Unification in a combination of arbitrary disjoint equational theories
Journal of Symbolic Computation
Conditional rewriting logic as a unified model of concurrency
Selected papers of the Second Workshop on Concurrency and compositionality
Strand spaces: proving security protocols correct
Journal of Computer Security
Advanced topics in term rewriting
Advanced topics in term rewriting
Membership algebra as a logical framework for equational specification
WADT '97 Selected papers from the 12th International Workshop on Recent Trends in Algebraic Development Techniques
Incremental Construction of Unification Algorithms in Equational Theories
Proceedings of the 10th Colloquium on Automata, Languages and Programming
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
Unification and Matching Modulo Nilpotence
CADE-13 Proceedings of the 13th International Conference on Automated Deduction: Automated Deduction
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Deciding knowledge in security protocols under equational theories
Theoretical Computer Science - Automated reasoning for security protocol analysis
A rewriting-based inference system for the NRL Protocol analyzer and its meta-logical properties
Theoretical Computer Science - Automated reasoning for security protocol analysis
Higher-Order and Symbolic Computation
Hierarchical combination of intruder theories
Information and Computation
Effectively Checking the Finite Variant Property
RTA '08 Proceedings of the 19th international conference on Rewriting Techniques and Applications
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach
Proceedings of the 15th ACM conference on Computer and communications security
Variant Narrowing and Equational Unification
Electronic Notes in Theoretical Computer Science (ENTCS)
Protocol Security and Algebraic Properties: Decision Results for a Bounded Number of Sessions
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
YAPA: A Generic Tool for Computing Intruder Knowledge
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Computing Knowledge in Security Protocols under Convergent Equational Theories
CADE-22 Proceedings of the 22nd International Conference on Automated Deduction
Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties
Foundations of Security Analysis and Design V
A Graphical User Interface for Maude-NPA
Electronic Notes in Theoretical Computer Science (ENTCS)
Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures
Theoretical Computer Science
Safely composing security protocols
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Folding variant narrowing and optimal variant termination
WRLA'10 Proceedings of the 8th international conference on Rewriting logic and its applications
Comparison of cryptographic verification tools dealing with algebraic properties
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
The finite variant property: how to get rid of some algebraic properties
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Protocol analysis in Maude-NPA using unification modulo homomorphic encryption
Proceedings of the 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming
Soundness of removing cancellation identities in protocol analysis under Exclusive-OR
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
| Hi-index | 0.00 |
There is a growing interest in formal methods and tools to analyze cryptographic protocols modulo algebraic properties of their underlying cryptographic functions. It is well-known that an intruder who uses algebraic equivalences of such functions can mount attacks that would be impossible if the cryptographic functions did not satisfy such equivalences. In practice, however, protocols use a collection of well-known functions, whose algebraic properties can naturally be grouped together as a union of theories E1 ∪ ... ∪ En. Reasoning symbolically modulo the algebraic properties E1 ∪ ... ∪ En requires performing (E1 ∪ ... ∪ En)-unification. However, even if a unification algorithm for each individual Ei is available, this requires combining the existing algorithms by methods that are highly non-deterministic and have high computational cost. In this work we present an alternative method to obtain unification algorithms for combined theories based on variant narrowing. Although variant narrowing is less efficient at the level of a single theory Ei, it does not use any costly combination method. Furthermore, it does not require that each Ei has a dedicated unification algorithm in a tool implementation. We illustrate the use of this method in the Maude-NPA tool by means of a well-known protocol requiring the combination of three distinct equational theories.