IMDEA Software

Iniciativa IMDEA

Inicio > Eventos > Charlas Invitadas > 2011 > Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution
Esta página aún no ha sido traducida. A continuación se muestra la página en inglés.

Misha Aizatulin

jueves 24 de noviembre de 2011

3:00pm IMDEA conference room

Misha Aizatulin, PhD Student, Open University, United Kingdom

Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution

Abstract:

Consider the problem of verifying security properties of a cryptographic protocol coded in C. We propose an automatic solution that needs neither a pre-existing protocol description nor manual annotation of source code. First, symbolically execute the C program to obtain symbolic descriptions for the network messages sent by the protocol. Second, apply algebraic rewriting to obtain a process calculus description. Third, run an existing protocol analyser (ProVerif) to prove security properties or find attacks. We analyse only a single execution path, so our results are limited to protocols with no significant branching. Our results provide the first computationally sound verification of weak secrecy and authentication for (single execution paths of) C code.