Guiding a general-purpose C verifier to prove cryptographic protocols

François Dupressoir, Andrew D. Gordon, Jan Jürjens, David A. Naumann

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

30 Scopus citations

Abstract

We describe how to verify security properties of C code for cryptographic protocols by using a general-purpose verifier. We prove security theorems in the symbolic model of cryptography. Our techniques include: use of ghost state to attach formal algebraic terms to concrete byte arrays and to detect collisions when two distinct terms map to the same byte array, decoration of a crypto API with contracts based on symbolic terms, and expression of the attacker model in terms of C programs. We rely on the general-purpose verifier VCC, we guide VCC to prove security simply by writing suitable header files and annotations in implementation files, rather than by changing VCC itself. We formalize the symbolic model in Coq in order to justify the addition of axioms to VCC.

Original languageEnglish
Title of host publicationProceedings - 24th IEEE Computer Security Foundations Symposium, CSF 2011
Pages3-17
Number of pages15
DOIs
StatePublished - 2011
Event24th Computer Security Foundations Symposium, CSF 2011 - Cernay-la-Ville, France
Duration: 27 Jun 201029 Jun 2010

Publication series

NameProceedings - IEEE Computer Security Foundations Symposium
ISSN (Print)1940-1434

Conference

Conference24th Computer Security Foundations Symposium, CSF 2011
Country/TerritoryFrance
CityCernay-la-Ville
Period27/06/1029/06/10

Fingerprint

Dive into the research topics of 'Guiding a general-purpose C verifier to prove cryptographic protocols'. Together they form a unique fingerprint.

Cite this