Extracting and verifying cryptographic models from C protocol code by symbolic execution

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2011, Pages 331-340

  Aizatulin, Mihhail ^a   Gordon, Andrew D ^b   Jan, Jürjens ^c  

^a Open University   (United States)

^b MICROSOFT RESEARCH   (United States)

^c TU DORTMUND UNIVERSITY   (Germany)

Author keywords

Security; Verification

Indexed keywords

C CODES; C PROGRAMS; COMPUTATIONAL SOUNDNESS; CRYPTOGRAPHIC PROTOCOLS; EXECUTION PATHS; MANUAL ANNOTATION; NETWORK MESSAGES; PROCESS CALCULI; PROTOCOL DESCRIPTION; SECURITY; SECURITY PROPERTIES; SOUND VERIFICATION; SOURCE CODES; SYMBOLIC DESCRIPTION; SYMBOLIC EXECUTION;

CRYPTOGRAPHY; SECURITY OF DATA;

C (PROGRAMMING LANGUAGE);

EID: 80755187803     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2046707.2046745     Document Type: Conference Paper

References (30)

1. M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In ACM POPL, pages 104-115, 2001.
2. M. Aizatulin, A. D. Gordon, and J. Jürjens. Extracting and verifying cryptographic models from C protocol code by symbolic execution (long version). Available at http://arxiv.org/abs/1107.1017, 2011.
3. J. B. Almeida, M. Barbosa, J. S. Pinto, and B. Vieira. Deductive verification of cryptographic software. In NASA Formal Methods Symposium 2009, 2009.
4. A. Armando, D. A. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cúellar, P. H. Drielsma, P.-C. Héam, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron. The AVISPA tool for the automated validation of internet security protocols and applications. In CAV, volume 3576 of Lecture Notes in Computer Science, pages 281-285. Springer, 2005. (Pubitemid 41431740)
5. M. Backes, D. Hofheinz, and D. Unruh. CoSP: A general framework for computational soundness proofs. In ACM CCS 2009, pages 66-78, November 2009. Preprint on IACR ePrint 2009/080.
6. J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. In CSF'08: Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium, pages 17-32. IEEE Computer Society, 2008.
7. B. Blanchet. A computationally sound mechanized prover for security protocols. In IEEE Symposium on Security and Privacy, pages 140-154. IEEE Computer Society, 2006. (Pubitemid 44753719)
8. B. Blanchet. Automatic verification of correspondences for security protocols. Journal of Computer Security, 17(4):363-434, 2009.
9. B. Blanchet, M. Abadi, and C. Fournet. Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming, 75(1):3-51, Feb.-Mar. 2008. (Pubitemid 351172997)
10. M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput., 13(4):850-864, 1984. (Pubitemid 15510668)
11. J. Burnim and K. Sen. Heuristics for scalable dynamic test generation. In ASE '08: Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering, pages 443-446. IEEE Computer Society, 2008.
12. C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In USENIX Symposium on Operating Systems Design and Implementation (OSDI 2008), San Diego, CA, Dec. 2008.
13. S. Chaki and A. Datta. ASPIER: An automated framework for verifying security protocol implementations. In Computer Security Foundations Workshop, pages 172-185, 2009.
14. R. Corin and F. A. Manzano. Efficient symbolic execution for analysing cryptographic protocol implementations. In International Symposium on Engineering Secure Software and Systems (ESSOS'11), LNCS. Springer, 2011.
15. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the Fourth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 238-252, Los Angeles, California, 1977. ACM Press, New York, NY.
16. D. Dolev and A. Yao. On the Security of Public-Key Protocols. IEEE Transactions on Information Theory, 29(2):198-208, 1983.
17. B. Dutertre and L. D. Moura. The Yices SMT Solver. Technical report, 2006.
18. P. Godefroid, M. Y. Levin, and D. A. Molnar. Automated whitebox fuzz testing. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008. The Internet Society, 2008.
19. S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270-299, 1984.
20. J. Goubault-Larrecq and F. Parrennes. Cryptographic protocol analysis on real C code. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05), volume 3385 of Lecture Notes in Computer Science, pages 363-379. Springer, 2005. (Pubitemid 41231372)
21. J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385-394, 1976.
22. R. Küsters and T. Truderung. Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF 2009), pages 157-171. IEEE Computer Society, 2009.
23. R. Küsters and T. Truderung. Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach. Journal of Automated Reasoning, 46(3):325-352, 2011.
24. G. Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Inf. Process. Lett., 56:131-133, November 1995.
25. G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In Proceedings of the 11th International Conference on Compiler Construction, CC '02, pages 213-228, London, UK, 2002. Springer-Verlag.
26. Project EVA. Security protocols open repository, 2007. http://www.lsv.ens-cachan.fr/spore/.
27. A. Rial and G. Danezis. Privacy-friendly smart metering. Technical Report MSR-TR-2010-150, 2010.
28. N. Swamy, J. Chen, C. Fournet, K. Bharagavan, and J. Yang. Security programming with refinement types and mobile proofs. Technical Report MSR-TR-2010-149, 2010.
29. D. Unruh. The impossibility of computationally sound XOR, July 2010. Preprint on IACR ePrint 2010/389.
30. A. C. Yao. Theory and application of trapdoor functions. In SFCS '82: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pages 80-91. IEEE Computer Society, 1982.