An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
E-SETHEO: An Automated3 Theorem Prover
TABLEAUX '00 Proceedings of the International Conference on Automated Reasoning with Analytic Tableaux and Related Methods
Automatic Verification of Cryptographic Protocols with SETHEO
CADE-14 Proceedings of the 14th International Conference on Automated Deduction
A formal automated approach for reverse engineering programs with pointers
ASE '97 Proceedings of the 12th international conference on Automated software engineering (formerly: KBSE)
First-order verification of cryptographic protocols
Journal of Computer Security - CSFW13
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Automated Security Verification for Crypto Protocol Implementations: Verifying the Jessie Project
Electronic Notes in Theoretical Computer Science (ENTCS)
Formally-Based black-box monitoring of security protocols
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Tools for traceable security verification
VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
| Hi-index | 0.00 |
Designing and implementing cryptographic protocols is known to be difficult. A lot of research has been devoted to develop formal techniques to analyze abstract designs of cryptographic protocols. Less attention has been paid to the verification of implementation-relevant aspects of cryptographic protocols. This is an important challenge since it is non-trivial to securely implement secure designs, because a specification by its nature is more abstract than the corresponding implementation, and the additional information may introduce attacks not present on the design level. We propose an approach to determine security goals provided by a protocol implementation based on control flow graphs and automated theorem provers for first-order logic. More specifically, here we explain how to make use of assertions in the source code for a practical and efficient security analysis.