Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic execution and program testing
Communications of the ACM
Exploring Very Large State Spaces Using Genetic Algorithms
TACAS '02 Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Rule-based static analysis of network protocol implementations
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
VCC: A Practical System for Verifying Concurrent C
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
CoSP: a general framework for computational soundness proofs
Proceedings of the 16th ACM conference on Computer and communications security
Modular verification of security protocol code by typing
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Efficient symbolic execution for analysing cryptographic protocol implementations
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Modular code-based cryptographic verification
Proceedings of the 18th ACM conference on Computer and communications security
Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Verifying implementations of security protocols by refinement
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
A formal methodology for integral security design and verification of network protocols
Journal of Systems and Software
| Hi-index | 0.00 |
The security of much critical infrastructure depends in part on cryptographic software coded in C, and yet vulnerabilities continue to be discovered in such software. We describe recent progress on checking the security of C code implementing cryptographic software. In particular, we describe projects that combine verification-condition generation and symbolic execution techniques for C, with methods for stating and verifying security properties of abstract models of cryptographic protocols. We illustrate these techniques on C code for a simple two-message protocol.