English
Related papers

Related papers: Verifying Cryptographic Security Implementations i…

200 papers

We present an algorithm for tests generation tools based on symbolic execution. The algorithm is supposed to help in situations, when a tool is repeatedly failing to cover some code by tests. The algorithm then provides the tool a necessary…

Symbolic Computation · Computer Science 2011-12-21 Marek Trtík

Current static verification techniques support a wide range of programs. However, such techniques only support complete and detailed specifications, which places an undue burden on users. To solve this problem, prior work proposed gradual…

Automated security protocol verifiers such as ProVerif and Tamarin have been increasingly applied to verify large scale complex real-world protocols. While their ability to automate difficult reasoning processes required to handle protocols…

Cryptography and Security · Computer Science 2024-08-26 Di Long Li , Jim de Groot , Alwen Tiu

Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by…

Cryptography and Security · Computer Science 2009-10-22 Qurat ul Ain Nizamani , Emilio Tuosto

Static analysis is the analysis of a program without executing it, usually carried out by an automated tool. Symbolic execution is a popular static analysis technique used both in program verification and in bug detection software. It works…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Zoltan Porkolab

Symbolic execution is a powerful verification tool for hardware designs, but suffers from the path explosion problem. We introduce a new approach, piecewise composition, which leverages the modular structure of hardware to transfer the work…

Cryptography and Security · Computer Science 2023-04-13 Kaki Ryan , Cynthia Sturton

Aiming for strong security assurance, recently there has been an increasing interest in formal verification of cryptographic constructions. This paper presents a mechanised formal verification of the popular Pedersen commitment protocol,…

Cryptography and Security · Computer Science 2019-01-17 Roberto Metere , Changyu Dong

Testing has become an indispensable activity of software development, yet writing good and relevant tests remains a quite challenging task. One well-known problem is that it often is impossible or unrealistic to test for every outcome, as…

Programming Languages · Computer Science 2017-08-18 Dimitri Racordon , Didier Buchs

This paper presents an evaluation of the code representation model Code2vec when trained on the task of detecting security vulnerabilities in C source code. We leverage the open-source library astminer to extract path-contexts from the…

Cryptography and Security · Computer Science 2021-06-04 David Coimbra , Sofia Reis , Rui Abreu , Corina Păsăreanu , Hakan Erdogmus

CHERI-C extends the C programming language by adding hardware capabilities, ensuring a certain degree of memory safety while remaining efficient. Capabilities can also be employed for higher-level security measures, such as software…

Logic in Computer Science · Computer Science 2023-04-26 Seung Hoon Park , Rekha Pai , Tom Melham

Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state systems. Proofs are generated using…

Cryptography and Security · Computer Science 2021-05-14 Lawrence C. Paulson

We present a new technique for verifying correspondences in security protocols. In particular, correspondences can be used to formalize authentication. Our technique is fully automatic, it can handle an unbounded number of sessions of the…

Cryptography and Security · Computer Science 2008-02-26 Bruno Blanchet

We present the Foundational Cryptography Framework (FCF) for developing and checking complete proofs of security for cryptographic schemes within a proof assistant. This is a general-purpose framework that is capable of modeling and…

Programming Languages · Computer Science 2014-10-15 Adam Petcher , Greg Morrisett

When implementing secure software, developers must ensure certain requirements, such as the erasure of secret data after its use and execution in real time. Such requirements are not explicitly captured by the C language and could…

Cryptography and Security · Computer Science 2019-07-08 A. P. Shivarpatna Venkatesh , A. Bhat Handadi , M. Mory

In this paper, we consider the problem of verifying anonymity and unlinkability in the symbolic model, where protocols are represented as processes in a variant of the applied pi calculus, notably used in the ProVerif tool. Existing tools…

Cryptography and Security · Computer Science 2019-04-09 Lucca Hirschi , David Baelde , Stéphanie Delaune

Evaluating the correctness of code generated by AI is a challenging open problem. In this paper, we propose a fully automated method, named ACCA, to evaluate the correctness of AI-generated code for security purposes. The method uses…

Software Engineering · Computer Science 2024-06-11 Domenico Cotroneo , Alessio Foggia , Cristina Improta , Pietro Liguori , Roberto Natella

There is a large amount of work dedicated to the formal verification of security protocols. In this paper, we revisit and extend the NP-complete decision procedure for a bounded number of sessions. We use a, now standard, deducibility…

Logic in Computer Science · Computer Science 2009-03-20 Hubert Comon-Lundh , Véronique Cortier , Eugen Zalinescu

Universal Composability (UC) is the gold standard for cryptographic security, but mechanizing proofs of UC is notoriously difficult. A recently-discovered connection between UC and Robust Compilation (RC)$\unicode{x2014}$a novel theory of…

Cryptography and Security · Computer Science 2024-11-05 Robert Künnemann , Marco Patrignani , Ethan Cecchetti

Developing secure distributed systems is difficult, and even harder when advanced cryptography must be used to achieve security goals. Following prior work, we advocate using secure program partitioning to synthesize cryptographic…

Cryptography and Security · Computer Science 2024-01-10 Coşku Acay , Joshua Gancher , Rolph Recto , Andrew C. Myers

Large language models (LLMs) are increasingly used to assist developers with code, yet their implementations of cryptographic functionality often contain exploitable flaws. Minor design choices (e.g., static initialization vectors or…

Cryptography and Security · Computer Science 2026-02-09 Max Manolov , Tony Gao , Siddharth Shukla , Cheng-Ting Chou , Ryan Lagasse