Extracting and verifying cryptographic models from C protocol code by symbolic execution

Aizatulin, Mihhail; Gordon, Andrew D.; Jürjens, Jan

doi:10.1145/2046707.2046745

Cited by 45 publications

(66 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, they conclude that approaches for model extraction cannot deal with arbitrary legacy code, but introduce some requirements on how the code should be written, for instance by adding annotated semantic information. A relevant technique is reported in [15]. It aims to automatically create a formal model from an implementation in C. To drive the model extraction process though, it requires input from the analyst which demands him/her to have knowledge about both, the C language and the high level description of the protocol.…”

Section: Related Tools and Approachesmentioning

confidence: 99%

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Sandoval

Lenzini

2018

2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

Abstract-Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little or no help from the developers to better understand it. Security protocols implementations frequently use services provided by libraries coded in the C programming language; automatic tools for codelevel reverse engineering offer good support to comprehend the behavior of code in object-oriented languages but are ineffective to deal with libraries in C. Here we propose a systematic, yet human-dependent approach, which combines the capabilities of state-of-the-art tools in order to help the analyst to retrieve, step by step, the security protocol specifications from a library in C. Those specifications can then be used to create the formal model needed to carry out the analysis.

show abstract

Section: Related Tools and Approachesmentioning

confidence: 99%

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Sandoval

Lenzini

2018

2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

show abstract

“…More recently, Aizatulin et al [10] and Corin and Manzano [62] have proposed techniques for analyzing C programs by extracting abstract models using symbolic execution. The solution by Aizatulin et al [10] needs neither a pre-existing protocol description nor manual inspection of source code, and uses existing results for the applied pi calculus [20] to establish computational soundness.…”

Section: Related Workmentioning

confidence: 99%

“…The solution by Aizatulin et al [10] needs neither a pre-existing protocol description nor manual inspection of source code, and uses existing results for the applied pi calculus [20] to establish computational soundness. Their current prototype can, however, analyze only a single execution path, so it is limited to protocols with no significant branching.…”

Section: Related Workmentioning

confidence: 99%

Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

Backes

Hriţcu

Maffei

2014

JCS

View full text Add to dashboard Cite

We present a new type system for verifying the security of reference implementations of cryptographic protocols written in a core functional programming language.The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of important protocol classes that were previously out of scope for the type-based analyses of reference protocol implementations. In particular, our types can statically characterize:(i) more usages of asymmetric cryptography, such as signatures of private data and encryptions of authenticated data; (ii) authenticity and integrity properties achieved by showing knowledge of secret data; (iii) applications based on zero-knowledge proofs. The type system comes with a mechanized proof of correctness and an efficient type-checker.

show abstract

“…It guarantees the security of the protocol implementation and provides its reliability's demonstration. Related research achievements include [4][5][6][7]. Sometimes leaks arise in the process of protocol implementations due to the design imperfection, which leads protocol implementations to be insecure (such as the SSL protocol, the TLS protocol).…”

Section: Introductionmentioning

confidence: 99%

A New Method to Analyze the Security of Protocol Implementations Based on Ideal Trace

Zhang

Wang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

The security analysis of protocols on theory level cannot guarantee the security of protocol implementations. To solve this problem, researchers have done a lot, and many achievements have been reached in this field, such as model extraction and code generation. However, the existing methods do not take the security of protocol implementations into account. In this paper, we have proposed to exploit the traces of function return values to analyze the security of protocol implementations at the source code level. Taking classic protocols into consideration, for example (like the Needham-Schroeder protocol and the Diffie-Hellman protocol, which cannot resist man-in-the-middle attacks), we have analyzed man-in-the-middle attacks during the protocol implementations and have carried out experiments. It has been shown in the experiments that our new method works well. Different from other methods of analyzing the security of protocol implementations in the literatures, our new method can avoid some flaws of program languages (like C language memory access, pointer analysis, etc.) and dynamically analyze the security of protocol implementations.

show abstract

Extracting and verifying cryptographic models from C protocol code by symbolic execution

Cited by 45 publications

References 43 publications

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

A New Method to Analyze the Security of Protocol Implementations Based on Ideal Trace

Contact Info

Product

Resources

About