Towards formal verification of TLS network packet processing written in C

Affeldt, Reynald; Marti, Nicolas

doi:10.1145/2428116.2428124

Cited by 7 publications

(12 citation statements)

References 22 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The authors of [3] present an approach with the goal to improve TLS implementations. For this sake, a framework for verification of C implementations for TLS functionality is provided.…”

Section: White Box Testingmentioning

confidence: 99%

A Formal TLS Handshake Model in LNT

Božić

Marsso

Mateescu

et al. 2018

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Testing of network services represents one of the biggest challenges in cyber security. Because new vulnerabilities are detected on a regular basis, more research is needed. These faults have their roots in the software development cycle or because of intrinsic leaks in the system specification. Conformance testing checks whether a system behaves according to its specification. Here model-based testing provides several methods for automated detection of shortcomings. The formal specification of a system behavior represents the starting point of the testing process. In this paper, a widely used cryptographic protocol is specified and tested for conformance with a test execution framework. The first empirical results are presented and discussed.

show abstract

“…The authors of [3] present an approach with the goal to improve TLS implementations. For this sake, a framework for verification of C implementations for TLS functionality is provided.…”

Section: White Box Testingmentioning

confidence: 99%

A Formal TLS Handshake Model in LNT

Božić

Marsso

Mateescu

et al. 2018

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…Definition 2. 1 We let N denote the type of natural numbers (including 0), let Z denote the type of integers, and let Q denote the type of rational numbers. We let i | j denote that i ∈ N is a divisor of j ∈ N.…”

Section: Notationsmentioning

confidence: 99%

“…Affeldt et al [1,2] have formalized non-cyclicity of types using a complex constraint on paths through types. Our definition of validity of environments (Definition 4.11) follows the structure of type environments, and is more easy to use (for example to implement the aforementioned recursor and induction principle).…”

Section: Definition Of Typesmentioning

confidence: 99%

See 1 more Smart Citation

A Formal C Memory Model for Separation Logic

Krebbers

2016

J Autom Reasoning

View full text Add to dashboard Cite

The core of a formal semantics of an imperative programming language is a memory model that describes the behavior of operations on the memory. Defining a memory model that matches the description of C in the C11 standard is challenging because C allows both high-level (by means of typed expressions) and low-level (by means of bit manipulation) memory accesses. The C11 standard has restricted the interaction between these two levels to make more effective compiler optimizations possible, at the expense of making the memory model complicated. We describe a formal memory model of the (non-concurrent part of the) C11 standard that incorporates these restrictions, and at the same time describes low-level memory operations. This formal memory model includes a rich permission model to make it usable in separation logic and supports reasoning about program transformations. The memory model and essential properties of it have been fully formalized using the Coq proof assistant.

show abstract

“…Devido a isso, a verificação automática e formal de protocolos, utilizando métodos formais e matemáticos, vem tornando-se cada vez mais frequente e imprescindível na comunidade de segurança [Chudnov et al 2018, Li et al 2018, Kreutz et al 2019. Pesquisas relatam, por exemplo, que o processo de verificação formal já contribuiu também para a correção de protocolos que estavam em utilização [Dalal et al 2010, Cremers et al 2016, Affeldt and Marti 2013.…”

Section: Introductionunclassified

Verificação Automática de Protocolos de Segurança com a ferramenta Scyther

Jenuario

Chervinski

Paz

et al. 2019

Anais Da XVII Escola Regional De Redes De Computadores (ERRC 2019)

View full text Add to dashboard Cite

Protocolos de segurança (e.g. Needham-Schroeder, IKE, IPSec, SSH, Kerberos, TLS) representam o alicerce das comunicações do mundo atual. Protocolos como o IKE e o TLS permitem a troca de chaves na internet e propriedades de segurança essenciais para as comunicações (e.g. confidencialidade, integridade e autenticidade). Um dos grandes desafios no projeto desses protocolos é garantir a sua própria segurança, ou seja, garantir que o protocolo seja livre de vulnerabilidades. Atualmente, existem algumas ferramentas desenvolvidas especificamente para a verificação formal automática de protocolos de comunicação e segurança, como a Scyther, CrytoVerif, Tamarin Prover e AVISPA. Entretanto, essas são ainda pouco conhecidas e utilizadas na prática por projetistas de protocolos. Este trabalho tem por objetivo contribuir no fechamento desta lacuna através da introdução e demonstração prática de utilização da ferramenta Scyther, projetada para auxiliar na verificação automática de protocolos de segurança.

show abstract

Towards formal verification of TLS network packet processing written in C

Cited by 7 publications

References 22 publications

A Formal TLS Handshake Model in LNT

A Formal TLS Handshake Model in LNT

A Formal C Memory Model for Separation Logic

Verificação Automática de Protocolos de Segurança com a ferramenta Scyther

Contact Info

Product

Resources

About