• PDF / 341,928 Bytes
• 20 Pages / 439.363 x 666.131 pts Page_size
• 14 Downloads / 211 Views

DOWNLOAD

REPORT

University of Trier, Germany Karlsruhe Institute of Technology, Germany {kuesters,scapin,truderung}@uni-trier.de, [email protected] 2

Abstract. In our previous work, we have proposed a framework which allows tools that can check standard noninterference properties but a priori cannot deal with cryptography to establish cryptographic indistinguishability properties, such as privacy properties, for Java programs. We refer to this framework as the CVJ framework (Cryptographic Verification of Java Programs) in this paper. While so far the CVJ framework directly supports public-key encryption (without corruption and without a public-key infrastructure) only, in this work we further instantiate the framework to support, among others, public-key encryption and digital signatures, both with corruption and a public-key infrastructure, as well as (private) symmetric encryption. Since these cryptographic primitives are very common in security-critical applications, our extensions make the framework much more widely applicable. To illustrate the usefulness and applicability of the extensions proposed in this paper, we apply the framework along with the tool Joana, which allows for the fully automatic verification of noninterference properties of Java programs, to establish cryptographic privacy properties of a (non-trivial) cloud storage application, where clients can store private information on a remote server.

1 Introduction In [24], a framework has been proposed which allows tools that can check standard noninterference properties but cannot deal with cryptography directly, in particular probabilities and polynomially bounded adversaries, to establish cryptographic indistinguishability properties, such as privacy properties, for Java programs. In this paper, we refer to this framework as the CVJ framework (Cryptographic Verification of Java programs). The framework combines techniques from program analysis and cryptography, more specifically, universal composability [9,19,27,29], a well-established concept in cryptography. The idea is to first check noninterference properties for the Java program to be analyzed where cryptographic operations (such as encryption) are performed within so-called ideal functionalities. Such functionalities typically provide guarantees even in the face of unbounded adversaries and can often be formulated without probabilistic operations. Therefore, such analysis can be carried out by tools that a priori cannot deal with cryptography (probabilities, polynomially bounded adversaries). Theorems shown within the framework now imply that the Java program enjoys strong cryptographic indistinguishability properties when the ideal functionalities are replaced by their realizations, i.e., the actual cryptographic operations. M. Abadi and S. Kremer (Eds.): POST 2014, LNCS 8414, pp. 220–239, 2014. c Springer-Verlag Berlin Heidelberg 2014 

Extending and Applying a Framework for the Cryptographic Verification

221

The theorems proved within the CVJ framework are very general in that they guarantee that any i

Recommend Documents

Java and the Java Virtual Machine Definition, Verification, Validati

181 34 27MB

Compiling and Running Java Programs

185 21 53MB

Applying a UX Framework

237 75 2MB

ROSMonitoring: A Runtime Verification Framework for ROS

323 47 65MB

API Based Discrimination of Ransomware and Benign Cryptographic Programs

150 86 95MB

Jaint: A Framework for User-Defined Dynamic Taint-Analyses Based on Dynamic Symbolic Execution of Java Programs

167 23 19MB

History-Based Specification and Verification of Java Collections in KeY

170 101 19MB

Verification of Programs with Pointers in SPARK

144 5 12MB

A deep learning framework for face verification without alignment

198 16 2MB

Verification Artifacts in Cooperative Verification: Survey and Unifying Component Framework

149 11 28MB

Automating deductive verification for weak-memory programs (extended version)

183 53 2MB

Towards Applying Deep Learning to the Internet of Things: A Model and a Framework

183 90 50MB