Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Information Hiding Techniques for Steganography and Digital Watermarking
Information Hiding Techniques for Steganography and Digital Watermarking
SIAM Journal on Computing
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
FORTE XII / PSTV XIX '99 Proceedings of the IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX)
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
Tamper Resistance Mechanisms for Secure, Embedded Systems
VLSID '04 Proceedings of the 17th International Conference on VLSI Design
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Challenges in automotive software engineering
Proceedings of the 28th international conference on Software engineering
Software Engineering for Automotive Systems: A Roadmap
FOSE '07 2007 Future of Software Engineering
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Verification across intellectual property boundaries
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Precise static analysis of untrusted driver binaries
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Interprocedural shape analysis with separated heap abstractions
SAS'06 Proceedings of the 13th international conference on Static Analysis
A next-generation platform for analyzing executables
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
The Seventeen Provers of the World
The Seventeen Provers of the World
ARMC: the logical choice for software model checking with abstraction refinement
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
Hi-index | 0.00 |
In many industries, the importance of software components provided by third-party suppliers is steadily increasing. As the suppliers seek to secure their intellectual property (IP) rights, the customer usually has no direct access to the suppliers’ source code, and is able to enforce the use of verification tools only by legal requirements. In turn, the supplier has no means to convince the customer about successful verification without revealing the source code. This article presents an approach to resolve the conflict between the IP interests of the supplier and the quality interests of the customer. We introduce a protocol in which a dedicated server (called the “amanat”) is controlled by both parties: the customer controls the verification task performed by the amanat, while the supplier controls the communication channels of the amanat to ensure that the amanat does not leak information about the source code. We argue that the protocol is both practically useful and mathematically sound. As the protocol is based on well-known (and relatively lightweight) cryptographic primitives, it allows a straightforward implementation on top of existing verification tool chains. To substantiate our security claims, we establish the correctness of the protocol by cryptographic reduction proofs.