Results 1  10
of
69
A Compositional Logic for Proving Security Properties of Protocols
 Journal of Computer Security
, 2002
"... We present a logic for proving security properties of protocols that use nonces (randomly generated numbers that uniquely identify a protocol session) and publickey cryptography. The logic, designed around a process calculus with actions for each possible protocol step, consists of axioms about ..."
Abstract

Cited by 63 (15 self)
 Add to MetaCart
We present a logic for proving security properties of protocols that use nonces (randomly generated numbers that uniquely identify a protocol session) and publickey cryptography. The logic, designed around a process calculus with actions for each possible protocol step, consists of axioms about protocol actions and inference rules that yield assertions about protocols composed of multiple steps. Although assertions are written using only steps of the protocol, the logic is sound in a stronger sense: each provable assertion about an action or sequence of actions holds in any run of the protocol that contains the given actions and arbitrary additional actions by a malicious attacker. This approach lets us prove security properties of protocols under attack while reasoning only about the sequence of actions taken by honest parties to the protocol. The main securityspecific parts of the proof system are rules for reasoning about the set of messages that could reveal secret data and an invariant rule called the "honesty rule." 1
A High Level Protocol Specification Language for Industrial SecuritySensitive Protocols
 AUSTRIAN COMPUTER SOCIETY
, 2004
"... This paper presents HLPSL, a high level protocol specification language for the modelling of securitysensitive protocols. This language has a formal semantics based on Lamport’s Temporal Logic of Actions. HLPSL is modular and allows for the specification of control flow patterns, datastructures, ..."
Abstract

Cited by 36 (11 self)
 Add to MetaCart
(Show Context)
This paper presents HLPSL, a high level protocol specification language for the modelling of securitysensitive protocols. This language has a formal semantics based on Lamport’s Temporal Logic of Actions. HLPSL is modular and allows for the specification of control flow patterns, datastructures, alternative intruder models, and complex security properties. It is sufficiently highlevel to be accessible to protocol engineers (themselves not necessarily formal methods experts), yet easily translatable into a lowerlevel termrewriting based language wellsuited to modelchecking tools. The accommodation of these contrasting features makes HLPSL able to easily specify modern, industrialscale protocols on which existing specification languages only partially succeed.
Domain theory for concurrency
, 2003
"... Concurrent computation can be given an abstract mathematical treatment very similar to that provided for sequential computation by domain theory and denotational semantics of Scott and Strachey. ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
Concurrent computation can be given an abstract mathematical treatment very similar to that provided for sequential computation by domain theory and denotational semantics of Scott and Strachey.
On the relationship between strand spaces and multiagent systems
 In Proc. Eighth ACM Conference on Computer and Communications Security
, 2001
"... Strand spaces are a popular framework for the analysis of security protocols. Strand spaces have some similarities to a formalism used successfully to model protocols for distributed systems, namely multiagent systems. We explore the exact relationship between these two frameworks here. It turns ou ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
Strand spaces are a popular framework for the analysis of security protocols. Strand spaces have some similarities to a formalism used successfully to model protocols for distributed systems, namely multiagent systems. We explore the exact relationship between these two frameworks here. It turns out that a key difference is the handling of agents, which are unspecified in strand spaces and explicit in multiagent systems. We provide a family of translations from strand spaces to multiagent systems parameterized by the choice of agents in the strand space. We also show that not every multiagent system of interest can be expressed as a strand space. This reveals a lack of expressiveness in the strandspace framework that can be characterized by our translation. To highlight this lack of expressiveness, we show one simple way in which strand spaces can be extended to model more systems.
Relating StateBased and ProcessBased Concurrency through Linear Logic
, 2006
"... This paper has the purpose of reviewing some of the established relationships between logic and concurrency, and of exploring new ones. Concurrent and distributed systems are notoriously hard to get right. Therefore, following an approach that has proved highly beneficial for sequential programs, mu ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
(Show Context)
This paper has the purpose of reviewing some of the established relationships between logic and concurrency, and of exploring new ones. Concurrent and distributed systems are notoriously hard to get right. Therefore, following an approach that has proved highly beneficial for sequential programs, much effort has been invested in tracing the foundations of concurrency in logic. The starting points of such investigations have been various idealized languages of concurrent and distributed programming, in particular the wellestablished statetransformation model inspired to Petri nets and multiset rewriting, and the prolific processbased models such as the πcalculus and other process algebras. In nearly all cases, the target of these investigations has been linear logic, a formal language that supports a view of formulas as consumable resources. In the first part of this paper, we review some of these interpretations of concurrent languages into linear logic. In the second part of the paper, we propose a completely new approach to understanding concurrent and distributed programming as a manifestation of logic, which yields a language that merges those two main paradigms of concurrency. Specifically, we present a new semantics for multiset rewriting founded on an alternative view of linear logic. The resulting interpretation is extended with a majority of linear connectives into the language of ωmultisets. This interpretation drops the distinction between multiset elements and rewrite rules, and considerably enriches the expressive power of standard multiset rewriting with embedded rules, choice, replication, and more. Derivations are now primarily viewed as open objects, and are closed only to examine intermediate rewriting states. The resulting language can also be interpreted as a process algebra. For example, a simple translation maps process constructors of the asynchronous πcalculus to rewrite operators, while the structural equivalence corresponds directly to logicallymotivated structural properties of ωmultisets (with one exception).
Composing strand spaces
 In Proceedings, Foundations of Software Technology and Theoretical Computer Science, number 2556 in LNCS
, 2002
"... Abstract. The strand space model for the analysis of security protocols is known to have some limitations in the patterns of nondeterminism it allows and in the ways in which strand spaces can be composed. Its successful application to a broad range of security protocols may therefore seem surprisin ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The strand space model for the analysis of security protocols is known to have some limitations in the patterns of nondeterminism it allows and in the ways in which strand spaces can be composed. Its successful application to a broad range of security protocols may therefore seem surprising. This paper gives a formal explanation of the wide applicability of strand spaces. We start with an extension of strand spaces which permits several operations to be defined in a compositional way, forming a process language for building up strand spaces. We then show, under reasonable conditions how to reduce the extended strand spaces to ones of the traditional kind. For security protocols we are mainly interested in their safety properties. This suggests a strandspace equivalence: two strand spaces are equivalent if and only if they have essentially the same sets of bundles. However this equivalence is not a congruence with respect to the strandspace operations. By extending the notion of bundle we show how to define the strandspace operations directly on “bundle spaces”. This leads to a characterisation of the largest congruence within the strandspace equivalence. Finally, we relate strand spaces to event structures, a well known model for concurrency. 1
On the expressiveness of linearity vs persistence in the asychronous picalculus
 In Proc. of LICS’06. IEEE Computer Society
, 2006
"... We present an expressiveness study of linearity and persistence of processes. We choose the πcalculus, one of the main representatives of process calculi, as a framework to conduct our study. We consider four fragments of the πcalculus. Each one singles out a natural source of linearity/persistenc ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
(Show Context)
We present an expressiveness study of linearity and persistence of processes. We choose the πcalculus, one of the main representatives of process calculi, as a framework to conduct our study. We consider four fragments of the πcalculus. Each one singles out a natural source of linearity/persistence also present in other frameworks such as Concurrent Constraint Programming (CCP), Linear CCP, and several calculi for security. The study is presented by providing (or proving the nonexistence of) encodings among the fragments, a processesasformulae interpretation and a reduction from Minsky machines. 1
Relating Multiset Rewriting and Process Algebras for Security Protocol Analysis
 Journal of Computer Security
, 2003
"... Abstract. When formalizing security protocols, different specification languages support very different reasoning methodologies, whose results are not directly or easily comparable. Therefore, establishing clear mappings among different frameworks is highly desirable, as it permits various methodolo ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
Abstract. When formalizing security protocols, different specification languages support very different reasoning methodologies, whose results are not directly or easily comparable. Therefore, establishing clear mappings among different frameworks is highly desirable, as it permits various methodologies to cooperate by interpreting theoretical and practical results of one system into another. In this paper, we examine the relationship between two general verification frameworks: multiset rewriting (MSR) and a process algebra (PA) inspired to CCS and the πcalculus. Although defining a simple and general bijection between MSR and PA appears difficult, we show that the sublanguages needed to specify cryptographic protocols admit an effective translation that is not only tracepreserving, but also induces a correspondence relation between the two languages. In particular, the correspondence sketched in this paper permits transferring several important tracebased properties such as secrecy and many forms of authentication. 1
Metareasoning about Security Protocols using Distributed Temporal Logic
 In Proc. IJCAR’04 Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA’04
, 2004
"... We introduce a version of distributed temporal logic for rigorously formalizing and proving metalevel properties of different protocol models, and establishing relationships between models. The resulting logic is quite expressive and provides a natural, intuitive language for formalizing both local ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
(Show Context)
We introduce a version of distributed temporal logic for rigorously formalizing and proving metalevel properties of different protocol models, and establishing relationships between models. The resulting logic is quite expressive and provides a natural, intuitive language for formalizing both local (agent specific) and global properties of distributed communicating processes. Through a sequence of examples, we show how this logic may be applied to formalize and establish the correctness of different modeling and simplification techniques, which play a role in building effective protocol tools.