Innovations in Systems and Software Engineering

, Volume 6, Issue 3, pp 203–218 | Cite as

Deductive verification of cryptographic software

  • José Bacelar AlmeidaEmail author
  • Manuel Barbosa
  • Jorge Sousa Pinto
  • Bárbara Vieira
Original Paper


We apply state-of-the art deductive verification tools to check security-relevant properties of cryptographic software, including safety, absence of error propagation, and correctness with respect to reference implementations. We also develop techniques to help us in our task, focusing on methods oriented towards increased levels of automation, in scenarios where there are clear obvious limits to such automation. These techniques allow us to integrate automatic proof tools with an interactive proof assistant, where the latter is used off-line to prove once-and-for-all fundamental lemmas about properties of programs. The techniques developed have independent interest for practical deductive verification in general.


Cryptographic algorithms Program verification Program equivalence Self-composition 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Almeida JB, Barbosa M, Pinto JS, Vieira B (2009) Deductive verification of cryptographic software. Technical Report DI-CCTC-09-03, CCTC, Univ. Minho, Available from
  2. 2.
    Ball T, Rajamani SK (2002) The SLAM project: debugging system software via static analysis. In: POPL ’02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 1–3Google Scholar
  3. 3.
    Banerjee A, Naumann DA (2005) Stack-based access control and secure information flow. J Funct Program 15(2): 131–177zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Barnett M, Rustan K, Leino M, Schulte W (2004) The Spec# programming system: an overview. In: Construction and analysis of safe, secure, and interoperable smart devices. Springer, Berlin, pp 49–69Google Scholar
  5. 5.
    Barthe G, D’Argenio PR, Rezk T (2004) Secure information flow by self-composition. In: CSFW. IEEE Computer Society, USA, pp 100–114Google Scholar
  6. 6.
    Baudin P, Filliâtre J-C, Marché C, Monate B, Moy Y, Prevosto V (2008) ACSL: ANSI/ISO C Specfication Language. CEA LIST and INRIA, Preliminary design (version 1.4, December 12, 2008)Google Scholar
  7. 7.
    Benton N (2004) Simple relational correctness proofs for static analyses and program transformations. In: Jones ND, Leroy X (eds) POPL. ACM, New York, pp 14–25CrossRefGoogle Scholar
  8. 8.
    Computer Aided Cryptography Engineering. EU FP7.
  9. 9.
    Chrzaszcz J (2003) Implementation of modules in the Coq system. In: Basin D, Wolff B (eds) Proceedings of the theorem proving in higher order logics 16th international conference. LNCS, vol 2758. Rome, Italy, September 2003. Springer, Berlin, pp 270–286Google Scholar
  10. 10.
    Clarkson MR, Schneider FB (2008) Hyperproperties. In: CSF. IEEE Computer Society, USA, pp 51–65Google Scholar
  11. 11.
    Conchon S, Contejean E, Kanig J (2006) Ergo : a theorem prover for polymorphic first-order logic modulo theories. Available from
  12. 12.
    Cook SA (1978) Soundness and completeness of an axiom system for program verification. SIAM J Comput 7(1): 70–90zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    de Moura L, Bjørner N (2008) Z3: an efficient SMT solver. Lecture Notes in Computer Science, vol 4963/2008. Springer, Berlin, pp 337–340Google Scholar
  14. 14.
    Denning DE, Denning PJ (1977) Certification of programs for secure information flow. Commun ACM 20(7): 504–513zbMATHCrossRefGoogle Scholar
  15. 15.
    Detlefs D, Nelson G, Saxe JB (2005) Simplify: a theorem prover for program checking. J ACM 52(3): 365–473CrossRefMathSciNetGoogle Scholar
  16. 16.
    Dufay G, Felty A, Matwin S (2005) Privacy-sensitive information flow with JML. In: Automated deduction—CADE-20. Springer, Berlin, pp 116–130Google Scholar
  17. 17.
    Filliâtre J-C, Marché C (2007) The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm W, Hermanns H (eds) CAV. Lecture notes in computer science, vol 4590. Springer, Berlin, pp 173–177Google Scholar
  18. 18.
    Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: POPL ’02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 58–70Google Scholar
  19. 19.
    Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12: 576–580zbMATHCrossRefGoogle Scholar
  20. 20.
    Jacobs BPF, Kiniry JR, Warnier ME, Jacobs B, Kiniry J, Warnier M (2003) Java program verification challenges. In: Proceedings of the formal methods for component objects, FMCO 2002. Lecture notes in computer science, vol 2852. Springer, Berlin, pp 202–219Google Scholar
  21. 21.
    Jhala R, Majumdar R (2009) Software model checking. ACM Comput Surv 41(4): 1–54CrossRefGoogle Scholar
  22. 22.
    Leavens GT, Ruby C, Leino KRM, Poll E, Jacobs B (2000) JML (poster session): notations and tools supporting detailed design in Java. In OOPSLA ’00: Addendum to the 2000 proceedings of the conference on Object-oriented programming, systems, languages, and applications (Addendum). ACM, New York, pp 105–106Google Scholar
  23. 23.
    Leino KRM, Joshi R (1998) A semantic approach to secure information flow. Lect Notes Comput Sci 1422: 254–271CrossRefGoogle Scholar
  24. 24.
    Leivant D (1985) Logical and mathematical reasoning about imperative programs. In: POPL, pp 132–140Google Scholar
  25. 25.
    Myers AC (1999) Jflow: Practical mostly-static information flow control. In: POPL, pp 228–241Google Scholar
  26. 26.
    Myers AC, Sabelfeld A, Zdancewic S (2006) Enforcing robust declassification and qualified robustness. J Comput Secur 14(2): 157–196Google Scholar
  27. 27.
    Naumann DA (2006) From coupling relations to mated invariants for checking information flow. In: Computer Security—ESORICS 2006. LNCS, vol 4189, pp 279–296Google Scholar
  28. 28.
    Page D (ed) (2009) CACE Deliverable D1.1: Complete CAO and qhasm specifications. Available from
  29. 29.
    Sabelfeld A, Myers A (2003) Language-based information-flow security. IEEE J Selected Areas Commun 21(1): 5–19CrossRefGoogle Scholar
  30. 30.
    Schneier B (1996) Applied cryptography: protocols, algorithms, and source code in C, 2nd edn. Wiley, New YorkzbMATHGoogle Scholar
  31. 31.
    Terauchi T, Aiken A (2005) Secure information flow as a safety problem. In: Hankin C, Siveroni I (eds) SAS. Lecture notes in computer science, vol 3672. Springer, Berlin, pp 352–367Google Scholar
  32. 32.
    The Coq Development Team. The Coq Proof Assistant Reference Manual—Version V8.2, 2008.
  33. 33.
    The OpenSSL Project.
  34. 34.
    Tse S, Zdancewic S (2005) A design for a security-typed language with certificate-based declassification. In: Sagiv S (ed) ESOP. Lecture notes in computer science, vol 3444. Springer, Berlin, pp 279–294Google Scholar
  35. 35.
    Vaughan JA, Zdancewic S (2007) A cryptographic decentralized label model. In: IEEE symposium on security and privacy. IEEE Computer Society, USA, pp 192–206Google Scholar
  36. 36.
    Volpano DM, Smith G (1997) A type-based approach to program security. In: Bidoit M, Dauchet M (eds) TAPSOFT. Lecture notes in computer science, vol 1214. Springer, Berlin, pp 607–621Google Scholar
  37. 37.
    Warnier M, Oostdijk M (2005) Non-interference in JML. Technical Report ICIS-R05034, Nijmegen Institute for Computing and Information SciencesGoogle Scholar

Copyright information

© Springer-Verlag London Limited 2010

Authors and Affiliations

  • José Bacelar Almeida
    • 1
    Email author
  • Manuel Barbosa
    • 1
  • Jorge Sousa Pinto
    • 1
  • Bárbara Vieira
    • 1
  1. 1.CCTC/Departamento de InformáticaUniversidade do MinhoBragaPortugal

Personalised recommendations