Casper: a compiler for the analysis of security protocols
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
A compiler for analyzing cryptographic protocols using noninterference
ACM Transactions on Software Engineering and Methodology (TOSEM)
Athena: a novel approach to efficient automatic security protocol analysis
Journal of Computer Security
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
A Method for Automatic Cryptographic Protocol Verification
IPDPS '00 Proceedings of the 15 IPDPS 2000 Workshops on Parallel and Distributed Processing
Automatic SAT-Compilation of Protocol Insecurity Problems via Reduction to Planning
FORTE '02 Proceedings of the 22nd IFIP WG 6.1 International Conference Houston on Formal Techniques for Networked and Distributed Systems
An Improved Constraint-Based System for the Verification of Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
The AVISS Security Protocol Analysis Tool
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Automated Unbounded Verification of Security Protocols
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Rewriting for Cryptographic Protocol Verification
CADE-17 Proceedings of the 17th International Conference on Automated Deduction
Modelling and verifying key-exchange protocols using CSP and FDR
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Narrowing terminates for encryption
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Towards the Formal Verification of Electronic Commerce Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Optimizing Protocol Rewrite Rules of CIL Specifications
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Formal Automatic Verification of Authentication Cryptographic Protocols
ICFEM '97 Proceedings of the 1st International Conference on Formal Engineering Methods
A Tool for Lazy Verification of Security Protocols
Proceedings of the 16th IEEE international conference on Automated software engineering
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Protocol Insecurity with Finite Number of Sessions is NP-Complete
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
On the security of public key protocols
On the security of public key protocols
Automated Security Protocol Analysis With the AVISPA Tool
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
We present a system for automatically verifying cryptographic protocols. This system manages the knowledge of principals and checks if the protocol is runnable. In this case, it outputs a set of rewrite rules describing the protocol itself, the strategy of an intruder, and the goal to achieve. The protocol specification language permits to express commonly used descriptions of properties (authentication, short term secrecy, and so on) as well as complex data structures such as tables and hash functions. The generated rewrite rules can be used for detecting flaws with various systems: theorem proving in first-order logic, on-the-fly model-checking, or SAT-based state exploration. These three techniques are being experimented in the European Union project AVISPA.The aim of this paper is to describe the analysis process. First, we describe the major steps of the compilation process of a protocol description by our tool Casrul. Then, we describe the behavior of the intruder defined for the analysis. Our intruder is based on a lazy strategy, and is implemented as rewrite rules for the theorem prover daTac. Another advantage of our model is that it permits to handle parallel executions of the protocol and composition of keys. And for sake of completeness, it is possible, using Casrul, to either specify an unbounded number of executions or an unbounded message size.The combination of Casrul and daTac has permitted successful studying of various protocols, such as NSPK, EKE, RSA, Neumann-Stubblebine, Kao-Chow and Otway-Rees. We detail some of these examples in this paper. We are now studying the SET protocol and have already very encouraging results.