Results 21  30
of
256
Cryptographically Sound Theorem Proving
 In Proc. 19th IEEE CSFW
, 2006
"... We describe a faithful embedding of the DolevYao model of Backes, Pfitzmann, and Waidner (CCS 2003) in the theorem prover Isabelle/HOL. This model is cryptographically sound in the strong sense of reactive simulatability/UC, which essentially entails the preservation of arbitrary security proper ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
We describe a faithful embedding of the DolevYao model of Backes, Pfitzmann, and Waidner (CCS 2003) in the theorem prover Isabelle/HOL. This model is cryptographically sound in the strong sense of reactive simulatability/UC, which essentially entails the preservation of arbitrary security properties under active attacks and in arbitrary protocol environments. The main challenge in designing a practical formalization of this model is to cope with the complexity of providing such strong soundness guarantees. We reduce this complexity by abstracting the model into a sound, lightweight formalization that enables both concise property specifications and efficient application of our proof strategies and their supporting proof tools. This yields the first toolsupported framework for symbolically verifying security protocols that enjoys the strong cryptographic soundness guarantees provided by reactive simulatability/UC. As a proof of concept, we have proved the security of the NeedhamSchroederLowe protocol using our framework.
A blackboard architecture for guiding interactive proofs
 Artificial Intelligence: Methodology, Systems and Applications
, 1998
"... Abstract. The acceptance and usability of current interactive theorem proving environments is, among other things, strongly influenced by the availability of an intelligent default suggestion mechanism for commands. Such mechanisms support the user by decreasing the necessary interactions during the ..."
Abstract

Cited by 24 (19 self)
 Add to MetaCart
Abstract. The acceptance and usability of current interactive theorem proving environments is, among other things, strongly influenced by the availability of an intelligent default suggestion mechanism for commands. Such mechanisms support the user by decreasing the necessary interactions during the proof construction. Although many systems offer such facilities, they are often limited in their functionality. In this paper we present a new agentbased mechanism that independently observes the proof state, steadily computes suggestions on how to further construct the proof, and communicates these suggestions to the user via a graphical user interface. We furthermore introduce a focus technique in order to restrict the search space when deriving default suggestions. Although the agents we discuss in this paper are rather simple from a computational viewpoint, we indicate how the presented approach can be extended in order to increase its deductive power. 1
Combining WS1S and HOL
 Frontiers of Combining Systems 2, volume 7 of Studies in Logic and Computation
, 1998
"... We investigate the combination of the weak secondorder monadic logic of one successor (WS1S) with higherorder logic (HOL). We show how these two logics can be combined, how theorem provers based on them can be safely integrated, and how the result can be used. In particular, we present an embeddin ..."
Abstract

Cited by 23 (4 self)
 Add to MetaCart
We investigate the combination of the weak secondorder monadic logic of one successor (WS1S) with higherorder logic (HOL). We show how these two logics can be combined, how theorem provers based on them can be safely integrated, and how the result can be used. In particular, we present an embedding of the semantics of WS1S in HOL that provides a basis for coupling the MONA system, a decision procedure for WS1S, with an implementation of HOL in the Isabelle system. Afterwards, we describe methods that reduce problems formalized in HOL to problems in the language of WS1S. We present applications to arithmetic reasoning and proving properties of parameterized sequential systems.
A Corrected FailureDivergence Model for CSP in Isabelle/HOL
, 1997
"... . We present a failuredivergence model for CSP following the concepts of [BR 85]. Its formal representation within higher order logic in the theorem prover Isabelle/HOL [Pau 94] revealed an error in the basic definition of CSP concerning the treatment of the termination symbol tick. A corrected mod ..."
Abstract

Cited by 22 (8 self)
 Add to MetaCart
. We present a failuredivergence model for CSP following the concepts of [BR 85]. Its formal representation within higher order logic in the theorem prover Isabelle/HOL [Pau 94] revealed an error in the basic definition of CSP concerning the treatment of the termination symbol tick. A corrected model has been formally proven consistent with Isabelle/ HOL. Moreover, the changed version maintains the essential algebraic properties of CSP. As a result, there is a proven correct implementation of a "CSP workbench" within Isabelle. 1 Introduction In his invited lecture at FME'96, C.A.R. Hoare presented his view on the status quo of formal methods in industry. With respect to formal proof methods, he ruled that they "are now sufficiently advanced that a [...] formal methodologist could occasionally detect [...] obscure latent errors before they occur in practice" and asked for their publication as a possible "milestone in the acceptance of formal methods" in industry. In this paper, we re...
Proof Transformations in HigherOrder Logic
, 1987
"... We investigate the problem of translating between different styles of proof systems in higherorder logic: analytic proofs which are well suited for automated theorem proving, and nonanalytic deductions which are well suited for the mathematician. Analytic proofs are represented as expansion proofs, ..."
Abstract

Cited by 21 (5 self)
 Add to MetaCart
We investigate the problem of translating between different styles of proof systems in higherorder logic: analytic proofs which are well suited for automated theorem proving, and nonanalytic deductions which are well suited for the mathematician. Analytic proofs are represented as expansion proofs, H, a form of the sequent calculus we define, nonanalytic proofs are represented by natural deductions. A nondeterministic translation algorithm between expansion proofs and Hdeductions is presented and its correctness is proven. We also present an algorithm for translation in the other direction and prove its correctness. A cutelimination algorithm for expansion proofs is given and its partial correctness is proven. Strong termination of this algorithm remains a conjecture for the full higherorder system, but is proven for the firstorder fragment. We extend the translations to a nonanalytic proof system which contains a primitive notion of equality, while leaving the notion of expansion proof unaltered. This is possible, since a nonextensional equality is definable in our system of type theory. Next we extend analytic and nonanalytic proof systems and the translations between them to include extensionality. Finally, we show how the methods and notions used so far apply to the problem of translating expansion proofs into natural deductions. Much care is taken to specify this translation in a
AgentOriented Integration of Distributed Mathematical Services
 Journal of Universal Computer Science
, 1999
"... Realworld applications of automated theorem proving require modern software environments that enable modularisation, networked interoperability, robustness, and scalability. These requirements are met by the AgentOriented Programming paradigm of Distributed Artificial Intelligence. We argue that ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
Realworld applications of automated theorem proving require modern software environments that enable modularisation, networked interoperability, robustness, and scalability. These requirements are met by the AgentOriented Programming paradigm of Distributed Artificial Intelligence. We argue that a reasonable framework for automated theorem proving in the large regards typical mathematical services as autonomous agents that provide internal functionality to the outside and that, in turn, are able to access a variety of existing external services. This article describes...
Higher Order Logic
 In Handbook of Logic in Artificial Intelligence and Logic Programming
, 1994
"... Contents 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2 The expressive power of second order Logic : : : : : : : : : : : 3 2.1 The language of second order logic : : : : : : : : : : : : : 3 2.2 Expressing size : : : : : : : : : : : : : : : : : : : : : : : : 4 2.3 Definin ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Contents 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2 The expressive power of second order Logic : : : : : : : : : : : 3 2.1 The language of second order logic : : : : : : : : : : : : : 3 2.2 Expressing size : : : : : : : : : : : : : : : : : : : : : : : : 4 2.3 Defining data types : : : : : : : : : : : : : : : : : : : : : 6 2.4 Describing processes : : : : : : : : : : : : : : : : : : : : : 8 2.5 Expressing convergence using second order validity : : : : : : : : : : : : : : : : : : : : : : : : : 9 2.6 Truth definitions: the analytical hierarchy : : : : : : : : 10 2.7 Inductive definitions : : : : : : : : : : : : : : : : : : : : : 13 3 Canonical semantics of higher order logic : : : : : : : : : : : : 15 3.1 Tarskian semantics of second order logic : : : : : : : : : 15 3.2 Function and re
Three Years of Experience with Sledgehammer, a Practical Link between Automatic and Interactive Theorem Provers
"... Sledgehammer is a highly successful subsystem of Isabelle/HOL that calls automatic theorem provers to assist with interactive proof construction. It requires no user configuration: it can be invoked with a single mouse gesture at any point in a proof. It automatically finds relevant lemmas from all ..."
Abstract

Cited by 19 (5 self)
 Add to MetaCart
Sledgehammer is a highly successful subsystem of Isabelle/HOL that calls automatic theorem provers to assist with interactive proof construction. It requires no user configuration: it can be invoked with a single mouse gesture at any point in a proof. It automatically finds relevant lemmas from all those currently available. An unusual aspect of its architecture is its use of unsound translations, coupled with its delivery of results as Isabelle/HOL proof scripts: its output cannot be trusted, but it does not need to be trusted. Sledgehammer works well with Isar structured proofs and allows beginners to prove challenging theorems. 1