A deductive verification platform for cryptographic software

Detalhes bibliográficos
Autor(a) principal: Barbosa, Manuel
Data de Publicação: 2010
Outros Autores: Pinto, Jorge Sousa, Filliâtre, Jean-Christophe, Vieira, Bárbara Isabel Sousa
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/1822/13490
Resumo: In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama-C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
id RCAP_ce7510b60276c75f30035a315a648a90
oai_identifier_str oai:repositorium.sdum.uminho.pt:1822/13490
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A deductive verification platform for cryptographic softwareFormal program verificationCryptographyIn this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama-C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.(undefined)European Association of Software Science and Technology (EASST)Universidade do MinhoBarbosa, ManuelPinto, Jorge SousaFilliâtre, Jean-ChristopheVieira, Bárbara Isabel Sousa20102010-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/1822/13490eng1863-212210.14279/tuj.eceasst.33.461.449http://journal.ub.tu-berlin.de/index.php/eceasst/article/view/461info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T11:57:30Zoai:repositorium.sdum.uminho.pt:1822/13490Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T18:47:09.348142Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A deductive verification platform for cryptographic software
title A deductive verification platform for cryptographic software
spellingShingle A deductive verification platform for cryptographic software
Barbosa, Manuel
Formal program verification
Cryptography
title_short A deductive verification platform for cryptographic software
title_full A deductive verification platform for cryptographic software
title_fullStr A deductive verification platform for cryptographic software
title_full_unstemmed A deductive verification platform for cryptographic software
title_sort A deductive verification platform for cryptographic software
author Barbosa, Manuel
author_facet Barbosa, Manuel
Pinto, Jorge Sousa
Filliâtre, Jean-Christophe
Vieira, Bárbara Isabel Sousa
author_role author
author2 Pinto, Jorge Sousa
Filliâtre, Jean-Christophe
Vieira, Bárbara Isabel Sousa
author2_role author
author
author
dc.contributor.none.fl_str_mv Universidade do Minho
dc.contributor.author.fl_str_mv Barbosa, Manuel
Pinto, Jorge Sousa
Filliâtre, Jean-Christophe
Vieira, Bárbara Isabel Sousa
dc.subject.por.fl_str_mv Formal program verification
Cryptography
topic Formal program verification
Cryptography
description In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama-C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
publishDate 2010
dc.date.none.fl_str_mv 2010
2010-01-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/1822/13490
url http://hdl.handle.net/1822/13490
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 1863-2122
10.14279/tuj.eceasst.33.461.449
http://journal.ub.tu-berlin.de/index.php/eceasst/article/view/461
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv European Association of Software Science and Technology (EASST)
publisher.none.fl_str_mv European Association of Software Science and Technology (EASST)
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799132228959076352

Registros relacionados