We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Security-Hardening Software Libraries with Ada and SPARK -- A TCP Stack Use Case

Abstract: This white paper demonstrates how the assurance, reliability, and security of an existing professional-grade, open-source embedded TCP/IP stack implementation written in the C programming language is significantly enhanced by adopting the SPARK technology. A multifaceted approach achieves this. Firstly, the TCP layer's C code is being replaced with formally verified SPARK, a subset of the Ada programming language supported by formal verification tools. Then the lower layers, still written in C and on which the TCP layer depends, are modeled using SPARK contracts and validated using symbolic execution with KLEE. Finally, formal contracts for the upper layers are defined to call the TCP layer. The work allowed the detection and correction of two bugs in the TCP layer. In an increasingly connected world, where Cyber Security is of paramount importance, the powerful approach detailed in this work can be applied to any existing critical C library to harden their reliability and security significantly.
Comments: 37 pages, 4 figures, 2 tables, white paper, Software/Program Verification
Subjects: Cryptography and Security (cs.CR)
ACM classes: D.2.4
Cite as: arXiv:2109.10347 [cs.CR]
  (or arXiv:2109.10347v1 [cs.CR] for this version)

Submission history

From: Kyriakos Georgiou Dr [view email]
[v1] Thu, 2 Sep 2021 11:55:26 GMT (116kb,D)

Link back to: arXiv, form interface, contact.