Cryptographic Verification by Typing for a Sample Protocol Implementation

Fournet, Cédric; Bhargavan, Karthikeyan; Gordon, Andrew D.

doi:10.1007/978-3-642-23082-0_3

Cited by 6 publications

(3 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A more detailed discussion of further related work (including [32,33,49]) can be found in [4]; for recent surveys of related work in higher-level languages, see [29] and [38].…”

Section: Related Workmentioning

confidence: 99%

Computational verification of C protocol implementations by symbolic execution

Aizatulin

Gordon

Jürjens

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

We verify cryptographic protocols coded in C for correspondence properties with respect to the computational model of cryptography. The first step uses symbolic execution to extract a process calculus model from a C implementation of the protocol. The new contribution is the second step in which we translate the extracted model to a CryptoVerif protocol description, such that successful verification with CryptoVerif implies the security of the original C implementation. We implement our method and apply it to verify several protocols out of reach of previous work in the symbolic model (using ProVerif), either due to the use of XOR and Diffie-Hellman commitments, or due to the lack of an appropriate computational soundness result. We analyse only a single execution path, so our tool is limited to code following a fixed protocol narration. This is the first security analysis of C code to target a verifier for the computational model. We successfully verify over 3000 LOC. One example (about 1000 LOC) is independently written and currently in testing phase for industrial deployment; during its analysis we uncovered a vulnerability now fixed by its author

show abstract

“…A more detailed discussion of further related work (including [32,33,49]) can be found in [4]; for recent surveys of related work in higher-level languages, see [29] and [38].…”

Section: Related Workmentioning

confidence: 99%

Computational verification of C protocol implementations by symbolic execution

Aizatulin

Gordon

Jürjens

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…The protocol description language is inspired by the security protocol notation introduced for Kerberos [21]. Ultimately, we hope to be able to apply our approach over a network, and particularly to reason about secure communication in the type system [10,11].…”

Section: Related Workmentioning

confidence: 99%

Type-Driven Development of Concurrent Communicating Systems

Brady

2017

csci

View full text Add to dashboard Cite

Modern software systems rely on communication; for example, mobile applications communicating with a central server, distributed systems coordinating a telecommunications network, or concurrent systems handling events and processes in a desktop application. However, reasoning about concurrent programs is hard since we must reason about each process and the order in which communication might happen between processes. In this paper, I describe a type-driven approach to implementing communicating concurrent programs using the dependently typed programming language Idris. I show how the type system can be used to describe resource access protocols (such as controlling access to a file handle) and verify that the programs correctly follow those protocols. Finally, I show how to use the type system to reason about the order of communication between concurrent processes, ensuring that each end of a communication channel follows a defined protocol.

show abstract

“…For simplicity we only consider the single key setting. Fournet et al [30] show how to verify a variant of the protocol with multiple keys shared between pairs of principals using our MAC functionality; the details are available online. Security is modelled as safety when running with an active adversary that calls the functions client and server (to trigger parallel sessions) and controls the network.…”

Section: Lemma 1 (Typing) I C ⊢ F ❀ Imentioning

confidence: 99%