Abstraction by set-membership: verifying security protocols and web services with databases

Authors:
Sebastian Alexander Mödersheim
Affiliations:
Technical University of Denmark, Lyngby, Denmark
Venue:
Proceedings of the 17th ACM conference on Computer and communications security
Year:
2010

Citing 11
Cited 4

Casper: a compiler for the analysis of security protocols

Journal of Computer Security
Towards an Automatic Analysis of Security Protocols in First-Order Logic

CADE-16 Proceedings of the 16th International Conference on Automated Deduction: Automated Deduction
How to Prevent Type Flaw Attacks on Security Protocols

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Static validation of security protocols

Journal of Computer Security
SAT-based model-checking for security protocols analysis

International Journal of Information Security
On the relationships between models in protocol verification

Information and Computation
Refinement Types for Secure Implementations

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
On the security of multi-party ping-pong protocols

SFCS '83 Proceedings of the 24th Annual Symposium on Foundations of Computer Science
System Description: Spass Version 3.0

CADE-21 Proceedings of the 21st international conference on Automated Deduction: Automated Deduction
Automatic verification of correspondences for security protocols

Journal of Computer Security

Towards formal validation of trust and security in the internet of services

The future internet
ASLan++ -- a formal security specification language for distributed systems

FMCO'10 Proceedings of the 9th international conference on Formal Methods for Components and Objects
The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures

TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
The TAMARIN prover for the symbolic analysis of security protocols

CAV'13 Proceedings of the 25th international conference on Computer Aided Verification

Quantified Score

Hi-index	0.00

Visualization

Abstract

The abstraction and over-approximation of protocols and web services by a set of Horn clauses is a very successful method in practice. It has however limitations for protocols and web services that are based on databases of keys, contracts, or even access rights, where revocation is possible, so that the set of true facts does not monotonically grow with state transitions. We extend the scope of these over-approximation methods by defining a new way of abstraction that can handle such databases, and we formally prove that the abstraction is sound. We realize a translator from a convenient specification language to standard Horn clauses and use the verifier ProVerif and the theorem prover SPASS to solve them. We show by a number of examples that this approach is practically feasible for wide variety of verification problems of security protocols and web services