Output details
11 - Computer Science and Informatics
University of Edinburgh
Extracting and verifying cryptographic models from C protocol code by symbolic execution
<10> Originality: The results in this paper provide the first computationally sound verification of weak secrecy and authentication for (single execution paths of) cryptographic code in C code.
Significance: All prior work on verifying cryptographic code in C requires many manual annotations; our method is automatic, and helps find bugs quickly; several unknown bugs were discovered. Follow on work verifies 3000 LOC, more than any other method for this problem. Download http://research.microsoft.com/en-us/projects/csec/
Rigour: The paper includes formal correctness proofs, and also evaluation of the method on about 2000 LOC of examples. Acceptance rate of CCS 2011 is 14%.