[cvj-joana14post] | Ralf Küsters, Enrico Scapin, Tomasz Truderung, Jürgen Graf, Extending and Applying a Framework for the Cryptographic Verification of Java Programs, Principles of Security and Trust, POST 2014, Part of ETAPS 2014, Grenoble, France, April 5-13, 2014, pp. 220--239, Springer, 2014.
|
Abstract
In our previous work, we have proposed a framework which allows tools
that can check standard noninterference properties but a priori
cannot deal with cryptography to establish cryptographic
indistinguishability properties, such as privacy properties, for
Java programs. We refer to this framework as the CVJ framework
(Cryptographic Verification of Java Programs) in this paper.
While so far the CVJ framework directly supports public-key
encryption (without corruption and without a public-key
infrastructure) only, in this work we further instantiate the
framework to support, among others, public-key encryption and
digital signatures, both with corruption and a public-key
infrastructure, as well as (private) symmetric encryption.
Since these cryptographic primitives are very common in security-critical
applications, our extensions make the framework much more widely
applicable.
To illustrate the usefulness and applicability of the extensions
proposed in this paper, we apply the framework along with the tool
Joana, which allows for fully automatic verification of
noninterference properties of Java programs, to establish
cryptographic privacy properties of a (non-trivial) cloud storage
application, where clients can store private information on a remote
server.
Download
BibTeX
Authors at the institute
Projects