Formal verification of side-channel countermeasures using self-composition
Autor(a) principal: | |
---|---|
Data de Publicação: | 2013 |
Outros Autores: | , , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/1822/26363 |
Resumo: | Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimizations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper, we extend previous results supporting the practicality of self-composition proofs of non-interference and generalizations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques. |
id |
RCAP_40c17f3abf179c322c572446cd8e0a56 |
---|---|
oai_identifier_str |
oai:repositorium.sdum.uminho.pt:1822/26363 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
|
spelling |
Formal verification of side-channel countermeasures using self-compositionCryptographic algorithmsProgram verificationProgram equivalenceSelf-compositionSide-channel countermeasuresScience & TechnologyFormal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimizations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper, we extend previous results supporting the practicality of self-composition proofs of non-interference and generalizations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques.This work was partially supported by project SMART, funded by ENIAC joint Undertaking (GA 120224).ElsevierUniversidade do MinhoAlmeida, José BacelarBarbosa, ManuelPinto, Jorge SousaVieira, Bárbara20132013-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/1822/26363engJosé Bacelar Almeida, Manuel Barbosa, Jorge Sousa Pinto, Bárbara Vieira: Formal verification of side-channel countermeasures using self-composition. Sci. Comput. Program. 78(7): 796-812 (2013)0167-642310.1016/j.scico.2011.10.008The original publication is available at http://www.sciencedirect.com/info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:28:29ZPortal AgregadorONG |
dc.title.none.fl_str_mv |
Formal verification of side-channel countermeasures using self-composition |
title |
Formal verification of side-channel countermeasures using self-composition |
spellingShingle |
Formal verification of side-channel countermeasures using self-composition Almeida, José Bacelar Cryptographic algorithms Program verification Program equivalence Self-composition Side-channel countermeasures Science & Technology |
title_short |
Formal verification of side-channel countermeasures using self-composition |
title_full |
Formal verification of side-channel countermeasures using self-composition |
title_fullStr |
Formal verification of side-channel countermeasures using self-composition |
title_full_unstemmed |
Formal verification of side-channel countermeasures using self-composition |
title_sort |
Formal verification of side-channel countermeasures using self-composition |
author |
Almeida, José Bacelar |
author_facet |
Almeida, José Bacelar Barbosa, Manuel Pinto, Jorge Sousa Vieira, Bárbara |
author_role |
author |
author2 |
Barbosa, Manuel Pinto, Jorge Sousa Vieira, Bárbara |
author2_role |
author author author |
dc.contributor.none.fl_str_mv |
Universidade do Minho |
dc.contributor.author.fl_str_mv |
Almeida, José Bacelar Barbosa, Manuel Pinto, Jorge Sousa Vieira, Bárbara |
dc.subject.por.fl_str_mv |
Cryptographic algorithms Program verification Program equivalence Self-composition Side-channel countermeasures Science & Technology |
topic |
Cryptographic algorithms Program verification Program equivalence Self-composition Side-channel countermeasures Science & Technology |
description |
Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimizations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper, we extend previous results supporting the practicality of self-composition proofs of non-interference and generalizations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques. |
publishDate |
2013 |
dc.date.none.fl_str_mv |
2013 2013-01-01T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/1822/26363 |
url |
http://hdl.handle.net/1822/26363 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
José Bacelar Almeida, Manuel Barbosa, Jorge Sousa Pinto, Bárbara Vieira: Formal verification of side-channel countermeasures using self-composition. Sci. Comput. Program. 78(7): 796-812 (2013) 0167-6423 10.1016/j.scico.2011.10.008 The original publication is available at http://www.sciencedirect.com/ |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Elsevier |
publisher.none.fl_str_mv |
Elsevier |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
|
repository.mail.fl_str_mv |
|
_version_ |
1777303766702227456 |