Program
Verification
Book

PV4 ⊧ IFC-CEGARchecks if a program is safe with respect to variables marked secret

Application domain/field

Security verification
Information flow

Type of tool

Model checker?

Expected input

Program
Set of high-security variables

Format:

C-program with annotations indicating the secret variables and the locations at which leaks should be checked.

Expected output

SAFE, UNSAFE or UNKNOWN

Internals

Procedure for unbounded verification of secure information flow. It uses taint analysis and self-composition.
Implemented on top of SeaHorn, uses Spacer (Z3's CHC solver).
Note that the paper calls this a 'prototype implementation'.

Links

Benchmark files: http://www.cs.princeton.edu/~aartig/benchmarks/ifc_bench.zip

Related papers

Lazy Self-composition for Security Verification (CAV 2018)

Last publication date

18 July 2018

Related tools

ProVerB specific

Markdown description: view/edit
Contained in the ProVerB22 dataset (paper + artefact)

ProVerB is a part of SLEBoK. Last updated: February 2023.