Strand spaces: proving security protocols correct
Journal of Computer Security
Casper: a compiler for the analysis of security protocols
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
On the relationship between strand spaces and multi-agent systems
ACM Transactions on Information and System Security (TISSEC)
FST TCS '02 Proceedings of the 22nd Conference Kanpur on Foundations of Software Technology and Theoretical Computer Science
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Metareasoning about Security Protocols using Distributed Temporal Logic
Electronic Notes in Theoretical Computer Science (ENTCS)
On the semantics of Alice&Bob specifications of security protocols
Theoretical Computer Science - Automated reasoning for security protocol analysis
A formal semantics for protocol narrations
Theoretical Computer Science
Securing the distribution and storage of secrets with trusted platform modules
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Hi-index | 0.00 |
Alice&Bob-notation is a simple notation for describing security protocols as sequences of message exchanges. We show that, despite the fact that Alice&Bob-notation does not include explicit control flow constructs, it is possible to make some of these aspects explicit when producing formal protocol models without having to resort to more expressive protocol description languages. We introduce a notion of incremental symbolic run to formally handle message forwarding and conditional abortion. In incremental symbolic runs, we use variables to represent messages that the principals cannot read, and we characterize each of the execution steps in order to build a collection of symbolic subruns of increasing lengths, reflecting the data possessed by the principals up to that point in the execution. We contrast this with the simpler (more standard) approach based on formalizing the behavior of principals by directly interpreting message exchanges as sequences of atomic actions. In particular, we provide a complete characterization of the situations where this simpler approach is adequate and prove that incremental symbolic runs are more expressive in general.