Formal Verification of Security Protocol Implementations: A Survey

A Bauer; A Bauer; A Pironti; A Pironti; Alfredo Pironti; D Dolev; D Otway; E Kleiner; EM Clarke; G Lowe; G Schellhorn; GT Leavens; J Bengtson; J Jürjens; J Jürjens; K Bhargavan; L Viganò; LC Paulson; M Abadi; M Abadi; M Abadi; M Abadi; M Avalle; Matteo Avalle; Riccardo Sisto; RM Needham; S Goldwasser; V Cortier

research

Formal Verification of Security Protocol Implementations: A Survey

Authors: A Bauer
A Bauer
A Pironti
A Pironti
Alfredo Pironti
D Dolev
D Otway
E Kleiner
EM Clarke
G Lowe
G Schellhorn
GT Leavens
J Bengtson
J Jürjens
J Jürjens
K Bhargavan
L Viganò
LC Paulson
M Abadi
M Abadi
M Abadi
M Abadi
M Avalle
Matteo Avalle
Riccardo Sisto
RM Needham
S Goldwasser
V Cortier
Publication date: 1 January 2014
Publisher: Springer
Doi

Abstract

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac