Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Using CSP to Detect Errors in the TMN Protocol
IEEE Transactions on Software Engineering
An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
A calculus for cryptographic protocols
Information and Computation
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
E-SETHEO: An Automated3 Theorem Prover
TABLEAUX '00 Proceedings of the International Conference on Automated Reasoning with Analytic Tableaux and Related Methods
CADE-18 Proceedings of the 18th International Conference on Automated Deduction
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Code security analysis with assertions
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Verified Interoperable Implementations of Security Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Provable Implementations of Security Protocols
LICS '06 Proceedings of the 21st Annual IEEE Symposium on Logic in Computer Science
Security Analysis of Crypto-based Java Programs using Automated Theorem Provers
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the 13th ACM conference on Computer and communications security
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Secure Systems Development with UML
Secure Systems Development with UML
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
A counterexample-guided refinement tool for open procedural programs
SPIN'06 Proceedings of the 13th international conference on Model Checking Software
Formally based semi-automatic implementation of an open security protocol
Journal of Systems and Software
Hi-index | 0.00 |
An important missing link in the construction of secure systems is finding a practical way to establish a correspondence between a software specification and its implementation. We address this problem for the case of crypto-based Java implementations (such as crypto protocols) with an approach using automated theorem provers for first-order logic, by linking the implementation to a specification model. In this paper, we present details on an application of this approach to the open-source Java implementation Jessie of the SSL protocol. We also shortly comment on how these results can be transferred to the standard Java Secure Sockets Extension (JSSE) library that was recently open-sourced by Sun.