CAOVerif: an open-source deductive verification platform for cryptographic software implementations
Autor(a) principal: | |
---|---|
Data de Publicação: | 2014 |
Outros Autores: | , , , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | https://hdl.handle.net/1822/31023 |
Resumo: | CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified. |
id |
RCAP_aeb9af7a3783e962d1005e0aa674a68a |
---|---|
oai_identifier_str |
oai:repositorium.sdum.uminho.pt:1822/31023 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
CAOVerif: an open-source deductive verification platform for cryptographic software implementationsFormal verificationProgram verificationCryptographic softwareDeductive verificationEngenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaCiências Naturais::Ciências da Computação e da InformaçãoScience & TechnologyCAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.This work was supported by Project Best Case, co-financed by the North Portugal Regional Operational Programme (ON.2 – O Novo Norte), under the National Strategic Reference Framework (NSRF), through the European Regional Development Fund (ERDF).ElsevierUniversidade do MinhoAlmeida, José BacelarBarbosa, ManuelFilliâtre, Jean-ChristophePinto, Jorge SousaVieira, Bárbara Isabel Sousa20142014-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://hdl.handle.net/1822/31023engAlmeida, J. B., Barbosa, M., Filliâtre, J. C., Pinto, J. S., & Vieira, B. (2014). CAOVerif: An open-source deductive verification platform for cryptographic software implementations. Science of Computer Programming, 91(PART B), 216-233.0167-642310.1016/j.scico.2012.09.019The original publication is available at www.sciencedirect.cominfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:23:35Zoai:repositorium.sdum.uminho.pt:1822/31023Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T19:17:22.799452Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations |
title |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations |
spellingShingle |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations Almeida, José Bacelar Formal verification Program verification Cryptographic software Deductive verification Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática Ciências Naturais::Ciências da Computação e da Informação Science & Technology |
title_short |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations |
title_full |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations |
title_fullStr |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations |
title_full_unstemmed |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations |
title_sort |
CAOVerif: an open-source deductive verification platform for cryptographic software implementations |
author |
Almeida, José Bacelar |
author_facet |
Almeida, José Bacelar Barbosa, Manuel Filliâtre, Jean-Christophe Pinto, Jorge Sousa Vieira, Bárbara Isabel Sousa |
author_role |
author |
author2 |
Barbosa, Manuel Filliâtre, Jean-Christophe Pinto, Jorge Sousa Vieira, Bárbara Isabel Sousa |
author2_role |
author author author author |
dc.contributor.none.fl_str_mv |
Universidade do Minho |
dc.contributor.author.fl_str_mv |
Almeida, José Bacelar Barbosa, Manuel Filliâtre, Jean-Christophe Pinto, Jorge Sousa Vieira, Bárbara Isabel Sousa |
dc.subject.por.fl_str_mv |
Formal verification Program verification Cryptographic software Deductive verification Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática Ciências Naturais::Ciências da Computação e da Informação Science & Technology |
topic |
Formal verification Program verification Cryptographic software Deductive verification Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática Ciências Naturais::Ciências da Computação e da Informação Science & Technology |
description |
CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified. |
publishDate |
2014 |
dc.date.none.fl_str_mv |
2014 2014-01-01T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://hdl.handle.net/1822/31023 |
url |
https://hdl.handle.net/1822/31023 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
Almeida, J. B., Barbosa, M., Filliâtre, J. C., Pinto, J. S., & Vieira, B. (2014). CAOVerif: An open-source deductive verification platform for cryptographic software implementations. Science of Computer Programming, 91(PART B), 216-233. 0167-6423 10.1016/j.scico.2012.09.019 The original publication is available at www.sciencedirect.com |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Elsevier |
publisher.none.fl_str_mv |
Elsevier |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799132625296687104 |