Title :
Understanding security goals provided by crypto-protocol implementations
Author_Institution :
Dept. of Informatics, TU Munich, Germany
Abstract :
Understanding the security goals provided by cryptographic protocol implementations is known to be difficult, since security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the presence of cryptographic interactions. A lot of research has been devoted to develop formal techniques to analyze abstract specifications of cryptographic protocols. Less attention has been paid to the source code analysis of legacy crypto-protocol implementations, for which specifications are often not available. This is an important challenge since it is non-trivial to determine from a given protocol implementation exactly which security goals are achieved, which is necessary for a reliable maintenance of security-critical systems. In this paper, we propose an approach to determine security goals provided by an implemented protocol based on control flow graphs and automated theorem provers for first-order logic.
Keywords :
cryptography; formal specification; formal verification; protocols; safety-critical software; software maintenance; automated theorem prover; control flow graph; cryptographic protocol implementation; first-order logic; formal specification; legacy crypto-protocol implementation; security goal; security-critical system; software maintenance; software reliability; source code analysis; Automatic logic units; Cryptographic protocols; Cryptography; Data engineering; Data security; Flow graphs; Informatics; Power system security; Software systems; Systems engineering and theory;
Conference_Titel :
Software Maintenance, 2005. ICSM'05. Proceedings of the 21st IEEE International Conference on
Print_ISBN :
0-7695-2368-4
DOI :
10.1109/ICSM.2005.97
