ACM Transactions on Computer Systems (TOCS)
ML for the working programmer
A classical mind
Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS
IEEE Transactions on Software Engineering
Accountability in Electronic Commerce Protocols
IEEE Transactions on Software Engineering
Programming pearls: little languages
Communications of the ACM
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Saturation of First-Order (Constrained) Clauses with the Saturate System
RTA '93 Proceedings of the 5th International Conference on Rewriting Techniques and Applications
CSP and determinism in security modelling
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Formal methods: state of the art and future directions
ACM Computing Surveys (CSUR) - Special ACM 50th-anniversary issue: strategic directions in computing research
Personal security agent: KQML-based PKI
AGENTS '98 Proceedings of the second international conference on Autonomous agents
Analysis of security protocols as open systems
Theoretical Computer Science
Symbolic Semantics and Analysis for Crypto-CCS with (Almost) Generic Inference Systems
MFCS '02 Proceedings of the 27th International Symposium on Mathematical Foundations of Computer Science
An Intelligent Intruder Model for Security Protocol Analysis
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Automatic Verification of Cryptographic Protocols through Compositional Analysis Techniques
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
PIL/SETHEO: A Tool for the Automatic Analysis of Authentication Protocols
CAV '99 Proceedings of the 11th International Conference on Computer Aided Verification
Abstracting cryptographic protocols with tree automata
Science of Computer Programming - Special issue on static analysis (SAS'99)
Handbook of automated reasoning
Decision Procedures for the Analysis of Cryptographic Protocols by Logics of Belief
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Athena: a New Efficient Automatic Checker for Security Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Computing Symbolic Models for Verifying Cryptographic Protocols
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Deciding knowledge properties of security protocols
TARK '05 Proceedings of the 10th conference on Theoretical aspects of rationality and knowledge
A (restricted) quantifier elimination for security protocols
Theoretical Computer Science - Automated reasoning for security protocol analysis
The auction manager: market middleware for large-scale electronic commerce
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
Trusting trusted hardware: towards a formal model for programmable secure coprocessors
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
Towards an integrated formal analysis for security and trust
FMOODS'05 Proceedings of the 7th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Managing trust and secrecy in identity management clouds
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Using automated model analysis for reasoning about security of web protocols
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Protocols in electronic commerce and other security-sensitive applications require careful reasoning to demonstrate their robustness against attacks. Several logics have been developed for doing this reasoning formally, but protocol designers usually do the proofs by hand, a process which is time-consuming and error-prone. We present a new approach, theory checking, to analyzing and verifying properties of security protocols. In this approach we generate the entire finite theory, Th, of a logic for reasoning about a security protocol; determining whether it satisfies a property, φ, is thus a simple membership test: φ ∈ Th. Our approach relies on (1) modeling a finite instance of a protocol in the way that the security community naturally, though informally, presents a security protocol, and (2) placing restrictions on a logic's rules of inference to guarantee that our algorithm terminates, generating a finite theory. A novel benefit to our approach is that because of these restrictions we can provide an automatic theory-checker generator. We applied our approach and our theory-checker generator to three different logics for reasoning about authentication and electronic commerce protocols: the Burrows-Abadi-Needham logic of authentication, AUTLOG, and Kailar's accountability logic [4, 8, 6]. For each we verified the desired properties using specialized theory checkers; most checks took less than two minutes, and all less than fifteen.