Cryptographic protocol analysis on real c code

Question

1. What have the authors contributed in "Cryptographic protocol analysis on real c code" ?

2. What are the future works mentioned in the paper "Cryptographic protocol analysis on real c code" ?

3. What is the purpose of the csur_cc compiler?

4. What is the effect of applying +b ®2?

Accepted Answer

The authors describe how cryptographic protocol verification techniques based on solving clause sets can be applied to detect vulnerabilities of C programs in the Dolev-Yao model, statically.

Accepted Answer

Despite the shortcomings that their approach clearly still has, and which will be the subject of future work, the authors would like to stress the importance of trust assertions as a logical way of linking the in-memory model of values to the abstract Dolev-Yao model of messages ; and the fact that compiling to Horn clauses is an effective, yet simple way of checking complex trust and security properties.

Accepted Answer

The csur_cc compiler also collects trust assertions as it analyzes C code, and spits out a collection of Horn clauses which are then fed to an ¿ solver—currently SPASS [27, 26] or the first author’s prototype h1 prover.

Accepted Answer

The effect of applying µ+¶b· ¬ ®² is to close all facts in and under any finite number of applications of intruder and honest principal rules from the outside world.

Accepted Answer

El Kadhi and Boury analyze Java applets (from bytecode, not source), and concentrate on a well-behaved subset of Java, where method calls are assumed to be inlined.

Accepted Answer

A local variable struct y0Û loc is also used to hold local variables, another y0Û ret to hold the return value, and the assignment Ðy0Û ret Û &return is simulated.

Accepted Answer

While buffer overflows are probably the most efficient technique of attack against real implementations (even not of cryptographic protocols; for hackers, see [11]), they can be and have already been analyzed [25, 24].

Accepted Answer

But the authors would still need an external trust model, representing malicious intruders, and honest agents of other protocols which may share secrets with the analyzed programs.

Accepted Answer

Their aim is not to detect subtle buffer overflows, which are better handled by other techniques, but to detect the same kind of bugs that cryptographic protocols are fraught with, only on actual implementations.

Accepted Answer

the security properties examined in [6] are models of leakage of sensitive data: sensitive data are those data stored in specially marked class fields, and are tracked through the program and the possible actions of the intruder; data can be leaked to the Dolev-Yao intruder, or more generally to untrusted classes in the programming environment.

Accepted Answer

Starting from the main function, the second phase uses a hybrid analyzer (computing abstract memory zones and collecting all Horn clauses for all program points) and performs function calls using the above table.

Accepted Answer

The second purpose of trust assertions is to state initial security assumptions: see the comment on line 67, which states that the array ip_id is trusted to contain u ’s identity, initially.

Accepted Answer

The first is to describe the effect of functions in the API in terms of the Dolev-Yao model; in particular, to abstract away the effect of low-level cryptographic functions that are used in the analyzed program (e.g., the OpenSSL crypto lib), or of the standard C library (see the comment on line 47, which abstracts away the behavior of the write function, stating that any message sent to write through the buffer buf will be known to the Dolev-Yao intruder).

Accepted Answer

The StuPa tool [6] uses different static analysis frameworks to model the Dolev-Yao intruder and to analyze information flow through the analyzed applet; the authors use a uniform approach based on Horn clauses.

Accepted Answer

Aliasing in Java is simpler to handle in Java than in C: the only aliases that may occur in Java arise from objects that can be accessed through different access paths (e.g., different variables); in C, more complex aliases may occur, such as through pointers to variables (see &mesg1 for example in Figure 2).

Cryptographic protocol analysis on real c code

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What have the authors contributed in "Cryptographic protocol analysis on real c code" ?

2. What are the future works mentioned in the paper "Cryptographic protocol analysis on real c code" ?

3. What is the purpose of the csur_cc compiler?

4. What is the effect of applying +b ®2?

5. What is the purpose of the analysis?

6. What is the struct y0 loc used to hold?

7. What is the efficient technique of attack against real implementations?

8. What would be the need for external trust model?

9. What is the aim of this paper?

10. What are the security properties of the Dolev-Yao intruder?

11. What is the purpose of the second phase?

12. What is the purpose of the second purpose of trust assertions?

13. What is the purpose of the comment at line 20?

14. What is the purpose of the StuPa tool?

15. What is the difference between Java and C?

Figures

Citations

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

A messy state of the union: taming the composite state machines of TLS

Verified interoperable implementations of security protocols

Verified interoperable implementations of security protocols

Security protocol verification: symbolic and computational models

References

Communication and Concurrency

On the security of public key protocols

Using encryption for authentication in large networks of computers

An efficient cryptographic protocol verifier based on prolog rules

Program Analysis and Specialization for the C Programming Language

Related Papers (5)

An efficient cryptographic protocol verifier based on prolog rules

On the security of public key protocols

Verified interoperable implementations of security protocols

Using encryption for authentication in large networks of computers

Mobile values, new names, and secure communication