CAOVerif: An open-source deductive verification platform for cryptographic software implementations

José Bacelar Almeida; Manuel Barbosa; Jean Christophe Filliâtre; Jorge Sousa Pinto; Bárbara Vieira

doi:10.1016/j.scico.2012.09.019

CAOVerif: An open-source deductive verification platform for cryptographic software implementations

José Bacelar Almeida
, Manuel Barbosa
, Jean Christophe Filliâtre
, Jorge Sousa Pinto
, Bárbara Vieira

Research output: Contribution to journal › Article › peer-review

Abstract

CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

Original language	English
Pages (from-to)	216-233
Number of pages	18
Journal	Science of Computer Programming
Volume	91
Issue number	PART B
DOIs	https://doi.org/10.1016/j.scico.2012.09.019
Publication status	Published - 1 Oct 2014
Externally published	Yes

Keywords

Cryptographic software
Deductive verification
Formal verification
Program verification

Access to Document

10.1016/j.scico.2012.09.019

Cite this

@article{5e0907d5d9ed44d6949a1c4e62f185cf,

title = "CAOVerif: An open-source deductive verification platform for cryptographic software implementations",

abstract = "CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.",

keywords = "Cryptographic software, Deductive verification, Formal verification, Program verification",

author = "Almeida, \{Jos{\'e} Bacelar\} and Manuel Barbosa and Filli{\^a}tre, \{Jean Christophe\} and Pinto, \{Jorge Sousa\} and B{\'a}rbara Vieira",

year = "2014",

month = oct,

day = "1",

doi = "10.1016/j.scico.2012.09.019",

language = "English",

volume = "91",

pages = "216--233",

journal = "Science of Computer Programming",

issn = "0167-6423",

number = "PART B",

}

TY - JOUR

T1 - CAOVerif

T2 - An open-source deductive verification platform for cryptographic software implementations

AU - Almeida, José Bacelar

AU - Barbosa, Manuel

AU - Filliâtre, Jean Christophe

AU - Pinto, Jorge Sousa

AU - Vieira, Bárbara

PY - 2014/10/1

Y1 - 2014/10/1

N2 - CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

AB - CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

KW - Cryptographic software

KW - Deductive verification

KW - Formal verification

KW - Program verification

UR - https://www.scopus.com/pages/publications/84901798566

U2 - 10.1016/j.scico.2012.09.019

DO - 10.1016/j.scico.2012.09.019

M3 - Article

AN - SCOPUS:84901798566

SN - 0167-6423

VL - 91

SP - 216

EP - 233

JO - Science of Computer Programming

JF - Science of Computer Programming

IS - PART B

ER -

CAOVerif: An open-source deductive verification platform for cryptographic software implementations

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this