Certified computer-aided cryptography: Efficient provably secure machine code from high-level implementations

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2013, Pages 1217-1229

  Almeida, José Bacelar ^a   Barbosa, Manuel ^a   Barthe, Gilles ^b   Dupressoir, François ^b  

^a UNIVERSITY OF MINHO   (Portugal)

^b IMDEA SOFTWARE INSTITUTE   (Spain)

Author keywords

certified compilation; formal proof; PKCS 1; side channels

Indexed keywords

ASSEMBLY IMPLEMENTATION; CERTIFIED COMPILATION; CRYPTOGRAPHIC IMPLEMENTATION; CRYPTOGRAPHIC SOFTWARE; FORMAL PROOFS; PKCS#1; RELATIONAL PROPERTIES; SIDE-CHANNELS;

C (PROGRAMMING LANGUAGE); CRYPTOGRAPHY; PROGRAM COMPILERS;

SECURITY OF DATA;

EID: 84889046183     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2508859.2516652     Document Type: Conference Paper

References (34)

1. Reynald Affeldt, David Nowak, and Kiyoshi Yamada. Certifying assembly with formal security proofs: The case of BBS. Sci. Comput. Program., 77(10-11):1058-1074, 2012.
2. Johan Agat. Transforming out timing leaks. In Proceedings of POPL'00, pages 40-53, 2000.
3. Johan Agat and David Sands. On con dentiality and algorithms. In IEEE Symposium on Security and Privacy, pages 64-77. IEEE Computer Society, 2001.
4. Mihhail Aizatulin, Andrew D. Gordon, and Jan Jürjens. Computational verification of C protocol implementations by symbolic execution. In ACM Conference on Computer and Communications Security, pages 712-723. ACM, 2012.
5. José Bacelar Almeida, Manuel Barbosa, Jorge Sousa Pinto, and Bárbara Vieira. Deductive verification of cryptographic software. Innovations in Systems and Software Engineering, 6(3):203-218, 2010.
6. Joël Alwen, Yevgeniy Dodis, and Daniel Wichs. Survey: Leakage resilience and the bounded retrieval model. In Kaoru Kurosawa, editor, ICITS, volume 5973 of Lecture Notes in Computer Science, pages 1-18. Springer, 2009.
7. Andrew W. Appel. Verified software toolchain - (invited talk). In ESOP'11, volume 6602 of Lecture Notes in Computer Science, pages 1-17. Springer, 2011.
8. Manuel Barbosa, editor. Deliverable 5.4: Certified shared library core. Computer Aided Cryptography Engineering (CACE FP7 EU Project), 2011. http://www.cace-project.eu.
9. Gilles Barthe, Benjamin Grégoire, Sylvain Heraud, and Santiago Zanella-Béguelin. Computer-aided security proofs for the working cryptographer. In Advances in Cryptology - CRYPTO 2011, volume 6841 of Lecture Notes in Computer Science, pages 71-90, Heidelberg, 2011. Springer.
10. Gilles Barthe, Benjamin Grégoire, Yassine Lakhnech, and Santiago Zanella-Béguelin. Beyond provable security. Verifiable IND-CCA security of OAEP. In Topics in Cryptology - CT-RSA 2011, volume 6558 of Lecture Notes in Computer Science, pages 180-196, Heidelberg, 2011. Springer.
11. Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. The security impact of a new cryptographic library. In Alejandro Hevia and Gregory Neven, editors, Progress in Cryptology - LATINCRYPT 2012, volume 7533 of Lecture Notes in Computer Science, pages 159-176. Springer Berlin Heidelberg, 2012.
12. Yves Bertot, Nicolas Magaud, and Paul Zimmermann. A proof of GMP square root. Journal of Automated Reasoning, 29(3-4):225-252, 2002.
13. Bruno Blanchet. Security protocol verification: Symbolic and computational models. In Pierpaolo Degano and Joshua D. Guttman, editors, Principles of Security and Trust - First International Conference, POST 2012, volume 7215 of Lecture Notes in Computer Science, pages 3-29. Springer, 2012.
14. Sylvie Boldo, Jacques-Henri Jourdan, Xavier Leroy, and Guillaume Melquiond. A formally-verified C compiler supporting floating-point arithmetic. In Arith - 21st IEEE Symposium on Computer Arithmetic, pages 107-115. IEEE, 2013.
15. Billy Bob Brumley, Manuel Barbosa, Dan Page, and Frederik Vercauteren. Practical realisation and elimination of an ECC-related software bug attack. In Orr Dunkelman, editor, CT-RSA, volume 7178 of Lecture Notes in Computer Science, pages 171-186. Springer, 2012.
16. David Cadé and Bruno Blanchet. Proved generation of implementations from computationally secure protocol specifications. In POST, volume 7796 of Lecture Notes in Computer Science, pages 63-82. Springer, 2013.
17. Jean Paul Degabriele, Kenneth Paterson, and Gaven Watson. Provable security in the real world. Security Privacy, IEEE, 9(3):33-41, may-june 2011.
18. François Dupressoir. Proving Cryptographic C Programs Secure with General-Purpose Verification Tools. PhD thesis, Open University, 2013.
19. Stefan Dziembowski and Krzysztof Pietrzak. Leakage-resilient cryptography. In 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, pages 293-302, Washington, 2008. IEEE Computer Society.
20. Cédric Fournet, Markulf Kohlweiss, and Pierre-Yves Strub. Modular code-based cryptographic verification. In ACM Conference on Computer and Communications Security, pages 341-350. ACM, 2011.
21. Eiichiro Fujisaki, Tatsuaki Okamoto, David Pointcheval, and Jacques Stern. RSA-OAEP is secure under the RSA assumption. In Advances in Cryptology - CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 260-274. Springer, 2001.
22. Shafi Goldwasser and Silvio Micali. Probabilistic encryption. J. Comput. Syst. Sci., 28(2):270-299, 1984.
23. Boris Köpf, Laurent Mauborgne, and Martín Ochoa. Automatic quantification of cache side-channels. In Proc. 24th International Conference on Computer Aided Verification (CAV '12), pages 564-580. Springer, 2012.
24. Ralf Küsters, Tomasz Truderung, and Juergen Graf. A framework for the cryptographic verification of Java-like programs. In CSF, pages 198-212. IEEE, 2012.
25. Xavier Leroy. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, pages 42-54, New York, 2006. ACM.
26. Xavier Leroy, editor. The CompCert C verified compiler: Documentation and user's manual. INRIA Paris-Rocquencourt, 2013.
27. James Manger. A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS#1 v2.0. In Advances in Cryptology - CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 230-238, Heidelberg, 2001. Springer.
28. David Molnar, Matt Piotrowski, David Schultz, and David Wagner. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In ICISC, volume 3935 of Lecture Notes in Computer Science, pages 156-168. Springer, 2005.
29. Lee Pike, Mark Shields, and John Matthews. A verifying core for a cryptographic language compiler. In ACL2, pages 1-10. ACM, 2006.
30. Phillip Rogaway. Practice-oriented provable security and the social construction of cryptography. Unpublished essay, 2009.
31. Sabine (formerly Fischer) Schmaltz. Formal verification of a big integer library including division. Master's thesis, Saarland University, 2007.
32. Eric Whitman Smith and David L. Dill. Automatic formal verification of block cipher implementations. In FMCAD, pages 1-7. IEEE, 2008.
33. Falko Strenzke. Manger's attack revisited. In Miguel Soriano, Sihan Qing, and Javier López, editors, Information and Communications Security, volume 6476 of Lecture Notes in Computer Science, pages 31-45. Springer Berlin Heidelberg, 2010.
34. Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. Language-based control and mitigation of timing channels. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '12), pages 99-110. ACM, 2012.