Casper: a compiler for the analysis of security protocols
Journal of Computer Security
Secure implementation of channel abstractions
Information and Computation
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Cryptographically Sound Theorem Proving
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
LTL Model Checking for Security Protocols
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Authentication tests and disjoint encryption: A design method for security protocols
Journal of Computer Security - Special issue on CSFW15
Breaking and fixing public-key Kerberos
Information and Computation
A framework for compositional verification of security protocols
Information and Computation
Language Based Secure Communication
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Composition of Password-Based Protocols
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Safely composing security protocols
Formal Methods in System Design
Formalizing and analyzing sender invariance
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Developing security protocols by refinement
Proceedings of the 17th ACM conference on Computer and communications security
A formal model of identity mixer
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Understanding abstractions of secure channels
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Towards formal validation of trust and security in the internet of services
The future internet
Distributed temporal logic for the analysis of security protocol models
Theoretical Computer Science
Automated information flow analysis of virtualized infrastructures
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Constructive cryptography --- a new paradigm for security definitions and proofs
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
A calculus for privacy-friendly authentication
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Analysing applications layered on unilaterally authenticating protocols
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Sessions and separability in security protocols
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
| Hi-index | 0.00 |
Channels are an abstraction of the many concrete techniques to enforce particular properties of message transmissions such as encryption. We consider here three basic kinds of channels--authentic, confidential, and secure--where agents may be identified by pseudonyms rather than by their real names. We define the meaning of channels as assumptions, i.e. when a protocol relies on channels with particular properties for the transmission of some of its messages. We also define the meaning of channels as goals, i.e. when a protocol aims at establishing a particular kind of channel. This gives rise to an interesting question: given that we have verified that a protocol P2 provides its goals under the assumption of a particular kind of channel, can we then replace the assumed channel with an arbitrary protocol P1 that provides such a channel? In general, the answer is negative, while we prove that under certain restrictions such a compositionality result is possible.