Completion of a set of rules modulo a set of equations
SIAM Journal on Computing
Completion for rewriting modulo a congruence
Theoretical Computer Science - Second Conference on Rewriting Techniques and Applications, Bordeaux, May 1987
Unification in the union of disjoint equational theories: combining decision procedures
Journal of Symbolic Computation
Term rewriting and all that
Casper: a compiler for the analysis of security protocols
Journal of Computer Security
Automatic SAT-Compilation of Protocol Insecurity Problems via Reduction to Planning
FORTE '02 Proceedings of the 22nd IFIP WG 6.1 International Conference Houston on Formal Techniques for Networked and Distributed Systems
A Framework for the Analysis of Security Protocols
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
CDiff: a new reduction technique for constraint-based analysis of security protocols
Proceedings of the 10th ACM conference on Computer and communications security
A decision procedure for the verification of security protocols with explicit destructors
Proceedings of the 11th ACM conference on Computer and communications security
Deciding Knowledge in Security Protocols under (Many More) Equational Theories
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Higher-Order and Symbolic Computation
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
An E-unification algorithm for analyzing protocols that use modular exponentiation
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
The finite variant property: how to get rid of some algebraic properties
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Intruder deduction for AC-like equational theories with homomorphisms
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Equational Cryptographic Reasoning in the Maude-NRL Protocol Analyzer
Electronic Notes in Theoretical Computer Science (ENTCS)
Symbolic protocol analysis for monoidal equational theories
Information and Computation
Towards an Automatic Analysis of Web Service Security
FroCoS '07 Proceedings of the 6th international symposium on Frontiers of Combining Systems
Challenges in the Automated Verification of Security Protocols
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
Automated Security Protocol Analysis With the AVISPA Tool
Electronic Notes in Theoretical Computer Science (ENTCS)
Formalizing and analyzing sender invariance
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Verifying cryptographic protocols with subterms constraints
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
Soundness of removing cancellation identities in protocol analysis under Exclusive-OR
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Hi-index | 0.00 |
Many security protocols fundamentally depend on the algebraic properties of cryptographic operators. It is however difficult to handle these properties when formally analyzing protocols, since basic problems like the equality of terms that represent cryptographic messages are undecidable, even for relatively simple algebraic theories. We present a framework for security protocol analysis that can handle algebraic properties of cryptographic operators in a uniform and modular way. Our framework is based on two ideas: the use of modular rewriting to formalize a generalized equational deduction problem for the Dolev-Yao intruder, and the introduction of two parameters that control the complexity of the equational unification problems that arise during protocol analysis by bounding the depth of message terms and the operations that the intruder can perform when analyzing messages. We motivate the different restrictions made in our model by highlighting different ways in which undecidability arises when incorporating algebraic properties of cryptographic operators into formal protocol analysis.