A Deductive Verification Platform for Cryptographic Software

Authors

  • Manuel Barbosa
  • J. Pinto
  • J.-C. Filliatre
  • B. Vieira

DOI:

https://doi.org/10.14279/tuj.eceasst.33.461

Abstract

In this paper we describe a deductive verification platform for the CAO language. CAO is a domain-specific language for cryptography. We show that this language presents interesting challenges for formal verification, not only in the rich mathematical type system that it introduces, but also in the cryptography-oriented language constructions that it offers. We describe how we tackle these problems, and also demonstrate that, by relying on the Jessie plug-in included in the Frama-C framework, the development time of such a complex verification tool could be greatly reduced. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

Downloads

Published

2010-12-10

Issue

Vol. 33 (2010): Foundations and Techniques for Open Source Software Certification 2010

Section

Articles