Date post: | 04-Jul-2015 |
Category: |
Technology |
Upload: | paulo-silva |
View: | 89 times |
Download: | 2 times |
Machine Assisted Verification Tools forCryptography
Paulo Silva1 Manuel Barbosa1
1Departamento de InformáticaComputer Science and Technology Centre (CCTC/DI)
Universidade do MinhoPortugal
October 13, 2010
Computer Aided Cryptography Engineering (CACE)
European FP7 Project(http://www.cace-project.eu)Overal objectives:
Design, develop and deploy a toolbox for cryptographicsoftware engineeringAllow non-experts to develop high-level cryptographicapplications using cryptography-aware programminglanguages and tools
Our group is responsible for the Work Package 5 (WP5):Formal Verification and Validation of CryptographicSoftware
Formal Verification and Validation (WP5)
Adapt validation, verification and certification of securesoftware techniques to the CACE projectExtend languages and tools to include machine assistedverification of correctness and conformance to securitypoliciesImplement a certified shared library core
CAO Language
CAO Language
Small and simple domain specific languageGeared toward the automatic production of highly efficienttarget code subject to security-aware optimizationsClose to cryptographic standardsType system supports cryptographic types such as bitstrings, matrices and field extensionsWe have a complete formalization of CAO’s:
SyntaxSemanticsType system
We have implemented a fully functional CAO interpreter
CAO Language Example (AES fragment)
typedef GF2 := mod[ 2 ];typedef GF2N :=mod[ GF2<X> / X**8 + X**4 + X**3 + X + 1 ];
typedef S := matrix[4,4] of GF2N;
def mix : matrix[4,4] of GF2N :={[X],[X+1],[1],[1],[1],[X],[X+1],[1],[1],[1],[X],[X+1],[X+1],[1],[1],[X]};
def MixColumns( s : S ) : S {def r : S;seq i := 0 to 3 {
r[0..3,i] := mix * s[0..3,i]; }return r; }
Deductive Verification
Deductive Verification
Tools based on variations of Hoare logicAxioms and inference rules capture the semantics ofimperative languagesPrograms are bound to contracts: a pre- and apost-conditionIf pre-condition is met at the inputs, program guaranteespost-conditions at the outputs
Deductive Verification
Annotation Language (CAO-SL) Properties that must beproven (specification) and extra information tofacilitate verification are included in source codeas annotations.
Verification condition generator (VCGen) The annotatedprogram is used to generate a set of proofobligations. The validity of these proof obligationswill imply that the software is indeed correct withrespect to the specification.
Proof generation Proof obligations are theorems of first-orderlogic that must be proven, using a first-orderautomatic proof tool (e.g. Simplify) or a proofassistant (e.g. Coq) to construct the proof.
CALF Language
CALF Language
Higher-level than CAOMore powerful abstraction to write generic codeA suitable candidate for direct translation andimplementation of cryptographic standardsStatic verification and pre-processing tool for enhancedCAO source code.
CALF to CAO compiler
High-assurance compiler that translates CALF to CAOcodeAdvanced type system based on dependent types toensure that certain properties are metMore manageable than deductive verificationMay be used to reduce the number of proof obligationsExample: ensures that the access to a vector position iswithin bounds (memory safe)
CALF Language Example (RSA fragment)
typedef RSAPub<(n : int)> :=struct [ def e : int; ];
def RSA<(n : int)>(k : RSAPub<(n)>, m : int ) : int{
def c : mod[n];
c := (mod[n]) m;c := c ** k.e;return (int) c;
}
Ongoing Work
Proofs about CAO formalization, namely, type safetyData type classifiersVerification of cryptographic libraries (NaCl)Compiler from CAO to C