Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
Using encryption for authentication in large networks of computers
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the Security of RSA Encryption in TLS
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Equational Approach to Formal Analysis of TLS
ICDCS '05 Proceedings of the 25th IEEE International Conference on Distributed Computing Systems
A modular correctness proof of IEEE 802.11i and TLS
Proceedings of the 12th ACM conference on Computer and communications security
A Computationally Sound Mechanized Prover for Security Protocols
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Verified Interoperable Implementations of Security Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Security Analysis of Crypto-based Java Programs using Automated Theorem Provers
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
HMAC is a randomness extractor and applications to TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Provably secure browser-based user-aware mutual authentication over TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A Modular Security Analysis of the TLS Handshake Protocol
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
About the security of ciphers (semantic security and pseudo-random permutations)
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Padding oracle attacks on CBC-Mode encryption with secret and random IVs
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Automated security proofs with sequences of games
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
Models and Proofs of Protocol Security: A Progress Report
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Modular verification of security protocol code by typing
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Computationally sound verification of source code
Proceedings of the 17th ACM conference on Computer and communications security
A certifying compiler for zero-knowledge proofs of knowledge based on Σ-protocols
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficient symbolic execution for analysing cryptographic protocol implementations
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Ideal key derivation and encryption in simulation-based security
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Modular code-based cryptographic verification
Proceedings of the 18th ACM conference on Computer and communications security
Payment frameworks for the purchase of electronic products and services
Computer Standards & Interfaces
Formally based semi-automatic implementation of an open security protocol
Journal of Systems and Software
Union and intersection types for secure protocol implementations
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Provably repairing the ISO/IEC 9798 standard for entity authentication
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
DKAL*: constructing executable specifications of authorization protocols
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
An empirical study of cryptographic misuse in android applications
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Provably repairing the ISO/IEC 9798 standard for entity authentication
Journal of Computer Security - Security and Trust Principles
Journal of Computer Security - Foundational Aspects of Security
| Hi-index | 0.00 |
We intend to narrow the gap between concrete implementations of cryptographic protocols and their verified models. We develop and verify a small functional implementation of the Transport Layer Security protocol (TLS 1.0). We make use of the same executable code for interoperability testing against mainstream implementations, for automated symbolic cryptographic verification, and for automated computational cryptographic verification. We rely on a combination of recent tools, and we also develop a new tool for extracting computational models from executable code. We obtain strong security guarantees for TLS as used in typical deployments.