Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Information Hiding Techniques for Steganography and Digital Watermarking
Information Hiding Techniques for Steganography and Digital Watermarking
SIAM Journal on Computing
Testing Finite-State Machines: State Identification and Verification
IEEE Transactions on Computers
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
Everything Provable is Provable in Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Measurement-Based Worst-Case Execution Time Analysis
SEUS '05 Proceedings of the Third IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems
The Seventeen Provers of the World: Foreword by Dana S. Scott (Lecture Notes in Computer Science / Lecture Notes in Artificial Intelligence)
Challenges in automotive software engineering
Proceedings of the 28th international conference on Software engineering
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Interprocedural shape analysis with separated heap abstractions
SAS'06 Proceedings of the 13th international conference on Static Analysis
A next-generation platform for analyzing executables
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Detecting malicious code by model checking
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Verification across Intellectual Property Boundaries
ACM Transactions on Software Engineering and Methodology (TOSEM)
| Hi-index | 0.00 |
In many industries, the share of software components provided by third-party suppliers is steadily increasing. As the suppliers seek to secure their intellectual property (IP) rights, the customer usually has no direct access to the suppliers' source code, and is able to enforce the use of verification tools only by legal requirements. In turn, the supplier has no means to convince the customer about successful verification without revealing the source code. This paper presents a new approach to resolve the conflict between the IP interests of the supplier and the quality interests of the customer. We introduce a protocol in which a dedicated server (called the "amanat") is controlled by both parties: the customer controls the verification task performed by the amanat, while the supplier controls the communication channels of the amanat to ensure that the amanat does not leak information about the source code. We argue that the protocol is both practically useful and mathematically sound. As the protocol is based on well-known (and relatively lightweight) cryptographic primitives, it allows a straightforward implementation on top of existing verification tool chains. To substantiate our security claims, we establish the correctness of the protocol by cryptographic reduction proofs.