How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic execution and program testing
Communications of the ACM
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
A Computationally Sound Mechanized Prover for Security Protocols
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Automatic verification of correspondences for security protocols
Journal of Computer Security
Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Heuristics for Scalable Dynamic Test Generation
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
CoSP: a general framework for computational soundness proofs
Proceedings of the 16th ACM conference on Computer and communications security
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Efficient symbolic execution for analysing cryptographic protocol implementations
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Reducing Protocol Analysis with XOR to the XOR-Free Case in the Horn Theory Based Approach
Journal of Automated Reasoning
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Verifying cryptographic code in c: some experience and the csec challenge
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
Proved generation of implementations from computationally secure protocol specifications
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Property-testing real-world authorization systems
Proceedings of the 18th ACM symposium on Access control models and technologies
A formal methodology for integral security design and verification of network protocols
Journal of Systems and Software
| Hi-index | 0.00 |
Consider the problem of verifying security properties of a cryptographic protocol coded in C. We propose an automatic solution that needs neither a pre-existing protocol description nor manual annotation of source code. First, symbolically execute the C program to obtain symbolic descriptions for the network messages sent by the protocol. Second, apply algebraic rewriting to obtain a process calculus description. Third, run an existing protocol analyser (ProVerif) to prove security properties or find attacks. We formalise our algorithm and appeal to existing results for ProVerif to establish computational soundness under suitable circumstances. We analyse only a single execution path, so our results are limited to protocols with no significant branching. The results in this paper provide the first computationally sound verification of weak secrecy and authentication for (single execution paths of) C code.