Results 1  10
of
60
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
, 2000
"... Two distinct, rigorous views of cryptography have developed over the years, in two mostly separate communities. One of the views relies on a simple but effective formal approach; the other, on a detailed computational model that considers issues of complexity and probability. ..."
Abstract

Cited by 333 (18 self)
 Add to MetaCart
Two distinct, rigorous views of cryptography have developed over the years, in two mostly separate communities. One of the views relies on a simple but effective formal approach; the other, on a detailed computational model that considers issues of complexity and probability.
Mobile Values, New Names, and Secure Communication
, 2001
"... We study the interaction of the "new" construct with a rich but common form of (firstorder) communication. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programminglanguage contexts. Specifically, we introduce a sim ..."
Abstract

Cited by 276 (18 self)
 Add to MetaCart
We study the interaction of the "new" construct with a rich but common form of (firstorder) communication. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programminglanguage contexts. Specifically, we introduce a simple, general extension of the pi calculus with value passing, primitive functions, and equations among terms. We develop semantics and proof techniques for this extended language and apply them in reasoning about some security protocols.
Secrecy by Typing in Security Protocols
 Journal of the ACM
, 1998
"... We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic co ..."
Abstract

Cited by 245 (15 self)
 Add to MetaCart
We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic concurrent language with cryptographic primitives, the spi calculus. They guarantee that, if a protocol typechecks, then it does not leak its secret inputs.
Abstractions for mobile computation
, 1999
"... Abstract. We discuss the difficulties caused by mobile computing and mobile computation over wide area networks. We propose a unified framework for overcoming such difficulties. 1 ..."
Abstract

Cited by 119 (2 self)
 Add to MetaCart
Abstract. We discuss the difficulties caused by mobile computing and mobile computation over wide area networks. We propose a unified framework for overcoming such difficulties. 1
Proof Techniques for Cryptographic Processes
 in 14th Annual IEEE Symposium on Logic in Computer Science
, 1999
"... Contextual equivalences for cryptographic process calculi, like the spicalculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely maytesting and barbed equivalence, and ..."
Abstract

Cited by 60 (8 self)
 Add to MetaCart
Contextual equivalences for cryptographic process calculi, like the spicalculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely maytesting and barbed equivalence, and investigate tractable proof methods for them. To this aim, we design an enriched labelled transition system, where transitions are constrained by the knowledge the environment has of names and keys. The new transition system is then used to define a trace equivalence and a weak bisimulation equivalence, that avoid quantification over contexts. Our main results are soundness and completeness of trace and weak bisimulation equivalence with respect to maytesting and barbed equivalence, respectively. They lead to more direct proof methods for equivalence checking. The use of these methods is illustrated with a few examples, concerning implementation of secure channels and verification of proto...
A Hierarchy of Equivalences for Asynchronous Calculi
, 2003
"... We generate a natural hierarchy of equivalences for asynchronous namepassing process calculi from simple variations on Milner and Sangiorgi's definition of weak barbed bisimulation. The calculus, used here, and the join calculus are examples of such calculi. ..."
Abstract

Cited by 58 (5 self)
 Add to MetaCart
We generate a natural hierarchy of equivalences for asynchronous namepassing process calculi from simple variations on Milner and Sangiorgi's definition of weak barbed bisimulation. The calculus, used here, and the join calculus are examples of such calculi.
Equational properties of mobile ambients
 MATHEMATICAL STRUCTURES IN COMPUTER SCIENCE
, 1999
"... ..."
The Join Calculus: A Language for Distributed Mobile Programming
 In Proceedings of the Applied Semantics Summer School (APPSEM), Caminha
, 2000
"... In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct emb ..."
Abstract

Cited by 56 (2 self)
 Add to MetaCart
In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct embedding of the ML programming language. The join calculus is used as the basis for several distributed languages and implementations, such as JoCaml and functional nets.
Bisimulations in the joincalculus
 Theoretical Computer Science
, 1998
"... We propose an objectoriented calculus with internal concurrency and classbased inheritance that is built upon the join calculus. Method calls, locks, and states are handled in a uniform manner, using asynchronous messages. Classes are partial message definitions that can be combined and transforme ..."
Abstract

Cited by 50 (6 self)
 Add to MetaCart
We propose an objectoriented calculus with internal concurrency and classbased inheritance that is built upon the join calculus. Method calls, locks, and states are handled in a uniform manner, using asynchronous messages. Classes are partial message definitions that can be combined and transformed. We design operators for behavioral and synchronization inheritance. We also give a type system that statically enforces basic safety properties. Our model is compatible with the JoCaml implementation
Authentication Primitives and Their Compilation
, 2000
"... Adopting a programminglanguage perspective, we study the problem of implementing authentication in a distributed system. We define a process calculus with constructs for authentication and show how this calculus can be translated to a lowerlevel language using marshaling, multiplexing, and cryptog ..."
Abstract

Cited by 40 (13 self)
 Add to MetaCart
Adopting a programminglanguage perspective, we study the problem of implementing authentication in a distributed system. We define a process calculus with constructs for authentication and show how this calculus can be translated to a lowerlevel language using marshaling, multiplexing, and cryptographic protocols. Authentication serves for identitybased security in the source language and enables simplifications in the translation. We reason about correctness relying on the concepts of observational equivalence and full abstraction.