Automated protocol verification in linear logic
Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Analysing a Stream Authentication Protocol Using Model Checking
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
A Unifying Approach to Data-Independence
CONCUR '00 Proceedings of the 11th International Conference on Concurrency Theory
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Abstracting Cryptographic Protocols by Prolog Rules
SAS '01 Proceedings of the 8th International Symposium on Static Analysis
Capturing Parallel Attacks within the Data Independence Framework
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
To infinity and beyond or, avoiding the infinite in security protocol analysis
Proceedings of the 2006 ACM symposium on Applied computing
Bootstrapping multi-party ad-hoc security
Proceedings of the 2006 ACM symposium on Applied computing
Verification of cryptographic protocols: tagging enforces termination
Theoretical Computer Science - Foundations of software science and computation structures
Embedding agents within the intruder to detect parallel attacks
Journal of Computer Security - Special issue on CSFW15
Automatic verification of correspondences for security protocols
Journal of Computer Security
Semantics and logic for security protocols
Journal of Computer Security
Verification of cryptographic Protocols: tagging enforces termination
FOSSACS'03/ETAPS'03 Proceedings of the 6th International conference on Foundations of Software Science and Computation Structures and joint European conference on Theory and practice of software
Security in business process engineering
BPM'03 Proceedings of the 2003 international conference on Business process management
On a semantic definition of data independence
TLCA'03 Proceedings of the 6th international conference on Typed lambda calculi and applications
Analysing the information flow properties of object-capability patterns
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Verifying security protocols: an application of CSP
CSP'04 Proceedings of the 2004 international conference on Communicating Sequential Processes: the First 25 Years
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
CSP-based counter abstraction for systems with node identifiers
Science of Computer Programming
Hi-index | 0.00 |
Model checkers such as FDR have been extremely effective inchecking for, and finding, attacks on cryptographic protocols -see, for example, and many of the papers in . Their use in provingprotocols has, on the other hand, generally been limited to showingthat a given small instance, usually restricted by the finitenessof some set of resources such as keys and nonces, is free ofattacks. While for specific protocols there are frequently goodreasons for supposing that this will find any attack, it leaves asubstantial gap in the method. The purpose of this paper is to showhow techniques borrowed from data independence and related fieldscan be used to achieve the illusion that nodes can call upon aninfinite supply of different nonces, keys, etc., even though theactual types used for these things remain finite. It is thuspossible to create models of protocols in which nodes do not haveto stop after a small number of runs, and to claim that afinite-state run on a model checker has proved that a givenprotocol is free from attacks which could be constructed in themodel used. We develop our methods via a series of case studies,discovering a number of methods for restricting the number ofstates generated in attempted proofs, and using two distinctapproaches to protocol specification.