CAOVerif: An open-source deductive verification platform for cryptographic software implementations

Thumbnail Image
Date
2014
Authors
José Bacelar Almeida
Manuel Barbosa
Filliatre,JC
Jorge Sousa Pinto
Vieira,B
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.
Description
Keywords
Citation