ACM SIGOPS Operating Systems Review
Efficient and timely mutual authentication
ACM SIGOPS Operating Systems Review
Artificial Intelligence
Readings in nonmonotonic reasoning
Using one-way functions for authentication
ACM SIGCOMM Computer Communication Review
An efficient and secure authentication protocol using uncertified keys
ACM SIGOPS Operating Systems Review
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
An approach to the formal verification of cryptographic protocols
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
A calculus for cryptographic protocols
Information and Computation
Secrecy by typing in security protocols
Journal of the ACM (JACM)
Induction = I-axiomatization + first-order consistency
Information and Computation - Special issue on RTA-98
Strand spaces: proving security protocols correct
Journal of Computer Security
Key Agreement in Dynamic Peer Groups
IEEE Transactions on Parallel and Distributed Systems
Timestamps in key distribution protocols
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Relations between secrets: two formal analyses of the Yahalom protocol
Journal of Computer Security
Automata and Computability
A Simple Model for Quotient Types
TLCA '95 Proceedings of the Second International Conference on Typed Lambda Calculi and Applications
Experiments with Finite Tree Automata in Coq
TPHOLs '01 Proceedings of the 14th International Conference on Theorem Proving in Higher Order Logics
On Name Generation and Set-Based Analysis in the Dolev-Yao Model
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Normalizable Horn Clauses, Strongly Recognizable Relations, and Spi
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Towards an Automatic Analysis of Security Protocols in First-Order Logic
CADE-16 Proceedings of the 16th International Conference on Automated Deduction: Automated Deduction
Lazy Infinite-State Analysis of Security Protocols
Proceedings of the International Exhibition and Congress on Secure Networking - CQRE (Secure) '99
Abstracting Cryptographic Protocols with Tree Automata
SAS '99 Proceedings of the 6th International Symposium on Static Analysis
CADE-18 Proceedings of the 18th International Conference on Automated Deduction
Handbook of automated reasoning
Handbook of automated reasoning
Combining superposition, sorts and splitting
Handbook of automated reasoning
Proving Properties of Security Protocols by Induction
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
SKEME: a versatile secure key exchange mechanism for Internet
SNDSS '96 Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)
A Security Analysis of the Cliques Protocols Suites
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Security properties: two agents are sufficient
Science of Computer Programming - Special issue on 12th European symposium on programming (ESOP 2003)
Interactive Theorem Proving and Program Development
Interactive Theorem Proving and Program Development
Just fast keying: Key agreement in a hostile internet
ACM Transactions on Information and System Security (TISSEC)
Analyzing security protocols with secrecy types and logic programs
Journal of the ACM (JACM)
Cryptographically Sound Theorem Proving
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Formal Analysis of Multiparty Contract Signing
Journal of Automated Reasoning
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
A Formal Theory of Key Conjuring
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Towards Producing Formally Checkable Security Proofs, Automatically
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Undecidability of the Horn-clause implication problem
SFCS '92 Proceedings of the 33rd Annual Symposium on Foundations of Computer Science
Model-Checking First-Order Logic: Automata and Locality
CSL '07/EACSL '07, Proceedings of the 21st international workshop and the 16th Annual Conference of the EACSL on Computer Science Logic
Information Processing Letters
Information Processing Letters
On the automatic analysis of recursive security protocols with XOR
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Computational soundness of equational theories
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Journal of Automated Reasoning
Efficient construction of machine-checked symbolic protocol security proofs
Journal of Computer Security
Hi-index | 0.00 |
First-order logic models of security for cryptographic protocols, based on variants of the Dolev-Yao model, are now well-established tools. Given that we have checked a given security protocol π using a given first-order prover, how hard is it to extract a formally checkable proof of it, as required in, e.g., common criteria at the highest evaluation level (EAL7)? We demonstrate that this is surprisingly hard in the general case: the problem is non-recursive. Nonetheless, we show that we can instead extract finite models M from a set S of clauses representing π, automatically, and give two ways of doing so. We then define a model-checker testing M |= S, and show how we can instrument it to output a formally checkable proof, e.g., in Coq. Experience on a number of protocols shows that this is practical, and that even complex (secure) protocols modulo equational theories have small finite models, making our approach suitable.