A framework for the cryptographic verification of java-like programs

Proceedings of the Computer Security Foundations Workshop

Volumn , Issue , 2012, Pages 198-212

  Küsters, Ralf ^a   Truderung, Tomasz ^a   Graf, Jürgen ^b  

^a UNIVERSITY OF TRIER   (Germany)

^b KARLSRUHE INSTITUTE OF TECHNOLOGY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ACTIVE ADVERSARY; AUTOMATIC PROGRAMS; CRYPTOGRAPHIC SECURITY; ENCRYPTED MESSAGES; INDISTINGUISHABILITY; JAVA PROGRAM; JAVA-LIKE PROGRAMS; NON INTERFERENCE; PROGRAM ANALYSIS; PROOF OF CONCEPT; SIMULATION-BASED SECURITY;

COMPUTER AIDED SOFTWARE ENGINEERING; COMPUTER SOFTWARE; CRYPTOGRAPHY; SECURITY OF DATA; SECURITY SYSTEMS;

JAVA PROGRAMMING LANGUAGE;

EID: 84866939599     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2012.9     Document Type: Conference Paper

References (35)

1. Wolfgang Ahrendt, Thomas Baar, Bernhard Beckert, Richard Bubel, Martin Giese, Reiner Hähnle, Wolfram Menzel, Wojciech Mostowski, Andreas Roth, Steffen Schlager, and Peter H. Schmitt. The KeY tool. Software and System Modeling, 4:32-54, 2005.
2. Mihhail Aizatulin, Andrew D. Gordon, and Jan Jürjens. Extracting and verifying cryptographic models from C protocol code by symbolic execution. In Yan Chen, George Danezis, and Vitaly Shmatikov, editors, Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pages 331-340. ACM, 2011.
3. Mauricio Alba-Castro, María Alpuente, and Santiago Escobar. Abstract Certification of Global Non-interference in Rewriting Logic. In Frank S. de Boer, Marcello M. Bonsangue, Stefan Hallerstede, and Michael Leuschel, editors, Formal Methods for Components and Objects - 8th International Symposium (FMCO 2009). Revised Selected Papers, volume 6286 of Lecture Notes in Computer Science, pages 105-124. Springer, 2009.
4. Matteo Avalle, Alfredo Pironti, Riccardo Sisto, and Davide Pozza. The JavaSPI framework for security protocol implementation. In Availability, Reliability and Security (ARES 11), page 746-751. IEEE Computer Society, IEEE Computer Society, 2011.
5. Michael Backes, Matteo Maffei, and Dominique Unruh. Computationally sound verification of source code. In Ehab Al-Shaer, Angelos D. Keromytis, and Vitaly Shmatikov, editors, Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pages 387-398. ACM, 2010.
6. K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse. Verified Interoperable Implementations of Security Protocols. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW-19 2006), pages 139-152. IEEE Computer Society, 2006.
7. Karthikeyan Bhargavan, Cédric Fournet, Ricardo Corin, and Eugen Zalinescu. Cryptographically verified implementations for TLS. In Peng Ning, Paul F. Syverson, and Somesh Jha, editors, Proceedings of the 2008 ACM Conference on Computer and Communications Security (CCS 2008), pages 459-468. ACM, 2008.
8. Karthikeyan Bhargavan, Cédric Fournet, and Andrew D. Gordon. Modular verification of security protocol code by typing. In Manuel V. Hermenegildo and Jens Palsberg, editors, Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2010), pages 445-456. ACM, 2010.
9. B. Blanchet. A Computationally Sound Mechanized Prover for Security Protocols. In IEEE Symposium on Security and Privacy (S& P 2006), pages 140-154. IEEE Computer Society, 2006.
10. R. Canetti. Universally Composable Security: A New Paradigm for Cryptographic Protocols. Technical Report 2000/067, Cryptology ePrint Archive, December 2005. http: //eprint.iacr.org/2000/067.
11. S. Chaki and A. Datta. ASPIER: An automated framework for verifying security protocol implementations. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF 2009), pages 172-185. IEEE Computer Society, 2009.
12. David Clark and Sebastian Hunt. Non-Interference for Deterministic Interactive Programs. In Pierpaolo Degano, Joshua D. Guttman, and Fabio Martinelli, editors, Formal Aspects in Security and Trust, 5th International Workshop, FAST 2008, Revised Selected Papers, volume 5491 of Lecture Notes in Computer Science, pages 50-66. Springer, 2008.
13. Hubert Comon-Lundh and Véronique Cortier. How to prove security of communication protocols? A discussion on the soundness of formal models w.r.t. computational ones. In Thomas Schwentick and Christoph Dürr, editors, Proceedings of the 28th International Symposium on Theoretical Aspects of Computer Science (STACS 2011), volume 9 of LIPIcs, pages 29-44. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2011.
14. Cédric Fournet, Markulf Kohlweiss, and Pierre-Yves Strub. Modular code-based cryptographic verification. In Yan Chen, George Danezis, and Vitaly Shmatikov, editors, Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pages 341-350. ACM, 2011.
15. Cédric Fournet, Jérémy Planul, and Tamara Rezk. Information-flow types for homomorphic encryptions. In Yan Chen, George Danezis, and Vitaly Shmatikov, editors, Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pages 351-360. ACM, 2011.
16. J. Goguen and J. Meseguer. Interference Control and Unwinding. In Proc. Symposium on Security and Privacy, pages 75-86. IEEE, 1984.
17. Joseph A. Goguen and José Meseguer. Security Policies and Security Models. In Proceedings of IEEE Symposium on Security and Privacy, pages 11-20, 1982.
18. J. Goubault-Larrecq and F. Parrennes. Cryptographic protocol analysis on real C code. In Verification, Model Checking, and Abstract Interpretation, 6th International Conference, VMCAI 2005, volume 5, pages 363-379. Springer, 2005.
19. Christian Hammer and Gregor Snelting. Flow-Sensitive, Context-Sensitive, and Object-sensitive Information Flow Control Based on Program Dependence Graphs. International Journal of Information Security, 8(6):399-422, December 2009.
20. Dennis Hofheinz, Dominique Unruh, and Jörn Müller-Quade. Polynomial Runtime and Composability. Technical Report 2009/023, Cryptology ePrint Archive, 2009. Available at http: //eprint.iacr.org/2009/023.
21. Jan Jürjens. Security Analysis of Crypto-based Java Programs using Automated Theorem Provers. In 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006), pages 167-176. IEEE Computer Society, 2006.
22. Gerwin Klein and Tobias Nipkow. A Machine-Checked Model for a Java-Like Language, Virtual Machine, and Compiler. ACM Trans. Program. Lang. Syst., 28(4):619-695, 2006.
23. R. Küsters. Simulation-Based Security with Inexhaustible Interactive Turing Machines. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW-19 2006), pages 309-320. IEEE Computer Society, 2006.
24. Ralf Küsters, Tomasz Truderung, and Jürgen Graf. A Framework for the Cryptographic Verification of Java-like Programs. Cryptology ePrint Archive, Report 2012/153, 2012. http://eprint.iacr.org/2012/153.
25. Ralf Küsters and Max Tuengerthal. Joint State Theorems for Public-Key Encryption and Digitial Signature Functionalities with Local Computation. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), pages 270-284. IEEE Computer Society, 2008.
26. Peeter Laud. Semantics and Program Analysis of Computationally Secure Information Flow. In David Sands, editor, Programming Languages and Systems, 10th European Symposium on Programming, ESOP 2001, volume 2028 of Lecture Notes in Computer Science, pages 77-91. Springer, 2001.
27. A.C. Myers. JFlow: Practical mostly-static information flow control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 228-241. ACM, 1999.
28. Andrew C. Myers, Stephen Chong, Nathaniel Nystrom, Lantien Zheng, and Steve Zdancewic. Jif: Java Information Flow (software release), July 2001. http://www.cs.cornell. edu/jif/.
29. Kevin R. O'Neill, Michael R. Clarkson, and Stephen Chong. Information-Flow Security for Interactive Programs. In 19th IEEE Computer Security Foundations Workshop (CSFW-19 2006), pages 190-201. IEEE Computer Society, 2006.
30. Nicholas O'Shea. Using Elyjah to Analyse Java Implementations of Cryptographic Protocols. In Joint Workshop on Foundations of Computer Security, Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (FCS-ARSPA-WITS-2008), 2008.
31. B. Pfitzmann and M. Waidner. A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In IEEE Symposium on Security and Privacy, pages 184-201. IEEE Computer Society Press, 2001.
32. Andrei Sabelfeld and Andrew C. Myers. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, special issue on Formal Methods for Security, 21(1):5-19, 2003.
33. Daniel Wasserrab. From Formal Semantics to Verified Slicing - A Modular Framework with Applications in Language Based Security. PhD thesis, Karlsruher Institut für Technologie, Fakultät für Informatik, October 2010.
34. Daniel Wasserrab and Denis Lohner. Proving Information Flow Noninterference by Reusing a Machine-Checked Correctness Proof for Slicing. In 6th International Verification Workshop - VERIFY-2010, July 2010.
35. Daniel Wasserrab, Denis Lohner, and Gregor Snelting. On PDG-Based Noninterference and its Modular Proof. In Proceedings of the 4th Workshop on Programming Languages and Analysis for Security, pages 31-44. ACM, June 2009.