Matching, unification and complexity
ACM SIGSAM Bulletin
Conditional rewriting logic as a unified model of concurrency
Selected papers of the Second Workshop on Concurrency and compositionality
Strand spaces: proving security protocols correct
Journal of Computer Security
Using encryption for authentication in large networks of computers
Communications of the ACM
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Maude: specification and programming in rewriting logic
Theoretical Computer Science - Rewriting logic and its applications
Membership algebra as a logical framework for equational specification
WADT '97 Selected papers from the 12th International Workshop on Recent Trends in Algebraic Development Techniques
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Ten Years of Partial Order Reduction
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Canonical Forms and Unification
Proceedings of the 5th Conference on Automated Deduction
Decidable Matching for Convergent Systems (Preliminary Version)
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
Rewriting for Cryptographic Protocol Verification
CADE-17 Proceedings of the 17th International Conference on Automated Deduction
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Language generation and verification in the NRL protocol analyzer
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Invariant Generation Techniques in Cryptographic Protocol Analysis
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Journal of Computer Security - Special issue on ACM conference on computer and communications security, 2001
Relating multiset rewriting and process algebras for security protocol analysis
Journal of Computer Security - Special issue on WITS'03
A decision procedure for the existence of a rank function
Journal of Computer Security
A rewriting-based inference system for the NRL protocol analyzer: grammar generation
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Formal characterization and automated analysis of known-pair and chosen-text attacks
IEEE Journal on Selected Areas in Communications
Narrowing and Rewriting Logic: from Foundations to Applications
Electronic Notes in Theoretical Computer Science (ENTCS)
Equational Cryptographic Reasoning in the Maude-NRL Protocol Analyzer
Electronic Notes in Theoretical Computer Science (ENTCS)
Modular Termination of Basic Narrowing
RTA '08 Proceedings of the 19th international conference on Rewriting Techniques and Applications
Effectively Checking the Finite Variant Property
RTA '08 Proceedings of the 19th international conference on Rewriting Techniques and Applications
State Space Reduction in the Maude-NRL Protocol Analyzer
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Termination of Narrowing Using Dependency Pairs
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Rewriting Techniques in the Constraint Solver
Electronic Notes in Theoretical Computer Science (ENTCS)
A Modular Equational Generalization Algorithm
Logic-Based Program Synthesis and Transformation
Variant Narrowing and Equational Unification
Electronic Notes in Theoretical Computer Science (ENTCS)
Unification and Narrowing in Maude 2.4
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Automatic verification of correspondences for security protocols
Journal of Computer Security
Termination of narrowing revisited
Theoretical Computer Science
A Graphical User Interface for Maude-NPA
Electronic Notes in Theoretical Computer Science (ENTCS)
Cap unification: application to protocol security modulo homomorphic encryption
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A fast algebraic web verification service
RR'07 Proceedings of the 1st international conference on Web reasoning and rule systems
Symbolic model checking of infinite-state systems using narrowing
RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
Termination of narrowing in left-linear constructor systems
FLOPS'08 Proceedings of the 9th international conference on Functional and logic programming
All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic
Model-checking DoS amplification for VoIP session initiation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Transformation and debugging of functional logic programs
A 25-year perspective on logic programming
Sequential protocol composition in maude-NPA
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Combining theorem proving and narrowing for rewriting-logic specifications
TAP'10 Proceedings of the 4th international conference on Tests and proofs
A formal model of identity mixer
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
A combination of forward and backward reachability analysis methods
ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering
Protocol analysis in Maude-NPA using unification modulo homomorphic encryption
Proceedings of the 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming
Rewrite specifications of access control policies in distributed environments
STM'10 Proceedings of the 6th international conference on Security and trust management
Protocol analysis modulo combination of theories: a case study in Maude-NPA
STM'10 Proceedings of the 6th international conference on Security and trust management
An introduction to maude and some of its applications
PADL'10 Proceedings of the 12th international conference on Practical Aspects of Declarative Languages
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
The TAMARIN prover for the symbolic analysis of security protocols
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
| Hi-index | 0.00 |
The NRL Protocol Analyzer (NPA) is a tool for the formal specification and analysis of cryptographic protocols that has been used with great effect on a number of complex real-life protocols. One of the most interesting of its features is that it can be used to reason about security in face of attempted attacks on low-level algebraic properties of the functions used in a protocol. Indeed, it has been used successfully to either reproduce or discover a number of such attacks. In this paper we give for the first time a precise formal specification of the main features of the NPA inference system: its grammar-based techniques for invariant generation and its backwards reachability analysis method. This formal specification is given within the well-known rewriting framework so that the inference system is specified as a set of rewrite rules modulo an equational theory describing the behavior of the cryptographic algorithms involved. We then use this formalization to prove some important meta-logical properties about the NPA inference system, including the soundness and completeness of the search algorithm and soundness of the grammar generation algorithm. The formalization and soundness and completeness theorems not only provide also a better understanding of the NPA as it currently operates, but provide a modular basis which can be used as a starting point for increasing the types of equational theories it can handle.