Verifying Implementations of Security Protocols by Refinement

We propose a technique for verifying high-level security properties of cryptographic protocol implementations based on stepwise refinement. Our refinement strategy supports reasoning about abstract protocol descriptions in the symbolic model of cryptography and gradually concretizing them towards executable code. We have implemented the technique within a general-purpose program verifier VCC and applied it to an extract from a draft reference implementation of Trusted Platform Module, written in C.

[1]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[2]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[3]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[4]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[5]  Jean-Raymond Abrial,et al.  Refinement, Decomposition, and Instantiation of Discrete Models: Application to Event-B , 2007, Fundam. Informaticae.

[6]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[7]  K. Rustan M. Leino,et al.  Stepwise refinement of heap-manipulating code in Chalice , 2012, Formal Aspects of Computing.

[8]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[9]  Reiner Hähnle,et al.  KeY-C: A Tool for Verification of C Programs , 2007, CADE.

[10]  Frank Piessens,et al.  The VeriFast program verifier , 2008 .

[11]  Jean Goubault-Larrecq,et al.  Cryptographic Protocol Analysis on Real C Code , 2005, VMCAI.

[12]  K. Rustan M. Leino,et al.  Automated Stepwise Refinement of Heap-Manipulating Code Manuscript KRML 211 – October 9 , 2010 , 2010 .

[13]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[14]  Frank Pfenning,et al.  Automated Deduction - CADE-21, 21st International Conference on Automated Deduction, Bremen, Germany, July 17-20, 2007, Proceedings , 2007, CADE.

[15]  Jan Jürjens,et al.  Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[16]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[17]  Christoph Sprenger,et al.  Developing security protocols by refinement , 2010, CCS '10.

[18]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[19]  Sagar Chaki,et al.  ASPIER: An Automated Framework for Verifying Security Protocol Implementations , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[20]  Yannick Moy Automatic modular static safety checking for C programs , 2009 .