Symbolic execution and program testing
Communications of the ACM
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Security Analysis of Crypto-based Java Programs using Automated Theorem Provers
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
A Computationally Sound Mechanized Prover for Security Protocols
IEEE Transactions on Dependable and Secure Computing
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Formally-Based black-box monitoring of security protocols
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Verifying cryptographic code in c: some experience and the csec challenge
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
Taint analysis of security code in the KLEE symbolic execution engine
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
The analysis of code that uses cryptographic primitives is unfeasible with current state-of-the-art symbolic execution tools. We develop an extension that overcomes this limitation by treating certain concrete functions, like cryptographic primitives, as symbolic functions whose execution analysis is entirely avoided; their behaviour is in turn modelled formally via rewriting rules. We define concrete and symbolic semantics within a (subset) of the low-level virtual machine LLVM. We then show our approach sound by proving operational correspondence between the two semantics. We present a prototype to illustrate our approach and discuss next milestones towards the symbolic analysis of fully concurrent cryptographic protocol implementations.