Formal verification of side channel countermeasures using self-composition
Autor(a) principal: | |
---|---|
Data de Publicação: | 2011 |
Outros Autores: | , , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/1822/14219 |
Resumo: | Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimisations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper we extend previous results supporting the practicality of self-composition proofs of non-interference and generalisations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques. |
id |
RCAP_f2a90bc77ca0967c030999ff9d162cfe |
---|---|
oai_identifier_str |
oai:repositorium.sdum.uminho.pt:1822/14219 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
|
spelling |
Formal verification of side channel countermeasures using self-compositionCryptographic algorithmsProgram verificationProgram equivalenceSelf-compositionSide-channel countermeasuresFormal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimisations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper we extend previous results supporting the practicality of self-composition proofs of non-interference and generalisations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques.Fundação para a Ciência e a Tecnologia (FCT)ElsevierUniversidade do MinhoAlmeida, José BacelarBarbosa, ManuelPinto, Jorge SousaVieira, Bárbara20112011-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/1822/14219eng0167-6423The original publication is available at http://www.sciencedirect.com/science/article/pii/S0167642311001857info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:26:05ZPortal AgregadorONG |
dc.title.none.fl_str_mv |
Formal verification of side channel countermeasures using self-composition |
title |
Formal verification of side channel countermeasures using self-composition |
spellingShingle |
Formal verification of side channel countermeasures using self-composition Almeida, José Bacelar Cryptographic algorithms Program verification Program equivalence Self-composition Side-channel countermeasures |
title_short |
Formal verification of side channel countermeasures using self-composition |
title_full |
Formal verification of side channel countermeasures using self-composition |
title_fullStr |
Formal verification of side channel countermeasures using self-composition |
title_full_unstemmed |
Formal verification of side channel countermeasures using self-composition |
title_sort |
Formal verification of side channel countermeasures using self-composition |
author |
Almeida, José Bacelar |
author_facet |
Almeida, José Bacelar Barbosa, Manuel Pinto, Jorge Sousa Vieira, Bárbara |
author_role |
author |
author2 |
Barbosa, Manuel Pinto, Jorge Sousa Vieira, Bárbara |
author2_role |
author author author |
dc.contributor.none.fl_str_mv |
Universidade do Minho |
dc.contributor.author.fl_str_mv |
Almeida, José Bacelar Barbosa, Manuel Pinto, Jorge Sousa Vieira, Bárbara |
dc.subject.por.fl_str_mv |
Cryptographic algorithms Program verification Program equivalence Self-composition Side-channel countermeasures |
topic |
Cryptographic algorithms Program verification Program equivalence Self-composition Side-channel countermeasures |
description |
Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimisations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper we extend previous results supporting the practicality of self-composition proofs of non-interference and generalisations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques. |
publishDate |
2011 |
dc.date.none.fl_str_mv |
2011 2011-01-01T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/1822/14219 |
url |
http://hdl.handle.net/1822/14219 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
0167-6423 The original publication is available at http://www.sciencedirect.com/science/article/pii/S0167642311001857 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Elsevier |
publisher.none.fl_str_mv |
Elsevier |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
|
repository.mail.fl_str_mv |
|
_version_ |
1777303756648480768 |