Loading…
CAOVerif: An open-source deductive verification platform for cryptographic software implementations
CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verif...
Saved in:
| Published in: | Science of computer programming 2014-10, Vol.91, p.216-233 |
|---|---|
| Main Authors: | , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
► CAOVerif is a new deductive verification platform for domain-specific cryptographic language CAO. ► Frama-C component Jessie is used as a back-end, greatly reducing the development time. ► Logic theories in CAOVerif were proven sound w.r.t. the CAO semantics in Coq. ► Case study: a real-world example from the NaCl open source cryptographic library. |
|---|---|
| ISSN: | 0167-6423 1872-7964 |
| DOI: | 10.1016/j.scico.2012.09.019 |