Gordon, J. Jürjens, and D. Naumann, "Guiding a general-purpose C verifier to prove cryptographic protocols," Tech. Rep. MSR-TR-2011-50, 2011.
27. C. Fournet, "Cryptographic soundness for program verification by typing," 2011, unpublished draft.
28. "Crypto-verifying protocol implementations in ML," project website at http://msr-inria.inria.fr/projects/sec/fs2cv/.
29. A. D. Gordon, "Provable implementations of security protocols,"in 21th IEEE Symposium on Logic in Computer Science (LICS 2006), 2006, pp. 345-346.
30. J. Goubault-Larrecq and F. Parrennes, "Cryptographic protocol analysis on real c code," in VMCAI, ser. LNCS, vol. 3385, 2005, pp. 363-379. (Pubitemid 41231372)
31. E. Hubbers, M. Oostdijk, and E. Poll, "Implementing a formally verifiable security protocol in Java Card," in Security in Pervasive Computing, ser. LNCS, vol. 2802, 2004, pp. 213-226.
32. B. Jacobs and F. Piessens, "The VeriFast program verifier,"Katholieke Universiteit Leuven, Report CS 520, Aug. 2008.
33. A. S. A. Jeffrey and R. Ley-Wild, "Dynamic model checking of C cryptographic protocol implementations," in FCS-ARSPA, 2006.
34. J. Jürjens, "Security analysis of crypto-based java programs using automated theorem provers," in ASE, 2006, pp. 167-176.
35. X. Leroy, "Formal certification of a compiler back-end or: programming a compiler with a proof assistant," in POPL, 2006, pp. 42-54.
36. S. J. Murdoch, S. Drimer, R. J. Anderson, and M. Bond, "Chip and PIN is broken," in IEEE Symposium on Security and Privacy, 2010, pp. 433-446.
37. R. M. Needham and M. D. Schroeder, "Using encryption for authentication in large networks of computers," Commun. ACM, vol. 21, no. 12, pp. 993-999, 1978.
38. oCERT, "oCERT advisory #2008-16 multiple OpenSSL signature verification API misuse," 2009. [Online]. Available: http://www.ocert.org/ advisories/ocert-2008-016.html
39. Offspark, "Polarssl," 2008. [Online]. Available: http://polarssl.org
40. N. O'Shea, "Using Elyjah to analyse Java implementations of cryptographic protocols," in FCS-ARSPA-WITS, 2008, pp. 211-223.
41. O. Udrea, C. Lumezanu, and J. S. Foster, "Rule-based static analysis of network protocol implementations," USENIX Security Symposium, pp. 193-208, 2006.