CAOVerif: An Open- Source Deductive Verification Platform for Cryptographic Software Implementations
- Citation:
- Pinto JS, Almeida JB, Barbosa MB, Vieira B, Filliâtre JC. 2014. CAOVerif: An Open- Source Deductive Verification Platform for Cryptographic Software Implementations. Science of Computer Programming. 91:216–233.
Abstract:
CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
Citation Key:
1993DOI:
10.1016/j.scico.2012.09.019
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.