Formal verification of side channel countermeasures using self-composition

Detalhes bibliográficos
Autor(a) principal: Almeida, José Bacelar
Data de Publicação: 2011
Outros Autores: Barbosa, Manuel, Pinto, Jorge Sousa, Vieira, Bárbara
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/1822/14219
Resumo: Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimisations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper we extend previous results supporting the practicality of self-composition proofs of non-interference and generalisations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques.
id RCAP_f2a90bc77ca0967c030999ff9d162cfe
oai_identifier_str oai:repositorium.sdum.uminho.pt:1822/14219
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str
spelling Formal verification of side channel countermeasures using self-compositionCryptographic algorithmsProgram verificationProgram equivalenceSelf-compositionSide-channel countermeasuresFormal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimisations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper we extend previous results supporting the practicality of self-composition proofs of non-interference and generalisations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques.Fundação para a Ciência e a Tecnologia (FCT)ElsevierUniversidade do MinhoAlmeida, José BacelarBarbosa, ManuelPinto, Jorge SousaVieira, Bárbara20112011-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/1822/14219eng0167-6423The original publication is available at http://www.sciencedirect.com/science/article/pii/S0167642311001857info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:26:05ZPortal AgregadorONG
dc.title.none.fl_str_mv Formal verification of side channel countermeasures using self-composition
title Formal verification of side channel countermeasures using self-composition
spellingShingle Formal verification of side channel countermeasures using self-composition
Almeida, José Bacelar
Cryptographic algorithms
Program verification
Program equivalence
Self-composition
Side-channel countermeasures
title_short Formal verification of side channel countermeasures using self-composition
title_full Formal verification of side channel countermeasures using self-composition
title_fullStr Formal verification of side channel countermeasures using self-composition
title_full_unstemmed Formal verification of side channel countermeasures using self-composition
title_sort Formal verification of side channel countermeasures using self-composition
author Almeida, José Bacelar
author_facet Almeida, José Bacelar
Barbosa, Manuel
Pinto, Jorge Sousa
Vieira, Bárbara
author_role author
author2 Barbosa, Manuel
Pinto, Jorge Sousa
Vieira, Bárbara
author2_role author
author
author
dc.contributor.none.fl_str_mv Universidade do Minho
dc.contributor.author.fl_str_mv Almeida, José Bacelar
Barbosa, Manuel
Pinto, Jorge Sousa
Vieira, Bárbara
dc.subject.por.fl_str_mv Cryptographic algorithms
Program verification
Program equivalence
Self-composition
Side-channel countermeasures
topic Cryptographic algorithms
Program verification
Program equivalence
Self-composition
Side-channel countermeasures
description Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimisations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper we extend previous results supporting the practicality of self-composition proofs of non-interference and generalisations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques.
publishDate 2011
dc.date.none.fl_str_mv 2011
2011-01-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/1822/14219
url http://hdl.handle.net/1822/14219
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 0167-6423
The original publication is available at http://www.sciencedirect.com/science/article/pii/S0167642311001857
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Elsevier
publisher.none.fl_str_mv Elsevier
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1777303756648480768

Registros relacionados