Results 1 
9 of
9
A metanotation for protocol analysis
 in: Proc. CSFW’99
, 1999
"... Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the “DolevYao model. ” In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the w ..."
Abstract

Cited by 142 (33 self)
 Add to MetaCart
Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the “DolevYao model. ” In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the way that existential quantification provides a succinct way of choosing new values, such as new keys or nonces. We define a class of theories in this formalism that correspond to finitelength protocols, with a bounded initialization phase but allowing unboundedly many instances of each protocol role (e.g., client, server, initiator, or responder). Undecidability is proved for a restricted class of these protocols, and PSPACEcompleteness is claimed for a class further restricted to have no new data (nonces). Since it is a fragment of linear logic, we can use our notation directly as input to linear logic tools, allowing us to do proof search for attacks with relatively little programming effort, and to formally verify protocol transformations and optimizations. 1
Multiset Rewriting and the Complexity of Bounded Security Protocols
 Journal of Computer Security
, 2002
"... We formalize the DolevYao model of security protocols, using a notation based on multiset rewriting with existentials. The goals are to provide a simple formal notation for describing security protocols, to formalize the assumptions of the DolevYao model using this notation, and to analyze the ..."
Abstract

Cited by 56 (5 self)
 Add to MetaCart
We formalize the DolevYao model of security protocols, using a notation based on multiset rewriting with existentials. The goals are to provide a simple formal notation for describing security protocols, to formalize the assumptions of the DolevYao model using this notation, and to analyze the complexity of the secrecy problem under various restrictions. We prove that, even for the case where we restrict the size of messages and the depth of message encryption, the secrecy problem is undecidable for the case of an unrestricted number of protocol roles and an unbounded number of new nonces. We also identify several decidable classes, including a dexpcomplete class when the number of nonces is restricted, and an npcomplete class when both the number of nonces and the number of roles is restricted. We point out a remaining open complexity problem, and discuss the implications these results have on the general topic of protocol analysis.
Typed MSR: Syntax and Examples
 FIRST INTERNATIONAL WORKSHOP ON MATHEMATICAL METHODS, MODELS AND ARCHITECTURES FOR COMPUTER NETWORKS SECURITY — MMM’01
, 2001
"... Many design flaws and incorrect analyses of cryptographic protocols can be traced to inadequate specification languages for message components, environment assumptions, and goals. In this paper, we present MSR, a strongly typed specification language for security protocols, which is intended to ..."
Abstract

Cited by 32 (19 self)
 Add to MetaCart
Many design flaws and incorrect analyses of cryptographic protocols can be traced to inadequate specification languages for message components, environment assumptions, and goals. In this paper, we present MSR, a strongly typed specification language for security protocols, which is intended to address the first two issues. Its typing infrastructure, based on the theory of dependent types with subsorting, yields elegant and precise formalizations, and supports a useful array of static check that include typechecking and access control validation. It uses multiset rewriting rules to express the actions of the protocol. The availability of memory predicates enable it to faithfully encode systems consisting of a collection of coordinated subprotocols, and constraints allow tackling objects belonging to complex interpretation domains, e.g. time stamps, in an abstract and modular way. We apply MSR to the specification of several examples.
An Authorization Logic with Explicit Time
, 2008
"... We present an authorization logic that permits reasoning with explicit time. Following a prooftheoretic approach, we study the metatheory of the logic, including cut elimination. We also demonstrate formal connections to proofcarrying authorization’s existing approach for handling time and commen ..."
Abstract

Cited by 26 (8 self)
 Add to MetaCart
We present an authorization logic that permits reasoning with explicit time. Following a prooftheoretic approach, we study the metatheory of the logic, including cut elimination. We also demonstrate formal connections to proofcarrying authorization’s existing approach for handling time and comment on the enforceability of our logic in the same framework. Finally, we illustrate the expressiveness of the logic through examples, including those with complex interactions between time, authorization, and mutable state.
Interpreting Strands in Linear Logic
, 2000
"... The adoption of the DolevYao model, an abstraction of security protocols that supports symbolic reasoning, is responsible for many successes in protocol analysis. In particular, it has enabled using logic effectively to reason about protocols. One recent framework for expressing the basic assumptio ..."
Abstract

Cited by 21 (10 self)
 Add to MetaCart
The adoption of the DolevYao model, an abstraction of security protocols that supports symbolic reasoning, is responsible for many successes in protocol analysis. In particular, it has enabled using logic effectively to reason about protocols. One recent framework for expressing the basic assumptions of the DolevYao model is given by strand spaces, certain directed graphs whose structure reflects causal interactions among protocol participants. We represent strand constructions as relatively simple formulas in firstorder linear logic, a refinement of traditional logic known for an intrinsic and natural accounting of process states, events, and resources. The proposed encoding is shown to be sound and complete. Interestingly, this encoding differs from the multiset rewriting definition of the DolevYao model, which is also based on linear logic. This raises the possibility that the multiset rewriting framework may differ from strand spaces in some subtle way, although the two settings are known to agree on the basic secrecy property. 1 Introduction In recent years, a variety of methods have been developed for analyzing and reasoning about protocols based on cryptographic primitives. Although there are many differences among these proposals, most current formal approaches use the socalled "DolevYao" model of adversary capabilities, which appears to be drawn from positions taken in [34] and from a simplified model presented in [11]. In this idealized setting, a protocol adversary is allowed to nondeterministically choose among possible actions. Messages are composed of indivisible abstract values, not sequences of bits, and encryption is modeled in an idealized way. The adversary may only send messages comprised of data it "knows" as the result of overhearing past transmissions.
Temporal Linear Logic and Its Applications
, 2000
"... Linear logic, introduced by Girard in 1987, has been called a resource conscious logic. In order to express a dynamic change in process environment, it is useful to consider a concept of resource such as data consumption. The expressive power of linear logic is evidenced by some very natural encodin ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Linear logic, introduced by Girard in 1987, has been called a resource conscious logic. In order to express a dynamic change in process environment, it is useful to consider a concept of resource such as data consumption. The expressive power of linear logic is evidenced by some very natural encodings of computational models such as Petri nets, counter machines, Turing machines, and others. For example, in Petri nets, tokens are considered as resources that are consumed and transitions are considered as reusable resources. It is well known that the reachability problem for ordinary Petri nets is equivalent to the provability for the corresponding sequent of linear logic. Also, as a formal logical system, linear logic satisfies some basic theorems. In it the cut elimination theorem and the soundness and completeness theorems for phase semantics which is a standard semantics of linear logic hold true. In particular, the cut elimination theorem can be applied to logic programming, uniform proof and proof search, and so on. We think that linear logic has been given various applications in computer science through its resource consciousness and usefulness as a formal system. However, since linear logic does not include a concept of time directly, it is not enough to treat a dynamic change in environments with the passage of time such as execution time and waiting time. A typical example is the encoding of timed Petri nets. Although ordinary Petri nets can be encoded into linear logic naturally as stated above, the encoding of timed Petri nets into the corresponding sequent is too complex for linear logic since the reachability problem for timed Petri nets includes a time concept. Thus, it can be considered to extend linear logic with respect to the time concept. The aim of t...
A Rewriting Framework for Activities Subject to Regulations
"... Activities such as clinical investigations or financial processes are subject to regulations to ensure quality of results and avoid negative consequences. Regulations may be imposed by multiple governmental agencies as well as by institutional policies and protocols. Due to the complexity of both re ..."
Abstract
 Add to MetaCart
Activities such as clinical investigations or financial processes are subject to regulations to ensure quality of results and avoid negative consequences. Regulations may be imposed by multiple governmental agencies as well as by institutional policies and protocols. Due to the complexity of both regulations and activities there is great potential for violation due to human error, misunderstanding, or even intent. Executable formal models of regulations, protocols, and activities can form the foundation for automated assistants to aid planning, monitoring, and compliance checking. We propose a model based on multiset rewriting where time is discrete and is specified by timestamps attached to facts. Actions, as well as initial, goal and critical states may be constrained by means of relative time constraints. Moreover, actions may have nondeterministic effects, i.e., they may have different outcomes whenever applied. We demonstrate how specifications in our model can be straightforwardly mapped to the rewriting logic language Maude, and how one can use existing techniques to improve performance. Finally, we also determine the complexity of the plan compliance problem, that is, finding a plan that leads from an initial state to a desired goal state without reaching any undesired critical state. We consider all actions