ESEC/FSE 2023 (series) / Demonstrations /
[Remote] llvm2CryptoLine: Verifying Arithmetic in Cryptographic C Programs
Correct implementations of cryptographic primitives are essential for modern security. These implementations often contain arithmetic operations involving non-linear computations that are infamously hard to verify. We present llvm2CryptoLine, an automated formal verification tool for arithmetic operations in cryptographic C programs. llvm2CryptoLine successfully verifies 51 arithmetic C programs from industrial cryptographic libraries OpenSSL, wolfSSL and NaCl. Most of the programs are verified fully automatically and efficiently. A video demonstration that showcases llvm2CryptoLine can be found at https://youtu.be/QXuSmja45VA. Source code is available at https://github.com/formes20/llvm2cryptoline.
Wed 6 DecDisplayed time zone: Pacific Time (US & Canada) change
Wed 6 Dec
Displayed time zone: Pacific Time (US & Canada) change
14:00 - 15:30 | Security IResearch Papers / Demonstrations / Journal First at Golden Gate C3 Chair(s): Abhik Roychoudhury National University of Singapore | ||
14:00 15mTalk | Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study Journal First Goran Piskachev Amazon Web Services, Matthias Becker Fraunhofer IEM, Eric Bodden University of Paderborn Media Attached | ||
14:15 15mTalk | Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects Research Papers Lida Zhao Singapore Management University, Singapore, Sen Chen College of Intelligence and Computing, Tianjin University, Zhengzi Xu Nanyang Technological University, Chengwei Liu Nanyang Technological University, Lyuye Zhang Nanyang Technological University, Wu Jiahui Nanyang Technological University, Jun Sun Singapore Management University, Yang Liu Nanyang Technological University Media Attached | ||
14:30 15mTalk | Input-driven Dynamic Program Debloating for Code-reuse Attack Mitigation Research Papers Xiaoke Wang Wuhan University, Tao Hui Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Lei Zhao Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Yueqiang Cheng NIO DOI Pre-print Media Attached | ||
14:45 7mTalk | MASC: A Tool for Mutation-based Evaluation of Static Crypto-API Misuse Detectors Demonstrations Amit Seal Ami William & Mary, Syed Yusuf Ahmed University of Dhaka, Radowan Mahmud Redoy University of Dhaka, Nathan Cooper William & Mary, Kaushal Kafle College of William & Mary, Kevin Moran University of Central Florida, Denys Poshyvanyk William & Mary, Adwait Nadkarni William & Mary Media Attached | ||
14:53 7mTalk | [Remote] llvm2CryptoLine: Verifying Arithmetic in Cryptographic C Programs Demonstrations Ruiling Chen Shenzhen University, Jiaxiang Liu Shenzhen University, Xiaomu Shi Institute of Software, Chinese Academy of Sciences, Ming-Hsien Tsai National Institute of Cyber Security, Bow-Yaw Wang , Bo-Yin Yang Academia Sinica Media Attached | ||
15:00 15mTalk | [Remote] Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java Research Papers Kaixuan Li East China Normal University, Sen Chen College of Intelligence and Computing, Tianjin University, Lingling Fan College of Cyber Science, Nankai University, Ruitao Feng University of New South Wales, Han Liu East China Normal University, Chengwei Liu Nanyang Technological University, Yang Liu Nanyang Technological University, Yixiang Chen East China Normal University Pre-print Media Attached | ||
15:15 15mTalk | [Remote] TransRacer: Function Dependence-Guided Transaction Race Detection for Smart Contracts Research Papers Chenyang Ma Nanjing University of Science and Technology, Wei Song Nanjing University of Science and Technology, Jeff Huang Texas A&M University DOI Pre-print Media Attached | ||