19,449 research outputs found
Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution
Consider the problem of verifying security properties of a cryptographic
protocol coded in C. We propose an automatic solution that needs neither a
pre-existing protocol description nor manual annotation of source code. First,
symbolically execute the C program to obtain symbolic descriptions for the
network messages sent by the protocol. Second, apply algebraic rewriting to
obtain a process calculus description. Third, run an existing protocol analyser
(ProVerif) to prove security properties or find attacks. We formalise our
algorithm and appeal to existing results for ProVerif to establish
computational soundness under suitable circumstances. We analyse only a single
execution path, so our results are limited to protocols with no significant
branching. The results in this paper provide the first computationally sound
verification of weak secrecy and authentication for (single execution paths of)
C code
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Evaluation of a wave-vector-frequency-domain method for nonlinear wave propagation
A wave-vector-frequency-domain method is presented to describe one-directional forward or backward acoustic wave propagation in a nonlinear homogeneous medium. Starting from a frequency-domain representation of the second-order nonlinear acoustic wave equation, an implicit solution for
the nonlinear term is proposed by employing the Green’s function. Its approximation, which is more suitable for numerical implementation, is used. An error study is carried out to test the efficiency of the model by comparing the results with the Fubini solution. It is shown that the error grows as the propagation distance and step-size increase. However, for the specific case tested, even at a step size as large as one wavelength, sufficient accuracy for plane-wave propagation is observed. A two-dimensional steered transducer problem is explored to verify the nonlinear acoustic field directional independence
of the model. A three-dimensional single-element transducer problem is solved to verify the forward model by comparing it with an existing nonlinear wave propagation code. Finally, backward-projection behavior is examined. The sound field over a plane in an absorptive medium is backward
projected to the source and compared with the initial field, where good agreement is observed
MFC: An open-source high-order multi-component, multi-phase, and multi-scale compressible flow solver
MFC is an open-source tool for solving multi-component, multi-phase, and bubbly compressible flows. It is capable of efficiently solving a wide range of flows, including droplet atomization, shock–bubble interaction, and bubble dynamics. We present the 5- and 6-equation thermodynamically-consistent diffuse-interface models we use to handle such flows, which are coupled to high-order interface-capturing methods, HLL-type Riemann solvers, and TVD time-integration schemes that are capable of simulating unsteady flows with strong shocks. The numerical methods are implemented in a flexible, modular framework that is amenable to future development. The methods we employ are validated via comparisons to experimental results for shock–bubble, shock–droplet, and shock–water-cylinder interaction problems and verified to be free of spurious oscillations for material-interface advection and gas–liquid Riemann problems. For smooth solutions, such as the advection of an isentropic vortex, the methods are verified to be high-order accurate. Illustrative examples involving shock–bubble-vessel-wall and acoustic–bubble-net interactions are used to demonstrate the full capabilities of MFC
Formally based semi-automatic implementation of an open security protocol
International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation
Automatically Leveraging MapReduce Frameworks for Data-Intensive Applications
MapReduce is a popular programming paradigm for developing large-scale,
data-intensive computation. Many frameworks that implement this paradigm have
recently been developed. To leverage these frameworks, however, developers must
become familiar with their APIs and rewrite existing code. Casper is a new tool
that automatically translates sequential Java programs into the MapReduce
paradigm. Casper identifies potential code fragments to rewrite and translates
them in two steps: (1) Casper uses program synthesis to search for a program
summary (i.e., a functional specification) of each code fragment. The summary
is expressed using a high-level intermediate language resembling the MapReduce
paradigm and verified to be semantically equivalent to the original using a
theorem prover. (2) Casper generates executable code from the summary, using
either the Hadoop, Spark, or Flink API. We evaluated Casper by automatically
converting real-world, sequential Java benchmarks to MapReduce. The resulting
benchmarks perform up to 48.2x faster compared to the original.Comment: 12 pages, additional 4 pages of references and appendi
Verified Correctness and Security of mbedTLS HMAC-DRBG
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A),
and we have proved its cryptographic security--that its output is
pseudorandom--using a hybrid game-based proof. We have also proved that the
mbedTLS implementation (C program) correctly implements this functional
specification. That proof composes with an existing C compiler correctness
proof to guarantee, end-to-end, that the machine language program gives strong
pseudorandomness. All proofs (hybrid games, C program verification, compiler,
and their composition) are machine-checked in the Coq proof assistant. Our
proofs are modular: the hybrid game proof holds on any implementation of
HMAC-DRBG that satisfies our functional specification. Therefore, our
functional specification can serve as a high-assurance reference.Comment: Appearing in CCS '1
Stateless HOL
We present a version of the HOL Light system that supports undoing
definitions in such a way that this does not compromise the soundness of the
logic. In our system the code that keeps track of the constants that have been
defined thus far has been moved out of the kernel. This means that the kernel
now is purely functional.
The changes to the system are small. All existing HOL Light developments can
be run by the stateless system with only minor changes.
The basic principle behind the system is not to name constants by strings,
but by pairs consisting of a string and a definition. This means that the data
structures for the terms are all merged into one big graph. OCaml - the
implementation language of the system - can use pointer equality to establish
equality of data structures fast. This allows the system to run at acceptable
speeds. Our system runs at about 85% of the speed of the stateful version of
HOL Light.Comment: In Proceedings TYPES 2009, arXiv:1103.311
- …