The Software Analysis Workbench (SAW) is a tool that provides the ability to formally verify properties of code written in C, Java, Rust, and Cryptol. It leverages automated SAT and SMT solvers to make this process as automated as possible, and provides a scripting language, called SAWScript, to enable verification to scale up to more complex ...

Cryptol and SAW have been used in national security, fintech, and cloud computing applications to keep citizens, systems, and data safe; secure financial transactions; and protect the privacy of millions of people across the globe.

SAW supports analysis of programs written in C, Java, and Cryptol, and uses efficient SAT and SMT solvers such as ABC and Yices. SAW is primarily designed with cryptographic implementations in mind, but also supports general purpose imperative programs.

By integrating Cryptol and SAW into their CI/CD pipeline, Galois was able to provide continuous, automatic verification of AWS’s cryptographic library every time they updated their code. The result was provable security protecting critical data for millions of active customers.

The Cryptol specification language was designed by Galois for the NSA Laboratory for Advanced Cybersecurity Research as a public standard for specifying cryptographic algorithms. A Cryptol reference specification can serve as the formal documentation for a cryptographic module.

The Cryptol domain-specific language tool suite offers compelling assurance of hardware correctness by providing direct compilation of abstract cryptographic algorithms into the industry-standard VHDL and Verilog hardware description languages.

Continuous Reasoning with SAW: Learn how to use Python to drive SAW and enforce formal invariants on cryptographic implementations at every check-in to a repository. Methods for Key Wrapping: Create a Cryptol specification of NIST's SP800-38F key wrap standard.

SAW and Cryptol can be used by a Continuous Integration (CI) system to enforce invariants (safety, security, and functional) that software must have at certain stages in a software development pipeline. Some industrial examples include AWS's s2n and Supranational's BLST.

Jan 26, 2017 · I will mainly use SAW, the Software Analysis Workbench, and Cryptol, a DSL for specifying crypto algorithms. Both are powerful tools for verifying C, C++, and even Rust code, i.e. almost anything that compiles to LLVM bitcode.

Nov 10, 2013 · SAW is primarily used to verify the correctness of cryptographic implementations, and is able to import specifications written in Cryptol, a language developed by Galois for specifying cryptographic primitives. In this short paper, we …