Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Journal of Automated Reasoning
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
On Confidentiality and Algorithms
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A verifying core for a cryptographic language compiler
ACL2 '06 Proceedings of the sixth international workshop on the ACL2 theorem prover and its applications
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Automatic formal verification of block cipher implementations
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Deductive verification of cryptographic software
Innovations in Systems and Software Engineering
Survey: leakage resilience and the bounded retrieval model
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Beyond provable security verifiable IND-CCA security of OAEP
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Provable Security in the Real World
IEEE Security and Privacy
Computer-aided security proofs for the working cryptographer
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Modular code-based cryptographic verification
Proceedings of the 18th ACM conference on Computer and communications security
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Practical realisation and elimination of an ECC-Related software bug attack
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Certifying assembly with formal security proofs: The case of BBS
Science of Computer Programming
Language-based control and mitigation of timing channels
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A Framework for the Cryptographic Verification of Java-Like Programs
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Automatic quantification of cache side-channels
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
The security impact of a new cryptographic library
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Proved generation of implementations from computationally secure protocol specifications
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
A Formally-Verified C Compiler Supporting Floating-Point Arithmetic
ARITH '13 Proceedings of the 2013 IEEE 21st Symposium on Computer Arithmetic
Probabilistic relational verification for cryptographic implementations
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Hi-index | 0.00 |
We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code. We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standardized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of assembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.