Efficient Symbolic Execution for Analysing Cryptographic Protocol Implementations

  • Ricardo Corin
  • Felipe Andrés Manzano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)


The analysis of code that uses cryptographic primitives is unfeasible with current state-of-the-art symbolic execution tools. We develop an extension that overcomes this limitation by treating certain concrete functions, like cryptographic primitives, as symbolic functions whose execution analysis is entirely avoided; their behaviour is in turn modelled formally via rewriting rules. We define concrete and symbolic semantics within a (subset) of the low-level virtual machine LLVM. We then show our approach sound by proving operational correspondence between the two semantics. We present a prototype to illustrate our approach and discuss next milestones towards the symbolic analysis of fully concurrent cryptographic protocol implementations.


Symbolic Function Security Protocol Operational Correspondence Path Condition Symbolic Execution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aizatulin, M., Gordon, A., Jurgens, J., Nuseibeh, B.: Verifying implementations of security protocols in c,
  2. 2.
    Bhargavan, K., Fournet, C., Corin, R., Zalinescu, E.: Cryptographically verified implementations for tls. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM Conference on Computer and Communications Security, pp. 459–468. ACM, New York (2008)Google Scholar
  3. 3.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW, pp. 82–96. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  4. 4.
    Blanchet, B.: A computationally sound mechanized prover for security protocols. IEEE Trans. Dependable Sec. Comput. 5(4), 193–207 (2008)CrossRefGoogle Scholar
  5. 5.
    Cadar, C., Dunbar, D., Engler: D.r.: Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of OSDI, pp. 209–224 (2008)Google Scholar
  6. 6.
    Corin, R.: Analysis Models for Security Protocols. PhD thesis, University of Twente (2006)Google Scholar
  7. 7.
    Dierks, T., Rescorla, E.: The Transport Layer Security (tls) protocol. RFC 4346, Internet Engineering Task Force (April 2006),
  8. 8.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Ganesh, V., Dill, D.: Stp: A decision procedure for bitvectors and arrays,
  10. 10.
    Goubault-Larrecq, J.: Csur: Static analysis of C code (2002), Written in OCaml (12648 lines)
  11. 11.
    Jürjens, J.: Security analysis of crypto-based java programs using automated theorem provers. In: ASE, pp. 167–176. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  12. 12.
    King, J.C.: Symbolic execution and program testing. ACM Commun. 19(7), 385–394 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Kremer, S., Delaune, S., Kremer, S.: Computing knowledge in security protocols under convergent equational theories (March 2009)Google Scholar
  14. 14.
    Lattner, C., Adve, V.: The LLVM language reference manual,
  15. 15.
    Molnar, D.A., Wagner, D.: Catchconv: Symbolic execution and run-time type inference for integer conversion errors. Technical report (2007)Google Scholar
  16. 16.
    Pironti, A., Jürjens, J.: Formally-based black-box monitoring of security protocols. In: Massacci, F., Wallach, D.S., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 79–95. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ricardo Corin
    • 1
    • 2
  • Felipe Andrés Manzano
    • 1
  1. 1.FaMAFUniversidad Nacional de CórdobaArgentina
  2. 2.CONICETArgentina

Personalised recommendations