Abstract: This disclosure relates to a non-intrusive method of detecting security flaws of a computer program APP. The method comprises a step of installing and executing an executable and non-instrumentalized version of the program APP in a computer system 1, the computer system 1 comprising at least one cryptographic function able to be called by the program APP. It also comprises, in the course of the execution of the program, a step of recording in a tracing file the modalities of calls to the cryptographic function and, after the execution of the program, a step of analyzing the tracing file so as to devise a data structure of the states taken by the cryptographic object manipulated in the course of the execution of the program. The data structure is analyzed to detect calls to the cryptographic function that are liable to form a security flaw.

Abstract: This disclosure relates to a non-intrusive method of detecting security flaws of a computer program APP. The method comprises a step of installing and executing an executable and non-instumentalized version of the program APP in a computer system 1, the computer system 1 comprising at least one cryptographic function able to be called by the program APP. It also comprises, in the course of the execution of the program, a step of recording in a tracing file the modalities of calls to the cryptographic function and, after the execution of the program, a step of analyzing the tracing file so as to devise a data structure of the states taken by the cryptographic object manipulated in the course of the execution of the program. The data structure is analyzed to detect calls to the cryptographic function that are liable to form a security flaw.

Abstract: This disclosure relates to a non-intrusive method of detecting security flaws of a computer program APP. The method comprises a step of installing and executing an executable and non-instumentalized version of the program APP in a computer system 1, the computer system 1 comprising at least one cryptographic function able to be called by the program APP. It also comprises, in the course of the execution of the program, a step of recording in a tracing file the modalities of calls to the cryptographic function and, after the execution of the program, a step of analyzing the tracing file so as to devise a data structure of the states taken by the cryptographic object manipulated in the course of the execution of the program. The data structure is analyzed to detect calls to the cryptographic function that are liable to form a security flaw.

Abstract: The invention relates to a method for the automatic development, using a programmable device, of a behaviour model for an apparatus providing a cryptographic interface. This method comprises the following steps, carried out by a processor of the programmable device:—obtaining (40) a set of tests to be carried out by the apparatus (30) providing a cryptographic interface,—for each test from the set of tests, a request (42) for performance of that test by the apparatus (30) providing a cryptographic interface and storage of the result of said test,—obtaining (44) a truth table representative of a logic formula for a boolean function from the stored results,—calculating and storing (46) the first entries from the truth table, and—construction and storage (48) of a behaviour model for the apparatus providing a cryptographic interface from the first stored entries.