%0 Journal Article
%J Science of Computer Programming
%D 2014
%T CAOVerif: An Open- Source Deductive Verification Platform for Cryptographic Software Implementations
%A Jorge Sousa Pinto
%A José Bacelar Almeida
%A Manuel Bernardo Barbosa
%A Bárbara Vieira
%A Jean-Christophe Filliâtre
%I Elsevier
%P 216–233
%V 91
%X <p>CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.</p>
%> https://haslab.uminho.pt/sites/default/files/jsp/files/opencertjournal_ack.pdf