Verification Across Intellectual Property Boundaries

  • Sagar Chaki
  • Christian Schallhart
  • Helmut Veith
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4590)


In many industries, the share of software components provided by third-party suppliers is steadily increasing. As the suppliers seek to secure their intellectual property (IP) rights, the customer usually has no direct access to the suppliers’ source code, and is able to enforce the use of verification tools only by legal requirements. In turn, the supplier has no means to convince the customer about successful verification without revealing the source code. This paper presents a new approach to resolve the conflict between the IP interests of the supplier and the quality interests of the customer. We introduce a protocol in which a dedicated server (called the “amanat”) is controlled by both parties: the customer controls the verification task performed by the amanat, while the supplier controls the communication channels of the amanat to ensure that the amanat does not leak information about the source code. We argue that the protocol is both practically useful and mathematically sound. As the protocol is based on well-known (and relatively lightweight) cryptographic primitives, it allows a straightforward implementation on top of existing verification tool chains. To substantiate our security claims, we establish the correctness of the protocol by cryptographic reduction proofs.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Heinecke, H.: Automotive Open System Architecture-An Industry-Wide Initiative to Manage the Complexity of Emerging Automotive E/E Architectures. In: Society of Automotive Engineers World Congress (2004)Google Scholar
  2. 2.
    Broy, M.: Challenges in automotive software engineering. In: ICSE ’06., pp. 33–42 (2006)Google Scholar
  3. 3.
    Ball, T., Cook, B., Levin, V., Rajamani, S.: SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft. In: Boiten, E.A., Derrick, J., Smith, G.P. (eds.) IFM 2004. LNCS, vol. 2999, Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Ball, T., Rajamani, S.K.: Automatically Validating Temporal Safety Properties of Interfaces. In: Dwyer, M.B. (ed.) Model Checking Software. LNCS, vol. 2057, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy Abstraction. In: Proc. 29th POPL, Association for Computing Machinery, pp. 58–70 (2002)Google Scholar
  6. 6.
    Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. In: Proc. ICSE 2003, pp. 385–395 (2003)Google Scholar
  7. 7.
    Cook, B., Podelski, A., Rybalchenko, A.: Terminator: Beyond safety. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 415–418. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Gotsman, A., Berdine, J., Cook, B.: Interprocedural shape analysis with separated heap abstractions. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 240–260. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X., Miné, A., Monniaux, D., Rival, X.: The astrée analyser. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3), 217–298 (2002)CrossRefGoogle Scholar
  11. 11.
    Wiedijk, F. (ed.): The Seventeen Provers of the World. LNCS (LNAI), vol. 3600. Springer, Heidelberg (2006)Google Scholar
  12. 12.
    Wenzel, I., Kirner, R., Rieder, B., Puschner, P.P.: Measurement-based worst-case execution time analysis. In: SEUS 2005, pp. 7–10 (2005)Google Scholar
  13. 13.
    Ferdinand, C., Heckmann, R., Wilhelm, R.: Analyzing the worst-case execution time by abstract interpretation of executable code. In: Broy, M., Krüger, I.H., Meisinger, M. (eds.) ASWSD 2004. LNCS, vol. 4147, pp. 1–14. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Goldreich, O.: Foundations of Cryptography. In: Basic Applications, vol. II, Cambridge University Press, Cambridge (2004)Google Scholar
  15. 15.
    Balakrishnan, G., Reps, T.: DIVINE: DIscovering Variables IN Executables. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 1–28. Springer, Heidelberg (2007)Google Scholar
  16. 16.
    Debray, S.K., Muth, R., Weippert, M.: Alias analysis of executable code. In: Proc. 26th POPL. (1999)Google Scholar
  17. 17.
    Reps, T.W., Balakrishnan, G., Lim, J., Teitelbaum, T.: A next-generation platform for analyzing executables. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 212–229. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Cifuentes, C., Fraboulet, A.: Intraprocedural static slicing of binary executables. In: ICSM, pp. 188–195 (1997)Google Scholar
  19. 19.
    Christodorescu, M., Jha, S., Seshia, S.A., Song, D.X., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy, pp. 32–46. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  20. 20.
    Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 174–187. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Colin, S., Mariani, L.: Run-Time Verification. In: Broy, M., Jonsson, B., Katoen, J.-P., Leucker, M., Pretschner, A. (eds.) Model-Based Testing of Reactive Systems. LNCS, vol. 3472, Springer, Heidelberg (2005)Google Scholar
  22. 22.
    Lee, D., Yannakakis, M.: Testing finite-state machines: State identification and verification. IEEE Transactions on Computers 43(3), 306–320 (1994)CrossRefGoogle Scholar
  23. 23.
    Lee, D., Yannakakis, M.: Principles and methods of testing finite state machines – a survey. In: Proceedings of the IEEE, vol. 84(8), pp. 1090–1126 (1996)Google Scholar
  24. 24.
    Necula, G.C.: Proof-Carrying Code. In: Proc. 24th POPL, Paris, France, January 15–17, 1997, pp. 106–119. Association for Computing Machinery, York, NY (1997)Google Scholar
  25. 25.
    Goldreich, O.: Secure multi-party computation. Final Draft, Version 1.4 (2002)Google Scholar
  26. 26.
    Ben-Or, M., Goldreich, O., Goldwasser, S., Hastad, J., Kilian, J., Micali, S., Rogaway, P.: Everything Provable is Provable in Zero-Knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, Heidelberg (1990)Google Scholar
  27. 27.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. Siam Journal on Computing 30(2), 391–437 (2000)MATHCrossRefGoogle Scholar
  28. 28.
    Petitcolas, F., Katzenbeisser, S. (eds.): Information Hiding Techniques for Steganography and Digital Watermarking. Artech House (2000)Google Scholar
  29. 29.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, CRC Press (1997)Google Scholar
  30. 30.
    Cramer, R., Shoup, V.: Signature Schemes Based on the String RSA Assumption. ACM Transactions on Information and System Security 3(3), 161–185 (2000)CrossRefGoogle Scholar
  31. 31.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MATHCrossRefGoogle Scholar
  32. 32.
    NIST: NIST FIPS PUB 180-1, Secure Hash Standard (1995)Google Scholar
  33. 33.
    Chaki, S., Schallhart, C., Veith, H.: Verification Across Intellectual Property Boundaries (2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Sagar Chaki
    • 1
  • Christian Schallhart
    • 2
  • Helmut Veith
    • 2
  1. 1.Software Engineering Institute, Carnegie Mellon UniversityUSA
  2. 2.Institut für Informatik, Technische Universität MünchenGermany

Personalised recommendations