Verified Interoperable Implementations of Security Protocols

Authors:
Karthikeyan Bhargavan;Cedric Fournet;Andrew D. Gordon;Stephen Tse
Affiliations:
Microsoft Research, USA;Microsoft Research, USA;Microsoft Research, USA;University of Pennsylvania, USA
Venue:
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Year:
2006

Citing 0
Cited 29

Leveraging .NET meta-programming components from F#: integrated queries and interoperable heterogeneous execution

Proceedings of the 2006 workshop on ML
Securing the drop-box architecture for assisted living

Proceedings of the fourth ACM workshop on Formal methods in security
Defeasible security policy composition for web services

Proceedings of the fourth ACM workshop on Formal methods in security
Secure sessions for Web services

ACM Transactions on Information and System Security (TISSEC)
SLEDE: lightweight verification of sensor network security protocol implementations

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
SLEDE: lightweight verification of sensor network security protocol implementations

The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
Rule-based static analysis of network protocol implementations

Information and Computation
Slede: a domain-specific verification framework for sensor network security protocol implementations

WiSec '08 Proceedings of the first ACM conference on Wireless network security
Verified implementations of the information card federated identity-management protocol

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Verifying policy-based web services security

ACM Transactions on Programming Languages and Systems (TOPLAS)
Verified interoperable implementations of security protocols

ACM Transactions on Programming Languages and Systems (TOPLAS)
A secure compiler for session abstractions

Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Cryptographically verified implementations for TLS

Proceedings of the 15th ACM conference on Computer and communications security
Automated Security Verification for Crypto Protocol Implementations: Verifying the Jessie Project

Electronic Notes in Theoretical Computer Science (ENTCS)
Computational soundness for key exchange protocols with symmetric encryption

Proceedings of the 16th ACM conference on Computer and communications security
Modular verification of security protocol code by typing

Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Service combinators for farming virtual machines

COORDINATION'08 Proceedings of the 10th international conference on Coordination models and languages
A protocol compiler for secure sessions in ML

TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Computationally sound verification of source code

Proceedings of the 17th ACM conference on Computer and communications security
Ubiquitous verification of ubiquitous systems

SEUS'10 Proceedings of the 8th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems
Verified Cryptographic Implementations for TLS

ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Formally based semi-automatic implementation of an open security protocol

Journal of Systems and Software
Verified reference implementations of WS-Security protocols

WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Formally-Based black-box monitoring of security protocols

ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Union and intersection types for secure protocol implementations

TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Formal analysis of the EMV protocol suite

TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Tools for traceable security verification

VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
Computational verification of C protocol implementations by symbolic execution

Proceedings of the 2012 ACM conference on Computer and communications security
Language-based defenses against untrusted browser origins

SEC'13 Proceedings of the 22nd USENIX conference on Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present an architecture and tools for verifying implementations of security protocols. Our implementations can run with both concrete and symbolic implementations of cryptographic algorithms. The concrete implementation is for production and interoperability testing. The symbolic implementation is for debugging and formal verification. We develop our approach for protocols written in F#, a dialect of ML, and verify them by compilation to ProVerif, a resolution-based theorem prover for cryptographic protocols. We establish the correctness of this compilation scheme, and we illustrate our approach with protocols for Web Services security.