Abstract
The security of much critical infrastructure depends in part on cryptographic software coded in C, and yet vulnerabilities continue to be discovered in such software. We describe recent progress on checking the security of C code implementing cryptographic software. In particular, we describe projects that combine verification-condition generation and symbolic execution techniques for C, with methods for stating and verifying security properties of abstract models of cryptographic protocols. We illustrate these techniques on C code for a simple two-message protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: ACM POPL, pp. 104–115 (2001)
Aizatulin, M., Dupressoir, F., Gordon, A., Jürjens, J.: Verifying cryptographic code in C: Some experience and the Csec challenge. Technical Report MSR-TR-2011-118, Microsoft Research (November 2011a)
Aizatulin, M., Gordon, A., Jürjens, J.: Extracting and verifying cryptographic models from C protocol code by symbolic execution. In: 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011), http://arxiv.org/abs/1107.1017
Backes, M., Hofheinz, D., Unruh, D.: CoSP: A general framework for computational soundness proofs. In: ACM CCS 2009, pp. 66–78 (November 2009); preprint on IACR ePrint 2009/080
Barbosa, M., Pinto, J., Filliâtre, J., Vieira, B.: A deductive verification platform for cryptographic software. In: Proceedings of the Fourth International Workshop on Foundations and Techniques for Open Source Software Certification (OpenCert 2010). Electronic Communications of the EASST, vol. 33. EASST (2010)
Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 17–32 (2008)
Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: ACM Symposium on Principles of Programming Languages (POPL 2010), pp. 445–456 (2010)
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: IEEE Computer Security Foundations Workshop (CSFW 2001), pp. 82–96 (2001)
Cadar, C., Dunbar, D., Engler, D.: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI 2008), San Diego, CA (December 2008)
Chaki, S., Datta, A.: ASPIER: An automated framework for verifying security protocol implementations. In: Computer Security Foundations Workshop, pp. 172–185 (2009), doi:10.1109/CSF.2009.20
Cohen, E., Dahlweid, M., Hillebrand, M.A., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: A Practical System for Verifying Concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009)
Corin, R., Manzano, F.A.: Efficient Symbolic Execution for Analysing Cryptographic Protocol Implementations. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 58–72. Springer, Heidelberg (2011)
Dupressoir, F., Gordon, A., Jürjens, J., Naumann, D.: Guiding a general-purpose C verifier to prove cryptographic protocols. In: 24th IEEE Computer Security Foundations Symposium, pp. 3–17 (2011)
Dutertre, B., de Moura, L.: The Yices SMT Solver. Technical report (2006)
Erkök, L., Carlsson, M., Wick, A.: Hardware/software co-verification of cryptographic algorithms using Cryptol. In: FMCAD (2009)
Fournet, C., Bhargavan, K., Gordon, A.D.: Cryptographic Verification by Typing for a Sample Protocol Implementation. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 66–100. Springer, Heidelberg (2011)
Fournet, C., Kohlweiss, M., Strub, P.-Y.: Modular code-based cryptographic verification. In: 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011) Technical report, sample code, and formal proofs available from, http://research.microsoft.com/~fournet/comp-f7/
Godefroid, P., Khurshid, S.: Exploring Very Large State Spaces using Genetic Algorithms. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 266–280. Springer, Heidelberg (2002)
Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Programming Language Design and Implementation (PLDI 2005), pp. 213–223. ACM (2005)
Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2008. The Internet Society (2008)
Goubault-Larrecq, J., Parrennes, F.: Cryptographic Protocol Analysis on Real C Code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)
Hriţcu, C.: Union, Intersection, and Refinement Types and Reasoning About Type Disjointness for Security Protocol Analysis. PhD thesis, Department of Computer Science, Saarland University (2011)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
McGrew, D.A., Viega, J.: Flexible and efficient message authentication in hardware and software. manuscript and software available at (2005), http://www.zork.org/gcm
Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In: Proceedings of the 11th International Conference on Compiler Construction, CC 2002, pp. 213–228. Springer, London (2002) ISBN 3-540-43369-4, http://portal.acm.org/citation.cfm?id=647478.727796
PolarSSL. PolarSSL, http://polarssl.org
Polikarpova, N., Moskal, M.: Verifying implementations of security protocols by refinement. In: Verified Software: Theories, Tools and Experiments, VSTTE 2012 (to appear, 2012)
Project EVA. Security protocols open repository (2007), http://www.lsv.ens-cachan.fr/spore/
Udrea, O., Lumezanu, C., Foster, J.S.: Rule-Based static analysis of network protocol implementations. In: Proceedings of the 15Th Usenix Security Symposium, pp. 193–208 (2006), http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.111.8168
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aizatulin, M., Dupressoir, F., Gordon, A.D., Jürjens, J. (2012). Verifying Cryptographic Code in C: Some Experience and the Csec Challenge. In: Barthe, G., Datta, A., Etalle, S. (eds) Formal Aspects of Security and Trust. FAST 2011. Lecture Notes in Computer Science, vol 7140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29420-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-29420-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29419-8
Online ISBN: 978-3-642-29420-4
eBook Packages: Computer ScienceComputer Science (R0)