Results 1  10
of
28
The inductive approach to verifying cryptographic protocols
 Journal of Computer Security
, 1998
"... Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinitestate systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as ..."
Abstract

Cited by 410 (28 self)
 Add to MetaCart
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinitestate systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as little as a week or two, yielding a proof script that takes a few minutes to run. Protocols are inductively defined as sets of traces. A trace is a list of communication events, perhaps comprising many interleaved protocol runs. Protocol descriptions incorporate attacks and accidental losses. The model spy knows some private keys and can forge messages using components decrypted from previous traffic. Three protocols are analyzed below: OtwayRees (which uses sharedkey encryption), NeedhamSchroeder (which uses publickey encryption), and a recursive protocol [9] (which is of variable length). One can prove that event ev always precedes event ev ′ or that property
Isar  a Generic Interpretative Approach to Readable Formal Proof Documents
, 1999
"... We present a generic approach to readable formal proof documents, called Intelligible semiautomated reasoning (Isar). It addresses the major problem of existing interactive theorem proving systems that there is no appropriate notion of proof available that is suitable for human communication, or ..."
Abstract

Cited by 81 (16 self)
 Add to MetaCart
We present a generic approach to readable formal proof documents, called Intelligible semiautomated reasoning (Isar). It addresses the major problem of existing interactive theorem proving systems that there is no appropriate notion of proof available that is suitable for human communication, or even just maintenance. Isar's main aspect is its formal language for natural deduction proofs, which sets out to bridge the semantic gap between internal notions of proof given by stateoftheart interactive theorem proving systems and an appropriate level of abstraction for userlevel work. The Isar language is both human readable and machinecheckable, by virtue of the Isar/VM interpreter. Compared to existing declarative theorem proving systems, Isar avoids several shortcomings: it is based on a few basic principles only, it is quite independent of the underlying logic, and supports a broad range of automated proof methods. Interactive proof development is supported as well...
A generic tableau prover and its integration with Isabelle
 Journal of Universal Computer Science
, 1999
"... Abstract: A generic tableau prover has been implemented and integrated with Isabelle [Paulson, 1994]. Compared with classical rstorder logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higherorder syntax in order to support userde ne ..."
Abstract

Cited by 39 (10 self)
 Add to MetaCart
Abstract: A generic tableau prover has been implemented and integrated with Isabelle [Paulson, 1994]. Compared with classical rstorder logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higherorder syntax in order to support userde ned binding operators, such as those of set theory. The uni cation algorithm is rstorder instead of higherorder, but it includes modi cations to handle bound variables. The proof, when found, is returned to Isabelle as a list of tactics. Because Isabelle veri es the proof, the prover can cut corners for e ciency's sake without compromising soundness. For example, the prover can use type information to guide the search without storing type information in full. Categories: F.4, I.1
Lightweight relevance filtering for machinegenerated resolution problems
 In ESCoR: Empirically Successful Computerized Reasoning
, 2006
"... Irrelevant clauses in resolution problems increase the search space, making it hard to find proofs in a reasonable time. Simple relevance filtering methods, based on counting function symbols in clauses, improve the success rate for a variety of automatic theorem provers and with various initial set ..."
Abstract

Cited by 31 (8 self)
 Add to MetaCart
Irrelevant clauses in resolution problems increase the search space, making it hard to find proofs in a reasonable time. Simple relevance filtering methods, based on counting function symbols in clauses, improve the success rate for a variety of automatic theorem provers and with various initial settings. We have designed these techniques as part of a project to link automatic theorem provers to the interactive theorem prover Isabelle. They should be applicable to other situations where the resolution problems are produced mechanically and where completeness is less important than achieving a high success rate with limited processor time. 1
Experiments on supporting interactive proof using resolution
 In Basin and Rusinowitch [4
"... Abstract. Interactive theorem provers can model complex systems, but require much effort to prove theorems. Resolution theorem provers are automatic and powerful, but they are designed to be used for very different applications. This paper reports a series of experiments designed to determine whethe ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
Abstract. Interactive theorem provers can model complex systems, but require much effort to prove theorems. Resolution theorem provers are automatic and powerful, but they are designed to be used for very different applications. This paper reports a series of experiments designed to determine whether resolution can support interactive proof as it is currently done. In particular, we present a sound and practical encoding in firstorder logic of Isabelle’s type classes. 1
Isabelle/Isar  a generic framework for humanreadable proof documents
 UNIVERSITY OF BIA̷LYSTOK
, 2007
"... ..."
Type Inference Verified: Algorithm W in Isabelle/HOL
, 1997
"... This paper presents the first machinechecked verification of Milner's type inference algorithm W for computing the most general type of an untyped term enriched with letexpressions. This term language is the core of most typed functional programming languages and is also known as MiniML ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
This paper presents the first machinechecked verification of Milner's type inference algorithm W for computing the most general type of an untyped term enriched with letexpressions. This term language is the core of most typed functional programming languages and is also known as MiniML. We show how to model all the concepts involved, in particular types and type schemes, substitutions, and the thorny issue of "new" variables. Only a few key proofs are discussed in detail. The theories and proofs are developed in Isabelle/HOL, the HOL instantiation of the generic theorem prover Isabelle.
Verified Lexical Analysis
 Theorem Proving in Higher Order Logics
, 1998
"... . This paper presents the development and verification of a (very simple) lexical analyzer generator that takes a regular expression and yields a functional lexical analyzer. The emphasis is on simplicity and executability. The work was carried out with the help of the theorem prover Isabelle/HO ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
. This paper presents the development and verification of a (very simple) lexical analyzer generator that takes a regular expression and yields a functional lexical analyzer. The emphasis is on simplicity and executability. The work was carried out with the help of the theorem prover Isabelle/HOL. 1 Introduction Admittedly, lexical analysis is not exactly safety critical. But if the dream of a verified compiler is to be taken seriously, it must include the front end as well. Practical applications aside, lexical analysis is an excellent example of computational discrete mathematics, and as such an ideal test case for any aspiring theorem prover. We formalize and verify the process of taking a regular expression and turning it into a lexical analyzer (also called scanner ). The design goals are simplicity and executability. The result is an almost executable functional program, except for one place, where simplicity has prevailed over executability. The overall structure of both ...
A Proof Planning Framework for Isabelle
, 2005
"... Proof planning is a paradigm for the automation of proof that focuses on encoding intelligence to guide the proof process. The idea is to capture common patterns of reasoning which can be used to derive abstract descriptions of proofs known as proof plans. These can then be executed to provide fully ..."
Abstract

Cited by 13 (9 self)
 Add to MetaCart
Proof planning is a paradigm for the automation of proof that focuses on encoding intelligence to guide the proof process. The idea is to capture common patterns of reasoning which can be used to derive abstract descriptions of proofs known as proof plans. These can then be executed to provide fully formal proofs. This thesis concerns the development and analysis of a novel approach to proof planning that focuses on an explicit representation of choices during search. We embody our approach as a proof planner for the generic proof assistant Isabelle and use the Isar language, which is humanreadable and machinecheckable, to represent proof plans. Within this framework we develop an inductive theorem prover as a case study of our approach to proof planning. Our prover uses the difference reduction heuristic known as rippling to automate the step cases of the inductive proofs. The development of a flexible approach to rippling that supports its various modifications and extensions is the second major focus of this thesis. Here, our inductive theorem prover provides a context in which to evaluate rippling experimentally. This work results in an efficient and powerful inductive theorem prover for Isabelle as well as proposals for further improving the efficiency of rippling. We also draw observations in order
Verifying the SET purchase protocols
 Computer Laboratory, University of Cambridge
, 2001
"... Abstract. SET (Secure Electronic Transaction) is a suite of protocols proposed by a consortium of credit card companies and software corporations to secure ecommerce transactions. The Purchase part of the suite is intended to guarantee the integrity and authenticity of the payment transaction while ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Abstract. SET (Secure Electronic Transaction) is a suite of protocols proposed by a consortium of credit card companies and software corporations to secure ecommerce transactions. The Purchase part of the suite is intended to guarantee the integrity and authenticity of the payment transaction while keeping the Cardholder’s account details secret from the Merchant and his choice of goods secret from the Bank. This paper details the first verification results for the complete Purchase protocols of SET. Using Isabelle and the inductive method, we show that their primary goal is indeed met. However, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the Cardholder meant to send his credit card details to the very payment gateway that receives them. A major effort in the verification went into digesting the SET documentation to produce a realistic model. The protocol’s complexity and size makes verification difficult, compared with other protocols. However, our effort has yielded significant insights.