The Yahalom protocol is one of those analyzed by Burrows et al. [5]. Based upon their analysis, they have proposed modifications to make the protocol easier to understand and to analyze. Both versions of Yahalom have now been analyzed using Isabelle/HOL. Modified Yahalom satisfies strong security goals, and the original version is adequate. The mathematical reasoning behind these machine proofs is presented informally. An appendix gives extracts from a formal proof. Yahalom presents special difficulties because the compromise of one session key compromises other secrets. The proofs show that the resulting losses are limited. They rely on a new proof technique, which involves reasoning about the relationship between keys and the secrets encrypted by them. This technique is applicable to other difficult protocols, such as Kerberos IV [2]. The new proofs do not rely on a belief logic. They use a fundamentally different formal model: the inductive method. They confirm the BAN analysis and the advantages of the proposed modifications. The new proof methods detect more flaws than BAN and analyze protocols in finer detail, while remaining broadly consistent with the

Abstract not found

This paper reports on the ongoing KeY project aimed at bridging the gap between (a) object-oriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specifiation and deductive verification.

Abstract not found

A logic for specification and verification is derived from the axioms of Zermelo-Fraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higher-order syntax supports the definition of new binding operators. Unknowns in subgoals can be instantiated incrementally. The paper describes the derivation of rules for descriptions, relations and functions, and discusses interactive proofs of Cantor’s Theorem, the Composition of Homomorphisms challenge [9], and Ramsey’s Theorem [5]. A generic proof assistant can stand up against provers dedicated to particular logics. Key words. Isabelle, set theory, generic theorem proving, Ramsey’s Theorem,

A theory of recursive and corecursive definitions has been developed in higher-order logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists; greatest fixedpoints express coinductive data types, such as lazy lists. Wellfounded recursion expresses recursive functions over inductive data types; corecursion expresses functions that yield elements of coinductive data types. The theory rests on a traditional formalization of infinite trees. The theory is intended for use in specification and verification. It supports reasoning about a wide range of computable functions, but it does not formalize their operational semantics and can express noncomputable functions also. The theory is illustrated using finite and infinite lists. Corecursion expresses functions over infinite lists; coinduction reasons about such functions. Key words. Isabelle, higher-order logic, coinduction, corecursion Copyright c fl 1996 by Lawrence C. Paulson Content...

Conditioned slicing is a powerful generalisation of static and dynamic slicing which has applications to many problems in software maintenance and evolution, including re-use, reengineering and program comprehension. However; there has been relatively little work on the implementation of conditioned slicing. Algorithms for implementing conditioned slicing necessarily involve reasoning about the values of program predicates in certain sets of states derived from the conditioned slicing criterion, making implementation particularly demanding. This paper introduces ConSIT a conditioned slicing system which is based upon conventional static slicing, symbolic execution and theorem proving. ConSIT is the jirst fully automated implementation of conditioned slicing. An implementation of ConSIT is available for experimentationat

Abstract: A generic tableau prover has been implemented and integrated with Isabelle [Paulson, 1994]. Compared with classical rst-order logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higherorder syntax in order to support user-de ned binding operators, such as those of set theory. The uni cation algorithm is rst-order instead of higher-order, but it includes modi cations to handle bound variables. The proof, when found, is returned to Isabelle as a list of tactics. Because Isabelle veri es the proof, the prover can cut corners for e ciency's sake without compromising soundness. For example, the prover can use type information to guide the search without storing type information in full. Categories: F.4, I.1

Abstract not found

We show how labelled deductive systems can be combined with a logical framework to provide a natural deduction implementation of a large and well-known class of propositional modal logics (including K, D, T , B, S4, S4:2, KD45, S5). Our approach is modular and based on a separation between a base logic and a labelling algebra, which interact through a fixed interface. While the base logic stays fixed, different modal logics are generated by plugging in appropriate algebras. This leads to a hierarchical structuring of modal logics with inheritance of theorems. Moreover, it allows modular correctness proofs, both with respect to soundness and completeness for semantics, and faithfulness and adequacy of the implementation. We also investigate the tradeoffs in possible labelled presentations: We show that a narrow interface between the base logic and the labelling algebra supports modularity and provides an attractive proof-theory (in comparision to, e.g., semantic embedding) but limits th...