Results 1  10
of
15
A Compositional Logic for Proving Security Properties of Protocols
 Journal of Computer Security
, 2002
"... We present a logic for proving security properties of protocols that use nonces (randomly generated numbers that uniquely identify a protocol session) and publickey cryptography. The logic, designed around a process calculus with actions for each possible protocol step, consists of axioms about ..."
Abstract

Cited by 50 (12 self)
 Add to MetaCart
We present a logic for proving security properties of protocols that use nonces (randomly generated numbers that uniquely identify a protocol session) and publickey cryptography. The logic, designed around a process calculus with actions for each possible protocol step, consists of axioms about protocol actions and inference rules that yield assertions about protocols composed of multiple steps. Although assertions are written using only steps of the protocol, the logic is sound in a stronger sense: each provable assertion about an action or sequence of actions holds in any run of the protocol that contains the given actions and arbitrary additional actions by a malicious attacker. This approach lets us prove security properties of protocols under attack while reasoning only about the sequence of actions taken by honest parties to the protocol. The main securityspecific parts of the proof system are rules for reasoning about the set of messages that could reveal secret data and an invariant rule called the "honesty rule." 1
An Algebraic Presentation of Term Graphs, via GSMonoidal Categories
 Applied Categorical Structures
, 1999
"... . We present a categorical characterisation of term graphs (i.e., finite, directed acyclic graphs labeled over a signature) that parallels the wellknown characterisation of terms as arrows of the algebraic theory of a given signature (i.e., the free Cartesian category generated by it). In particula ..."
Abstract

Cited by 37 (24 self)
 Add to MetaCart
. We present a categorical characterisation of term graphs (i.e., finite, directed acyclic graphs labeled over a signature) that parallels the wellknown characterisation of terms as arrows of the algebraic theory of a given signature (i.e., the free Cartesian category generated by it). In particular, we show that term graphs over a signature \Sigma are onetoone with the arrows of the free gsmonoidal category generated by \Sigma. Such a category satisfies all the axioms for Cartesian categories but for the naturality of two transformations (the discharger ! and the duplicator r), providing in this way an abstract and clear relationship between terms and term graphs. In particular, the absence of the naturality of r and ! has a precise interpretation in terms of explicit sharing and of loss of implicit garbage collection, respectively. Keywords: algebraic theories, directed acyclic graphs, gsmonoidal categories, symmetric monoidal categories, term graphs. Mathematical Subject Clas...
A Compositional Logic for Protocol Correctness
 In Proceedings of 14th IEEE Computer Security Foundations Workshop
, 2001
"... We present a specialized protocol logic that is built around a process language for describing the actions of a protocol. In general terms, the relation between logic and protocol is like the relation between assertions in FloydHoare logic and standard imperative programs. Like FloydHoare logic, o ..."
Abstract

Cited by 33 (14 self)
 Add to MetaCart
We present a specialized protocol logic that is built around a process language for describing the actions of a protocol. In general terms, the relation between logic and protocol is like the relation between assertions in FloydHoare logic and standard imperative programs. Like FloydHoare logic, our logic contains axioms and inference rules for each of the main protocol actions and proofs are protocoldirected, meaning that the outline of a proof of correctness follows the sequence of actions in the protocol. We prove that the protocol logic is sound, in a specific sense: each provable assertion about an action or sequence of actions holds in any run of the protocol, under attack, in which the given actions occur. This approach lets us prove properties of protocols that hold in all runs, while explicitly reasoning only about the sequence of actions needed to achieve this property. In particular, no explicit reasoning about the potential actions of an attacker is required.
A derivation system for security protocols and its logical formalization
 In Proceedings of 16th IEEE Computer Security Foundations Workshop
, 2003
"... Many authentication and key exchange protocols are built using an accepted set of standard concepts such as DiffieHellman key exchange, nonces to avoid replay, certificates from an accepted authority, and encrypted or signed messages. We introduce a basic framework for deriving security protocols f ..."
Abstract

Cited by 30 (18 self)
 Add to MetaCart
Many authentication and key exchange protocols are built using an accepted set of standard concepts such as DiffieHellman key exchange, nonces to avoid replay, certificates from an accepted authority, and encrypted or signed messages. We introduce a basic framework for deriving security protocols from such simple components. As a case study, we examine the structure of a family of key exchange protocols that includes StationToStation (STS), ISO97983, Just Fast Keying (JFK), IKE and related protocols, deriving all members of the family from two basic protocols using a small set of refinements and protocol transformations. As initial steps toward associating logical derivations with protocol derivations, we extend a previous security protocol logic with preconditions and temporal assertions. Using this logic, we prove the security properties of the standard signature based ChallengeResponse protocol and the DiffieHellman key exchange protocol. The ISO97983 protocol is then proved correct by composing the correctness proofs of these two simple protocols. 1
From Action Calculi to Linear Logic
, 1998
"... . Milner introduced action calculi as a framework for investigating models of interactive behaviour. We present a typetheoretic account of action calculi using the propositionsastypes paradigm; the type theory has a sound and complete interpretation in Power's categorical models. We go on to give ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
. Milner introduced action calculi as a framework for investigating models of interactive behaviour. We present a typetheoretic account of action calculi using the propositionsastypes paradigm; the type theory has a sound and complete interpretation in Power's categorical models. We go on to give a sound translation of our type theory in the (type theory of) intuitionistic linear logic, corresponding to the relation between Benton's models of linear logic and models of action calculi. The conservativity of the syntactic translation is proved by a modelembedding construction using the Yoneda lemma. Finally, we briefly discuss how these techniques can also be used to give conservative translations between various extensions of action calculi. 1 Introduction Action calculi arose directly from the ßcalculus [MPW92]. They were introduced by Milner [Mil96], to provide a uniform notation for capturing many calculi of interaction such as the ßcalculus, the calculus, models of distribut...
Quantum and classical structures in nondeterministic computation
 Proceedings of Quanum Interaction 2009, Lecture
"... Abstract. In categorical quantum mechanics, classical structures characterize the classical interfaces of quantum resources on one hand, while on the other hand giving rise to some quantum phenomena. In the standard Hilbert space model of quantum theories, classical structures over a space correspon ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Abstract. In categorical quantum mechanics, classical structures characterize the classical interfaces of quantum resources on one hand, while on the other hand giving rise to some quantum phenomena. In the standard Hilbert space model of quantum theories, classical structures over a space correspond to its orthonormal bases. In the present paper, we show that classical structures in the category of relations correspond to direct sums of abelian groups. Although relations are, of course, not an interesting model of quantum computation, this result has some interesting computational interpretations. If relations are viewed as denotations of nondeterministic programs, it uncovers a wide variety of nonstandard quantum structures in this familiar area of classical computation. Ironically, it also opens up a version of what in philosophy of quantum mechanics would be called an onticepistemic gap, as it provides no interface to these nonstandard quantum structures. 1
2008) Classical and quantum structures
"... In recent work, symmetric daggermonoidal (SDM) categories have emerged as a convenient categorical formalization of quantum mechanics. The objects represent physical systems, the morphisms physical operations, whereas the tensors describe composite systems. Classical data turn out to correspond to ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
In recent work, symmetric daggermonoidal (SDM) categories have emerged as a convenient categorical formalization of quantum mechanics. The objects represent physical systems, the morphisms physical operations, whereas the tensors describe composite systems. Classical data turn out to correspond to Frobenius algebras with some additional properties. They express the distinguishing capabilities of classical data: in contrast with quantum data, classical data can be copied and deleted. The algebraic approach thus shifts the paradigm of ”quantization ” of a classical theory to ”classicization ” of a quantum theory. Remarkably, the simple SDM framework suffices not only for this conceptual shift, but even allows us to distinguish the deterministic classical operations (i.e. functions) from the nondeterministic classical operations (i.e. relations), and the probabilistic classical operations (stochastic maps). Moreover, a combination of some basic categorical constructions (due to Kleisli, resp. Grothendieck) with the categorical presentations of quantum states, provides a resource sensitive account of various quantumclassical interactions: of classical control of quantum data, of classical data arising from quantum measurements, as well as of the classical data processing inbetween controls and measurements. A salient feature here is the graphical calculus for categorical quantum mechanics, which allows a purely diagrammatic representation of classicalquantum interaction. 1
Symmetric Action Calculi
 Theoretical Computer Science
, 1999
"... Many calculi for describing interactive behaviour involve names, nameabstraction and namerestriction. Milner's reflexive action calculi provide a framework for exploring such calculi. It is based on names and nameabstraction. We introduce an alternative framework, the symmetric action calculi, ba ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Many calculi for describing interactive behaviour involve names, nameabstraction and namerestriction. Milner's reflexive action calculi provide a framework for exploring such calculi. It is based on names and nameabstraction. We introduce an alternative framework, the symmetric action calculi, based on names, conames and namerestriction (or hiding). Nameabstraction is intepreted as a derived operator. The symmetric framework conservatively extends the reflexive framework. It allows for a natural intepretation of a variety of calculi: we give interpretations for the calculus, the I calculus and a variant of the fusion calculus. We then give a combinatory version of the symmetric framework, in which namerestriction also is expressed as a derived operator. This combinatory account provides an intermediate step between our nonstandard use of names in graphs, and the more standard graphical structure arising from category theory. To conclude, we briey illustrate the connection ...