Results 11  20
of
60
Analysis of security protocols as open systems
 Theoretical Computer Science
, 2003
"... We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represe ..."
Abstract

Cited by 26 (13 self)
 Add to MetaCart
We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represent a hostile environment wherein the protocol runs and whose behavior cannot be predicted a priori. We define a language for the description of security protocols, namely CryptoCCS, and a logical language for expressing their properties. We provide an effective verification method for security protocols which is based on a suitable extension of partial model checking. Indeed, we obtain a decidability result for the secrecy analysis of protocols with a finite number of sessions, bounded message size and new nonce generation.
Practical Verification And Synthesis Of Low Latency Asynchronous Systems
, 1994
"... A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. ..."
Abstract

Cited by 26 (12 self)
 Add to MetaCart
A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. A software prototype CAD tool called Analyze was written as part of this dissertation to allow the principles of this work to be tested and applied. Attention to complexity, efficient algorithms, and compositional methods has resulted in a tool that can be several orders of magnitude faster than currently available tools for comparable applications. A new theory for loose specifications based on partial orders is developed for both trace and bisimulation semantics. Formal verification uses these partial orders as the foundation of conformance between a specification and its refinement. The definitions support freedom of design choices by identifying the necessary behaviors, the illegal beh...
On Behavioural Abstraction and Behavioural Satisfaction in HigherOrder Logic
, 1996
"... The behavioural semantics of specifications with higherorder logical formulae as axioms is analyzed. A characterization of behavioural abstraction via behavioural satisfaction of formulae in which the equality symbol is interpreted as indistinguishability, which is due to Reichel and was recently g ..."
Abstract

Cited by 25 (5 self)
 Add to MetaCart
The behavioural semantics of specifications with higherorder logical formulae as axioms is analyzed. A characterization of behavioural abstraction via behavioural satisfaction of formulae in which the equality symbol is interpreted as indistinguishability, which is due to Reichel and was recently generalized to the case of firstorder logic by Bidoit et al, is further generalized to this case. The fact that higherorder logic is powerful enough to express the indistinguishability relation is used to characterize behavioural satisfaction in terms of ordinary satisfaction, and to develop new methods for reasoning about specifications under behavioural semantics. 1 Introduction An important ingredient in the use of algebraic specifications to describe data abstractions is the concept of behavioural equivalence between algebras, which seems to appropriately capture the "black box" character of data abstractions, see e.g. [GGM76], [GM82], [ST87] and [ST95]. Roughly speaking (since there ...
Implementing CCS in Maude 2
 Proceedings Fourth International Workshop on Rewriting Logic and its Applications, WRLA 2002
, 2002
"... This paper describes in detail how to bridge the gap between theory and practice in a new implementation of the CCS operational semantics in Maude, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as made possible by the new feat ..."
Abstract

Cited by 19 (5 self)
 Add to MetaCart
This paper describes in detail how to bridge the gap between theory and practice in a new implementation of the CCS operational semantics in Maude, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as made possible by the new features in Maude 2.0. We implement both the usual transition semantics and the weak transition semantics where internal actions are not observed, and on top of them we also implement the HennessyMilner modal logic for describing processes. We compare this implementation with a previous one where transitions become judgements and inference rules become rewrites, and also comment on extensions to the LOTOS language.
Model Checking Coloured Petri Nets Exploiting Strongly Connected Components
 Proceedings of the International Workshop on Discrete Event Systems, WODES96. Institution of Electrical Engineers, Computing and Control Division
, 1997
"... . In this paper we present a CTLlike logic which is interpreted over the state spaces of Coloured Petri Nets. The logic has been designed to express properties of both state and transition information. This is possible because the state spaces are labelled transition systems. We compare the express ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
. In this paper we present a CTLlike logic which is interpreted over the state spaces of Coloured Petri Nets. The logic has been designed to express properties of both state and transition information. This is possible because the state spaces are labelled transition systems. We compare the expressiveness of our logic with CTL's. Then, we present a model checking algorithm which for efficiency reasons utilises strongly connected components and formula reduction rules. We present empirical results for nontrivial examples and compare the performance of our algorithm with that of Clarke, Emerson, and Sistla. 1 Introduction Coloured Petri Nets (CPnets or CPN) are convenient for specifying complex concurrent systems. Until now properties of CPnets have mainly been specified directly in terms of the state spaces of CPnets [4,6]. Temporal logics such as CTL are also useful for expressing properties of concurrent systems (see, e.g., [1]). We show how we can define a CTL like logic, ASKC...
Bisimulation, Modal Logic and Model Checking Games
, 1999
"... We give a very brief introduction to how concurrent systems can be modelled within process calculi, as terms of an algebraic language whose behaviours are described using transitions. Reasoning has centred on two kinds of questions. One is relationships between descriptions of concurrent systems. Th ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
We give a very brief introduction to how concurrent systems can be modelled within process calculi, as terms of an algebraic language whose behaviours are described using transitions. Reasoning has centred on two kinds of questions. One is relationships between descriptions of concurrent systems. The other is appropriate logics for describing crucial properties of concurrent systems. Bisimulation equivalence is briefly described. It can also be characterised in terms of modal logic (HennessyMilner logic). However as a logic it is not very expressive. So we also describe modal mucalculus which is a very expressive temporal logic. In the main part of the paper we show that property checking can be understood in terms of game playing. In the finite state case, games underpin ecient model checking algorithms. The games are also denable independently of property checking as graph games which can be reduced to other combinatorial games.
Implementing CCS in Maude
 Formal Methods For Distributed System Development. FORTE/PSTV 2000 IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communications Protocols (FORTE XIII) and Protocol Specification, Testing and Ver
, 2000
"... Abstract We explore the features of rewriting logic and the language Maude as a logical and semantic framework for representing both the semantics of CCS, and a modal logic for describing local capabilities of CCS processes. Although a rewriting logic representation of the CCS semantics was given pr ..."
Abstract

Cited by 16 (8 self)
 Add to MetaCart
Abstract We explore the features of rewriting logic and the language Maude as a logical and semantic framework for representing both the semantics of CCS, and a modal logic for describing local capabilities of CCS processes. Although a rewriting logic representation of the CCS semantics was given previously, it cannot be directly executed in the default interpreter of Maude. Moreover, it cannot be used to answer questions such as which are the successors of a process after performing an action, which is used to define the semantics of the modal logic. Basically, the problems are the existence of new variables in the righthand side of the rewrite rules and the nondeterministic application of the semantic rules, inherent to CCS. We show how these problems can be solved by exploiting the reflective properties of rewriting logic, which allow controlling the rewriting process. This executable specification plus the reflective control of the rewriting process can be used to analyze CCS processes. 1.
Denotational Semantics for ProcessBased Simulation Languages. Part I: piDemos
, 1997
"... In this paper we present a method for translating the synchronisation behaviour of a process oriented discrete event simulation language into a process algebra. Such translations serve two purposes. The first exploits the formal structure of the target process algebraic representations to provide pr ..."
Abstract

Cited by 15 (10 self)
 Add to MetaCart
In this paper we present a method for translating the synchronisation behaviour of a process oriented discrete event simulation language into a process algebra. Such translations serve two purposes. The first exploits the formal structure of the target process algebraic representations to provide proofs of properties of the source system (such as deadlock freedom, fairness, liveness, ...) which can be very difficult to establish by simulation experiment. The second exploits the denotational semantics to better understand the language constructs as abstract entities and to reason about simulation models. Here we give the intuition and present the basic mechanisms using the ßDemos simulation language and the CCS and SCCS process algebras. The analysis of the synchronisations of full Demos is treated in a companion paper.
Executable Structural Operational Semantics in Maude
, 2003
"... This paper describes in detail how to bridge the gap between theory and practice when implementing in Maude structural operational semantics described in rewriting logic, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as mad ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
This paper describes in detail how to bridge the gap between theory and practice when implementing in Maude structural operational semantics described in rewriting logic, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as made possible by the new features in Maude 2.0. We validate this technique using it in several case studies: a functional language Fpl (evaluation and computation semantics, including an abstract machine), imperative languages WhileL (evaluation and computation semantics) and GuardL with nondeterminism (computation semantics), Kahn's functional language MiniML (evaluation or natural semantics), Milner's CCS (with strong and weak transitions), and Full LOTOS (including ACT ONE data type specifications). In addition, on top of CCS we develop an implementation of the HennessyMilner modal logic for describing local capabilities of processes, and for LOTOS we build an entire tool where Full LOTOS specifications can be entered and executed (without user knowledge of the underlying implementation of the semantics). We also compare this method based on transitions as rewrites with another one based on transitions as judgements.
Semistructured data with constraints and incomplete information
 In Description Logics
, 1998
"... The problem of modeling semistructured data is important in many application areas such as multimedia data management, biological databases, digital libraries, and data integration. In this paper, we base our work on bdfs, which is a formal and elegant model for semistructured data [Buneman et al., ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The problem of modeling semistructured data is important in many application areas such as multimedia data management, biological databases, digital libraries, and data integration. In this paper, we base our work on bdfs, which is a formal and elegant model for semistructured data [Buneman et al., 1997] where schemas are graphs whose edges are labeled with formulae of a theory T. We extend bdfs with the possibility of expressing constraints and dealing with incomplete information. In particular, we consider different types of constraints, and discuss how the expressive power of the constraint language may influence the complexity of checking subsumption between schemas. We then set up a framework for defining bdfs schemas under the assumption that the theory T is not complete. Finally, we propose a new semistructured data model, which extends bdfs with both constraints and incomplete theories. We present a technique for checking subsumption in a setting where both the constraints and the theory are expressed in a very powerful language. 1