Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Computationally Sound Mechanized Prover for Security Protocols
IEEE Transactions on Dependable and Secure Computing
ASPIER: An Automated Framework for Verifying Security Protocol Implementations
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
A sound semantics for OCamllight
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Modular code-based cryptographic verification
Proceedings of the 18th ACM conference on Computer and communications security
Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Automatically Verified Mechanized Proof of One-Encryption Key Exchange
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
From Computationally-proved Protocol Specifications to Implementations
ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
In order to obtain implementations of security protocols proved secure in the computational model, we have previously implemented a compiler that takes a specification of the protocol in the input language of the computational protocol verifier CryptoVerif and translates it into an OCaml implementation. However, until now, this compiler was not proved correct, so we did not have real guarantees on the generated implementation. In this paper, we fill this gap. We prove that this compiler preserves the security properties proved by CryptoVerif: if an adversary has probability p of breaking a security property in the generated code, then there exists an adversary that breaks the property with the same probability p in the CryptoVerif specification. Therefore, if the protocol specification is proved secure in the computational model by CryptoVerif, then the generated implementation is also secure.