CAOVerif: an open-source deductive verification platform for cryptographic software implementations

Detalhes bibliográficos
Autor(a) principal: Almeida, José Bacelar
Data de Publicação: 2014
Outros Autores: Barbosa, Manuel, Filliâtre, Jean-Christophe, Pinto, Jorge Sousa, Vieira, Bárbara Isabel Sousa
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: https://hdl.handle.net/1822/31023
Resumo: CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
id RCAP_aeb9af7a3783e962d1005e0aa674a68a
oai_identifier_str oai:repositorium.sdum.uminho.pt:1822/31023
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling CAOVerif: an open-source deductive verification platform for cryptographic software implementationsFormal verificationProgram verificationCryptographic softwareDeductive verificationEngenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaCiências Naturais::Ciências da Computação e da InformaçãoScience & TechnologyCAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.This work was supported by Project Best Case, co-financed by the North Portugal Regional Operational Programme (ON.2 – O Novo Norte), under the National Strategic Reference Framework (NSRF), through the European Regional Development Fund (ERDF).ElsevierUniversidade do MinhoAlmeida, José BacelarBarbosa, ManuelFilliâtre, Jean-ChristophePinto, Jorge SousaVieira, Bárbara Isabel Sousa20142014-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://hdl.handle.net/1822/31023engAlmeida, J. B., Barbosa, M., Filliâtre, J. C., Pinto, J. S., & Vieira, B. (2014). CAOVerif: An open-source deductive verification platform for cryptographic software implementations. Science of Computer Programming, 91(PART B), 216-233.0167-642310.1016/j.scico.2012.09.019The original publication is available at www.sciencedirect.cominfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:23:35Zoai:repositorium.sdum.uminho.pt:1822/31023Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T19:17:22.799452Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv CAOVerif: an open-source deductive verification platform for cryptographic software implementations
title CAOVerif: an open-source deductive verification platform for cryptographic software implementations
spellingShingle CAOVerif: an open-source deductive verification platform for cryptographic software implementations
Almeida, José Bacelar
Formal verification
Program verification
Cryptographic software
Deductive verification
Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
Ciências Naturais::Ciências da Computação e da Informação
Science & Technology
title_short CAOVerif: an open-source deductive verification platform for cryptographic software implementations
title_full CAOVerif: an open-source deductive verification platform for cryptographic software implementations
title_fullStr CAOVerif: an open-source deductive verification platform for cryptographic software implementations
title_full_unstemmed CAOVerif: an open-source deductive verification platform for cryptographic software implementations
title_sort CAOVerif: an open-source deductive verification platform for cryptographic software implementations
author Almeida, José Bacelar
author_facet Almeida, José Bacelar
Barbosa, Manuel
Filliâtre, Jean-Christophe
Pinto, Jorge Sousa
Vieira, Bárbara Isabel Sousa
author_role author
author2 Barbosa, Manuel
Filliâtre, Jean-Christophe
Pinto, Jorge Sousa
Vieira, Bárbara Isabel Sousa
author2_role author
author
author
author
dc.contributor.none.fl_str_mv Universidade do Minho
dc.contributor.author.fl_str_mv Almeida, José Bacelar
Barbosa, Manuel
Filliâtre, Jean-Christophe
Pinto, Jorge Sousa
Vieira, Bárbara Isabel Sousa
dc.subject.por.fl_str_mv Formal verification
Program verification
Cryptographic software
Deductive verification
Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
Ciências Naturais::Ciências da Computação e da Informação
Science & Technology
topic Formal verification
Program verification
Cryptographic software
Deductive verification
Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
Ciências Naturais::Ciências da Computação e da Informação
Science & Technology
description CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
publishDate 2014
dc.date.none.fl_str_mv 2014
2014-01-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/1822/31023
url https://hdl.handle.net/1822/31023
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Almeida, J. B., Barbosa, M., Filliâtre, J. C., Pinto, J. S., & Vieira, B. (2014). CAOVerif: An open-source deductive verification platform for cryptographic software implementations. Science of Computer Programming, 91(PART B), 216-233.
0167-6423
10.1016/j.scico.2012.09.019
The original publication is available at www.sciencedirect.com
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Elsevier
publisher.none.fl_str_mv Elsevier
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799132625296687104

Registros relacionados