One Picture Is Worth a Dozen Connectives: A Fault-Tree Representation of NPATRL Security Requirements

Authors:
Iliano Cervesato;Catherine Meadows
Affiliations:
-;-
Venue:
IEEE Transactions on Dependable and Secure Computing
Year:
2007

Citing 9
Cited 2

A Formal Language for Cryptographic Protocol Requirements

Designs, Codes and Cryptography - Special issue dedicated to Gustavus J. Simmons
From Safety Analysis to Software Requirements

IEEE Transactions on Software Engineering
The Logic of Authentication Protocols

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
A Formal Specification of Requirements for Payment Transactions in the SET Protocol

FC '98 Proceedings of the Second International Conference on Financial Cryptography
Intensional specifications of security protocols

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
A Hierarchy of Authentication Specifications

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Formal Analysis of Some Properties of Kerberos 5 Using MSR

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Formal specification and analysis of the group domain of interpretation protocol using NPATRL and the NRL protocol analyzer

Journal of Computer Security - Special issue on ACM conference on computer and communications security, 2001
A formalism for visual security protocol modeling

Journal of Visual Languages and Computing

Foundations of attack-defense trees

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Computational aspects of attack---defense trees

SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we show how we can increase the ease of reading and writing security requirements for cryptographic protocols at the Dolev-Yao level of abstraction by developing a visual language based on fault trees. We develop such a semantics for a subset of NPATRL, a temporal language used for expressing safety requirements for cryptographic protocols, and show that the subset is sound and complete with respect to the semantics. We also show how the fault trees can be used to improve the presentation of some specifications that we developed in our analysis of the Group Domain of Interpretation (GDOI) protocol. Other examples involve a property of Kerberos 5, and a visual account of the requirements in Lowe's authentication hierarchy.