Verifying cryptographic code in C: Some experience and the Csec challenge

Aizatulin, M.; Dupressoir, F.; Gordon, A.D.; Jürjens, J.

doi:10.1007/978-3-642-29420-4_1

2012

Conference Paper

Abstract

The security of much critical infrastructure depends in part on cryptographic software coded in C, and yet vulnerabilities continue to be discovered in such software. We describe recent progress on checking the security of C code implementing cryptographic software. In particular, we describe projects that combine verification-condition generation and symbolic execution techniques for C, with methods for stating and verifying security properties of abstract models of cryptographic protocols. We illustrate these techniques on C code for a simple two-message protocol.

Author(s)

Aizatulin, M.

Dupressoir, F.

Gordon, A.D.

Jürjens, J.

Mainwork

Formal aspects of security and trust. 8th International workshop, FAST 2011

Conference

International Workshop on Formal Aspects of Security and Trust (FAST) 2011

Options

Verifying cryptographic code in C: Some experience and the Csec challenge