A deductive verification platform for cryptographic software

M. Barbosa; J. Pinto; J. C. Filliâtre; B. Vieira

doi:10.14279/tuj.eceasst.33.461.449

A deductive verification platform for cryptographic software

M. Barbosa
, J. Pinto
, J. C. Filliâtre
, B. Vieira

Research output: Contribution to journal › Article › peer-review

Abstract

In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama- C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

Original language	English
Journal	Electronic Communications of the EASST
Volume	33
DOIs	https://doi.org/10.14279/tuj.eceasst.33.461.449
Publication status	Published - 1 Jan 2010
Externally published	Yes

Keywords

Cryptography
Formal program verification

Access to Document

10.14279/tuj.eceasst.33.461.449

Cite this

@article{a6c2b58a25ef4573ad0c121af5c78b4f,

title = "A deductive verification platform for cryptographic software",

abstract = "In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama- C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.",

keywords = "Cryptography, Formal program verification",

author = "M. Barbosa and J. Pinto and Filli{\^a}tre, \{J. C.\} and B. Vieira",

note = "Publisher Copyright: {\textcopyright} 2010, Universitatsbibliothek TU Berlin.",

year = "2010",

month = jan,

day = "1",

doi = "10.14279/tuj.eceasst.33.461.449",

language = "English",

volume = "33",

journal = "Electronic Communications of the EASST",

issn = "1863-2122",

}

TY - JOUR

T1 - A deductive verification platform for cryptographic software

AU - Barbosa, M.

AU - Pinto, J.

AU - Filliâtre, J. C.

AU - Vieira, B.

PY - 2010/1/1

Y1 - 2010/1/1

N2 - In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama- C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

AB - In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama- C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

KW - Cryptography

KW - Formal program verification

UR - https://www.scopus.com/pages/publications/84901808334

U2 - 10.14279/tuj.eceasst.33.461.449

DO - 10.14279/tuj.eceasst.33.461.449

M3 - Article

AN - SCOPUS:84901808334

SN - 1863-2122

VL - 33

JO - Electronic Communications of the EASST

JF - Electronic Communications of the EASST

ER -

A deductive verification platform for cryptographic software

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this