Results 1  10
of
467
A Framework for Defining Logics
 JOURNAL OF THE ASSOCIATION FOR COMPUTING MACHINERY
, 1993
"... The Edinburgh Logical Framework (LF) provides a means to define (or present) logics. It is based on a general treatment of syntax, rules, and proofs by means of a typed calculus with dependent types. Syntax is treated in a style similar to, but more general than, MartinLof's system of ariti ..."
Abstract

Cited by 794 (42 self)
 Add to MetaCart
The Edinburgh Logical Framework (LF) provides a means to define (or present) logics. It is based on a general treatment of syntax, rules, and proofs by means of a typed calculus with dependent types. Syntax is treated in a style similar to, but more general than, MartinLof's system of arities. The treatment of rules and proofs focuses on his notion of a judgement. Logics are represented in LF via a new principle, the judgements as types principle, whereby each judgement is identified with the type of its proofs. This allows for a smooth treatment of discharge and variable occurrence conditions and leads to a uniform treatment of rules and proofs whereby rules are viewed as proofs of higherorder judgements and proof checking is reduced to type checking. The practical benefit of our treatment of formal systems is that logicindependent tools such as proof editors and proof checkers can be constructed.
The inductive approach to verifying cryptographic protocols
 Journal of Computer Security
, 1998
"... Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinitestate systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as ..."
Abstract

Cited by 471 (29 self)
 Add to MetaCart
(Show Context)
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinitestate systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as little as a week or two, yielding a proof script that takes a few minutes to run. Protocols are inductively defined as sets of traces. A trace is a list of communication events, perhaps comprising many interleaved protocol runs. Protocol descriptions incorporate attacks and accidental losses. The model spy knows some private keys and can forge messages using components decrypted from previous traffic. Three protocols are analyzed below: OtwayRees (which uses sharedkey encryption), NeedhamSchroeder (which uses publickey encryption), and a recursive protocol [9] (which is of variable length). One can prove that event ev always precedes event ev ′ or that property
Fresh Logic
 Journal of Applied Logic
, 2007
"... Abstract. The practice of firstorder logic is replete with metalevel concepts. Most notably there are metavariables ranging over formulae, variables, and terms, and properties of syntax such as alphaequivalence, captureavoiding substitution and assumptions about freshness of variables with resp ..."
Abstract

Cited by 217 (28 self)
 Add to MetaCart
(Show Context)
Abstract. The practice of firstorder logic is replete with metalevel concepts. Most notably there are metavariables ranging over formulae, variables, and terms, and properties of syntax such as alphaequivalence, captureavoiding substitution and assumptions about freshness of variables with respect to metavariables. We present oneandahalfthorder logic, in which these concepts are made explicit. We exhibit both sequent and algebraic specifications of oneandahalfthorder logic derivability, show them equivalent, show that the derivations satisfy cutelimination, and prove correctness of an interpretation of firstorder logic within it. We discuss the technicalities in a wider context as a casestudy for nominal algebra, as a logic in its own right, as an algebraisation of logic, as an example of how other systems might be treated, and also as a theoretical foundation
Rewriting Logic as a Logical and Semantic Framework
, 1993
"... Rewriting logic [72] is proposed as a logical framework in which other logics can be represented, and as a semantic framework for the specification of languages and systems. Using concepts from the theory of general logics [70], representations of an object logic L in a framework logic F are und ..."
Abstract

Cited by 168 (56 self)
 Add to MetaCart
Rewriting logic [72] is proposed as a logical framework in which other logics can be represented, and as a semantic framework for the specification of languages and systems. Using concepts from the theory of general logics [70], representations of an object logic L in a framework logic F are understood as mappings L ! F that translate one logic into the other in a conservative way. The ease with which such maps can be defined for a number of quite different logics of interest, including equational logic, Horn logic with equality, linear logic, logics with quantifiers, and any sequent calculus presentation of a logic for a very general notion of "sequent," is discussed in detail. Using the fact that rewriting logic is reflective, it is often possible to reify inside rewriting logic itself a representation map L ! RWLogic for the finitely presentable theories of L. Such a reification takes the form of a map between the abstract data types representing the finitary theories of...
Proving Properties of Security Protocols by Induction
 In 10th IEEE Computer Security Foundations Workshop
, 1997
"... Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction ..."
Abstract

Cited by 165 (8 self)
 Add to MetaCart
(Show Context)
Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finitestate systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including NeedhamSchroeder, Yahalom and OtwayRees. The method applies to both symmetrickey and publickey protocols. A new attack has been discovered in a variant of OtwayRees (already broken by Mao and Boyd). Assertions concerning secrecy and authenticity have been proved. CONTENTS i Contents 1 Intro...
Unification under a mixed prefix
 Journal of Symbolic Computation
, 1992
"... Unification problems are identified with conjunctions of equations between simply typed λterms where free variables in the equations can be universally or existentially quantified. Two schemes for simplifying quantifier alternation, called Skolemization and raising (a dual of Skolemization), are pr ..."
Abstract

Cited by 132 (14 self)
 Add to MetaCart
(Show Context)
Unification problems are identified with conjunctions of equations between simply typed λterms where free variables in the equations can be universally or existentially quantified. Two schemes for simplifying quantifier alternation, called Skolemization and raising (a dual of Skolemization), are presented. In this setting where variables of functional type can be quantified and not all types contain closed terms, the naive generalization of firstorder Skolemization has several technical problems that are addressed. The method of searching for preunifiers described by Huet is easily extended to the mixed prefix setting, although solving flexibleflexible unification problems is undecidable since types may be empty. Unification problems may have numerous incomparable unifiers. Occasionally, unifiers share common factors and several of these are presented. Various optimizations on the general unification search problem are as discussed. 1.
Inductive analysis of the internet protocol TLS
 ACM Trans. Inf. Syst. Secur
, 1999
"... Internet browsers use security protocols to protect sensitive messages. An inductive analysis of TLS (a descendant of SSL 3.0) has been performed using the theorem prover Isabelle. Proofs are based on higherorder logic and make no assumptions concerning beliefs or flniteness. All the obvious securi ..."
Abstract

Cited by 130 (16 self)
 Add to MetaCart
(Show Context)
Internet browsers use security protocols to protect sensitive messages. An inductive analysis of TLS (a descendant of SSL 3.0) has been performed using the theorem prover Isabelle. Proofs are based on higherorder logic and make no assumptions concerning beliefs or flniteness. All the obvious security goals can be proved; session resumption appears to be secure even if old session keys have been compromised. The proofs suggest minor changes to simplify the analysis. TLS, even at an abstract level, is much more complicated than most protocols that researchers have verifled. Session keys are negotiated rather than distributed, and the protocol has many optional parts. Nevertheless, the resources needed to verify TLS are modest: six manweeks of efiort and three minutes of processor time.
The Craft of Functional Programming
, 1999
"... Abstract. Refactoring is the process of improving the design of existing programs without changing their functionality. These notes cover refactoring in functional languages, using Haskell as the medium, and introducing the HaRe tool for refactoring in Haskell. 1 ..."
Abstract

Cited by 118 (6 self)
 Add to MetaCart
Abstract. Refactoring is the process of improving the design of existing programs without changing their functionality. These notes cover refactoring in functional languages, using Haskell as the medium, and introducing the HaRe tool for refactoring in Haskell. 1
Formal verification in hardware design: A survey
, 1997
"... In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods ..."
Abstract

Cited by 111 (0 self)
 Add to MetaCart
In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods in a design process: The formal framework used to specify desired properties of a design, and the verification techniques and tools used to reason about the relationship between a specification and a corresponding implementation. We survey a variety of frameworks and techniques which have been proposed in the literature and applied to actual designs. The specification frameworks we describe include temporal logics, predicate logic, abstraction and refinement, as well as containment between!regular languages. The verification techniques presented include model checking, automatatheoretic techniques, automated theorem proving, and approaches that integrate the above methods.
Forum: A multipleconclusion specification logic
 Theoretical Computer Science
, 1996
"... The theory of cutfree sequent proofs has been used to motivate and justify the design of a number of logic programming languages. Two such languages, λProlog and its linear logic refinement, Lolli [15], provide for various forms of abstraction (modules, abstract data types, and higherorder program ..."
Abstract

Cited by 96 (12 self)
 Add to MetaCart
(Show Context)
The theory of cutfree sequent proofs has been used to motivate and justify the design of a number of logic programming languages. Two such languages, λProlog and its linear logic refinement, Lolli [15], provide for various forms of abstraction (modules, abstract data types, and higherorder programming) but lack primitives for concurrency. The logic programming language, LO (Linear Objects) [2] provides some primitives for concurrency but lacks abstraction mechanisms. In this paper we present Forum, a logic programming presentation of all of linear logic that modularly extends λProlog, Lolli, and LO. Forum, therefore, allows specifications to incorporate both abstractions and concurrency. To illustrate the new expressive strengths of Forum, we specify in it a sequent calculus proof system and the operational semantics of a programming language that incorporates references and concurrency. We also show that the meta theory of linear logic can be used to prove properties of the objectlanguages specified in Forum.