A Framework for the Cryptographic Verification of Java-Like Programs

We consider the problem of establishing cryptographic guarantees -- in particular, computational indistinguishability -- for Java or Java-like programs that use cryptography. For this purpose, we propose a general framework that enables existing program analysis tools that can check (standard) non-interference properties of Java programs to establish cryptographic security guarantees, even if the tools a priori cannot deal with cryptography. The approach that we take is new and combines techniques from program analysis and simulation-based security. Our framework is stated and proved for a Java-like language that comprises a rich fragment of Java. The general idea of our approach should, however, be applicable also to other practical programming languages. As a proof of concept, we use an automatic program analysis tool for checking non-interference properties of Java programs, namely the tool Joana, in order to establish computational indistinguishability for a Java program that involves clients sending encrypted messages over a network, controlled by an active adversary, to a server.

[1]  Sagar Chaki,et al.  ASPIER: An Automated Framework for Verifying Security Protocol Implementations , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[2]  Jan Jürjens,et al.  Security Analysis of Crypto-based Java Programs using Automated Theorem Provers , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[3]  Peeter Laud Semantics and Program Analysis of Computationally Secure Information Flow , 2001, ESOP.

[4]  Ralf Küsters,et al.  Simulation-based security with inexhaustible interactive Turing machines , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[5]  Jean Goubault-Larrecq,et al.  Cryptographic Protocol Analysis on Real C Code , 2005, VMCAI.

[6]  Daniel Wasserrab,et al.  Proving Information Flow Noninterference by Reusing a Machine-Checked Correctness Proof for Slicing , 2010, VERIFY@IJCAR.

[7]  David Clark,et al.  Non-Interference for Deterministic Interactive Programs , 2009, Formal Aspects in Security and Trust.

[8]  Gavin Lowe,et al.  Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security , 2010, Lecture Notes in Computer Science.

[9]  P. Cogn,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2009 .

[10]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[11]  Véronique Cortier,et al.  How to prove security of communication protocols? A discussion on the soundness of formal models w.r.t. computational ones , 2011, STACS.

[12]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[13]  Michael R. Clarkson,et al.  Information-flow security for interactive programs , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[14]  Jan Jürjens,et al.  Extracting and verifying cryptographic models from C protocol code by symbolic execution , 2011, CCS '11.

[15]  Pierre-Yves Strub,et al.  Modular code-based cryptographic verification , 2011, CCS '11.

[16]  María Alpuente,et al.  Abstract Certification of Global Non-Interference in Rewriting Logic , 2009, FMCO.

[17]  Ralf Küsters,et al.  Universally Composable Symmetric Encryption , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[18]  Jürgen Graf Speeding Up Context-, Object- and Field-Sensitive SDG Generation , 2010, SCAM 2010.

[19]  Gregor Snelting,et al.  Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs , 2009, International Journal of Information Security.

[20]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[21]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[22]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[23]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[24]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[25]  Cédric Fournet,et al.  Cryptographically verified implementations for TLS , 2008, CCS.

[26]  Gregor Snelting,et al.  On PDG-based noninterference and its modular proof , 2009, PLAS '09.

[27]  Jörn Müller-Quade,et al.  Polynomial Runtime and Composability , 2013, Journal of Cryptology.

[28]  Karl J. Ottenstein,et al.  The program dependence graph in a software development environment , 1984 .

[29]  Alfredo Pironti,et al.  JavaSPI: A Framework for Security Protocol Implementation , 2011, Int. J. Secur. Softw. Eng..

[30]  Alfredo Pironti,et al.  The Java SPI Framework for Security Protocol Implementation , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[31]  Daniel Wasserrab From formal semantics to verified slicing: a modular framework with applications in language based security , 2011 .

[32]  Tobias Nipkow,et al.  A machine-checked model for a Java-like language, virtual machine, and compiler , 2006, TOPL.

[33]  Tobias Nipkow,et al.  Javalight is type-safe—definitely , 1998, POPL '98.

[34]  Cédric Fournet,et al.  Information-flow types for homomorphic encryptions , 2011, CCS '11.

[35]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[36]  Michael Backes,et al.  Computationally sound verification of source code , 2010, CCS '10.

[37]  Ralf Küsters,et al.  Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[38]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[39]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[40]  Mark Weiser,et al.  Program Slicing , 1981, IEEE Transactions on Software Engineering.

[41]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.