当前位置: X-MOL 学术arXiv.cs.PL › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Verifying Cryptographic Security Implementations in C Using Automated Model Extraction
arXiv - CS - Programming Languages Pub Date : 2020-01-03 , DOI: arxiv-2001.00806
Mihhail Aizatulin

This thesis presents an automated method for verifying security properties of protocol implementations written in the C language. We assume that each successful run of a protocol follows the same path through the C code, justified by the fact that typical security protocols have linear structure. We then perform symbolic execution of that path to extract a model expressed in a process calculus similar to the one used by the CryptoVerif tool. The symbolic execution uses a novel algorithm that allows symbolic variables to represent bitstrings of potentially unknown length to model incoming protocol messages. The extracted models do not use pointer-addressed memory, but they may still contain low-level details concerning message formats. In the next step we replace the message formatting expressions by abstract tupling and projection operators. The properties of these operators, such as the projection operation being the inverse of the tupling operation, are typically only satisfied with respect to inputs of correct types. Therefore we typecheck the model to ensure that all type-safety constraints are satisfied. The resulting model can then be verified with CryptoVerif to obtain a computational security result directly, or with ProVerif, to obtain a computational security result by invoking a computational soundness theorem. Our method achieves high automation and does not require user input beyond what is necessary to specify the properties of the cryptographic primitives and the desired security goals. We evaluated the method on several protocol implementations, totalling over 3000 lines of code. The biggest case study was a 1000-line implementation that was independently written without verification in mind. We found several flaws that were acknowledged and fixed by the authors, and were able to verify the fixed code without any further modifications to it.

中文翻译:

使用自动模型提取验证 C 中的加密安全实现

本文提出了一种验证C语言编写的协议实现的安全属性的自动化方法。我们假设协议的每次成功运行都遵循相同的 C 代码路径,典型安全协议具有线性结构这一事实证明了这一点。然后我们对该路径执行符号执行以提取一个模型,该模型以类似于 CryptoVerif 工具使用的过程演算的方式表示。符号执行使用一种新颖的算法,该算法允许符号变量表示潜在未知长度的位串,以对传入的协议消息进行建模。提取的模型不使用指针寻址内存,但它们可能仍包含有关消息格式的低级详细信息。在下一步中,我们用抽象元组和投影运算符替换消息格式化表达式。这些运算符的属性,例如投影运算是元组运算的逆运算,通常仅在输入正确类型时才满足。因此,我们对模型进行类型检查以确保满足所有类型安全约束。然后可以使用 CryptoVerif 验证生成的模型以直接获得计算安全结果,或使用 ProVerif 验证通过调用计算稳健性定理获得计算安全结果。我们的方法实现了高度自动化,并且不需要超出指定密码原语属性和所需安全目标所需的用户输入。我们在几个协议实现上评估了该方法,总共超过 3000 行代码。最大的案例研究是一个 1000 行的实现,它是独立编写的,没有考虑验证。我们发现了作者承认并修复的几个缺陷,并且能够验证修复后的代码而无需对其进行任何进一步修改。
更新日期:2020-01-06
down
wechat
bug