An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Communication and concurrency
Using encryption for authentication in large networks of computers
Communications of the ACM
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Pointer analysis: haven't we solved this problem yet?
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
On Name Generation and Set-Based Analysis in the Dolev-Yao Model
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Normalizable Horn Clauses, Strongly Recognizable Relations, and Spi
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Towards an Automatic Analysis of Security Protocols in First-Order Logic
CADE-16 Proceedings of the 16th International Conference on Automated Deduction: Automated Deduction
CADE-18 Proceedings of the 18th International Conference on Automated Deduction
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Security properties: two agents are sufficient
ESOP'03 Proceedings of the 12th European conference on Programming
SLEDE: lightweight verification of sensor network security protocol implementations
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
SLEDE: lightweight verification of sensor network security protocol implementations
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
Slede: a domain-specific verification framework for sensor network security protocol implementations
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A Unified Approach to Abstract Interpretation, Formal Verification and Testing of C/C++ Modules
Proceedings of the 5th international colloquium on Theoretical Aspects of Computing
Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
Models and Proofs of Protocol Security: A Progress Report
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Automated Security Verification for Crypto Protocol Implementations: Verifying the Jessie Project
Electronic Notes in Theoretical Computer Science (ENTCS)
Modular verification of security protocol code by typing
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Integrating verification, testing, and learning for cryptographic protocols
IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Iterative specialisation of horn clauses
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Security protocols: principles and calculi tutorial notes
Foundations of security analysis and design IV
Cryptographic protocol verification using tractable classes of horn clauses
Program analysis and compilation, theory and practice
Computationally sound verification of source code
Proceedings of the 17th ACM conference on Computer and communications security
A certifying compiler for zero-knowledge proofs of knowledge based on Σ-protocols
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
Finite models for formal security proofs
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Ubiquitous verification of ubiquitous systems
SEUS'10 Proceedings of the 8th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems
Typechecking higher-order security libraries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Normalization of linear horn clauses
SBMF'10 Proceedings of the 13th Brazilian conference on Formal methods: foundations and applications
Security mutants for property-based testing
TAP'11 Proceedings of the 5th international conference on Tests and proofs
Extending H1-clauses with disequalities
Information Processing Letters
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Modular code-based cryptographic verification
Proceedings of the 18th ACM conference on Computer and communications security
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Verified Cryptographic Implementations for TLS
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
On the complexity of equational horn clauses
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Verified reference implementations of WS-Security protocols
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Integrated and automated abstract interpretation, verification and testing of c/c++ modules
Concurrency, Compositionality, and Correctness
Union and intersection types for secure protocol implementations
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Verifying implementations of security protocols by refinement
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Tools for traceable security verification
VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
Extending H1-clauses with path disequalities
FOSSACS'12 Proceedings of the 15th international conference on Foundations of Software Science and Computational Structures
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Verifying cryptographic code in c: some experience and the csec challenge
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
Crossing the syntactic barrier: hom-disequalities for H1-clauses
CIAA'12 Proceedings of the 17th international conference on Implementation and Application of Automata
A formal methodology for integral security design and verification of network protocols
Journal of Systems and Software
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
Implementations of cryptographic protocols, such as OpenSSL for example, contain bugs affecting security, which cannot be detected by just analyzing abstract protocols (e.g., SSL or TLS). We describe how cryptographic protocol verification techniques based on solving clause sets can be applied to detect vulnerabilities of C programs in the Dolev-Yao model, statically. This involves integrating fairly simple pointer analysis techniques with an analysis of which messages an external intruder may collect and forge. This also involves relating concrete run-time data with abstract, logical terms representing messages. To this end, we make use of so-called trust assertions. The output of the analysis is a set of clauses in the decidable class $\mathcal{H}_1$, which can then be solved independently. This can be used to establish secrecy properties, and to detect some other bugs.