Results 21  30
of
459
tps: A theorem proving system for classical type theory
 Journal of Automated Reasoning
, 1996
"... This is a description of TPS, a theorem proving system for classical type theory (Church’s typed λcalculus). TPS has been designed to be a general research tool for manipulating wffs of first and higherorder logic, and searching for proofs of such wffs interactively or automatically, or in a comb ..."
Abstract

Cited by 70 (6 self)
 Add to MetaCart
(Show Context)
This is a description of TPS, a theorem proving system for classical type theory (Church’s typed λcalculus). TPS has been designed to be a general research tool for manipulating wffs of first and higherorder logic, and searching for proofs of such wffs interactively or automatically, or in a combination of these modes. An important feature of TPS is the ability to translate between expansion proofs and natural deduction proofs. Examples of theorems which TPS can prove completely automatically are given to illustrate certain aspects of TPS’s behavior and problems of theorem proving in higherorder logic. 7
Mechanized Proofs for a Recursive Authentication Protocol
 In 10th IEEE Computer Security Foundations Workshop
, 1997
"... A novel protocol has been formally analyzed using the prover Isabelle/HOL, following the inductive approach described in earlier work [11]. There is no limit on the length of a run, the nesting of messages or the number of agents involved. A single run of the protocol delivers session keys for all t ..."
Abstract

Cited by 70 (3 self)
 Add to MetaCart
(Show Context)
A novel protocol has been formally analyzed using the prover Isabelle/HOL, following the inductive approach described in earlier work [11]. There is no limit on the length of a run, the nesting of messages or the number of agents involved. A single run of the protocol delivers session keys for all the agents, allowing neighbours to perform mutual authentication. The basic security theorem states that session keys are correctly delivered to adjacent pairs of honest agents, regardless of whether other agents in the chain are compromised. The protocol's complexity caused some difficulties in the specification and proofs, but its symmetry reduced the number of theorems to prove. CONTENTS i Contents 1 Introduction 1 2 The Recursive Authentication Protocol 2 3 Review of the Inductive Approach 4 4 A Formalization of Hashing 6 5 Modelling the Protocol 7 5.1 Modelling the Server . . . . . . . . . . . . . . . . . . . . . . . 8 5.2 A Coarser Model of the Server . . . . . . . . . . . . . . . . ....
Relations between secrets: Two formal analyses of the Yahalom protocol
 J. of Comp. Sec
"... The Yahalom protocol is one of those analyzed by Burrows et al. [5]. Based upon their analysis, they have proposed modifications to make the protocol easier to understand and to analyze. Both versions of Yahalom have now been analyzed using Isabelle/HOL. Modified Yahalom satisfies strong security go ..."
Abstract

Cited by 59 (12 self)
 Add to MetaCart
(Show Context)
The Yahalom protocol is one of those analyzed by Burrows et al. [5]. Based upon their analysis, they have proposed modifications to make the protocol easier to understand and to analyze. Both versions of Yahalom have now been analyzed using Isabelle/HOL. Modified Yahalom satisfies strong security goals, and the original version is adequate. The mathematical reasoning behind these machine proofs is presented informally. An appendix gives extracts from a formal proof. Yahalom presents special difficulties because the compromise of one session key compromises other secrets. The proofs show that the resulting losses are limited. They rely on a new proof technique, which involves reasoning about the relationship between keys and the secrets encrypted by them. This technique is applicable to other difficult protocols, such as Kerberos IV [2]. The new proofs do not rely on a belief logic. They use a fundamentally different formal model: the inductive method. They confirm the BAN analysis and the advantages of the proposed modifications. The new proof methods detect more flaws than BAN and analyze protocols in finer detail, while remaining broadly consistent with the
A generic tableau prover and its integration with Isabelle
 Journal of Universal Computer Science
, 1999
"... Abstract: A generic tableau prover has been implemented and integrated with Isabelle [Paulson, 1994]. Compared with classical rstorder logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higherorder syntax in order to support userde ne ..."
Abstract

Cited by 53 (11 self)
 Add to MetaCart
(Show Context)
Abstract: A generic tableau prover has been implemented and integrated with Isabelle [Paulson, 1994]. Compared with classical rstorder logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higherorder syntax in order to support userde ned binding operators, such as those of set theory. The uni cation algorithm is rstorder instead of higherorder, but it includes modi cations to handle bound variables. The proof, when found, is returned to Isabelle as a list of tactics. Because Isabelle veri es the proof, the prover can cut corners for e ciency's sake without compromising soundness. For example, the prover can use type information to guide the search without storing type information in full. Categories: F.4, I.1
Set theory for verification: I. From foundations to functions
 J. Auto. Reas
, 1993
"... A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherord ..."
Abstract

Cited by 50 (20 self)
 Add to MetaCart
(Show Context)
A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherorder syntax supports the definition of new binding operators. Unknowns in subgoals can be instantiated incrementally. The paper describes the derivation of rules for descriptions, relations and functions, and discusses interactive proofs of Cantor’s Theorem, the Composition of Homomorphisms challenge [9], and Ramsey’s Theorem [5]. A generic proof assistant can stand up against provers dedicated to particular logics. Key words. Isabelle, set theory, generic theorem proving, Ramsey’s Theorem,
Mechanizing Coinduction and Corecursion in Higherorder Logic
 Journal of Logic and Computation
, 1997
"... A theory of recursive and corecursive definitions has been developed in higherorder logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists; greatest fixedpoints express coinductive data types, such as lazy lists. Wellfounded recursion expresse ..."
Abstract

Cited by 49 (6 self)
 Add to MetaCart
(Show Context)
A theory of recursive and corecursive definitions has been developed in higherorder logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists; greatest fixedpoints express coinductive data types, such as lazy lists. Wellfounded recursion expresses recursive functions over inductive data types; corecursion expresses functions that yield elements of coinductive data types. The theory rests on a traditional formalization of infinite trees. The theory is intended for use in specification and verification. It supports reasoning about a wide range of computable functions, but it does not formalize their operational semantics and can express noncomputable functions also. The theory is illustrated using finite and infinite lists. Corecursion expresses functions over infinite lists; coinduction reasons about such functions. Key words. Isabelle, higherorder logic, coinduction, corecursion Copyright c fl 1996 by Lawrence C. Paulson Content...
The KEY Approach: Integrating Object Oriented Design and Formal Verification
, 2000
"... This paper reports on the ongoing KeY project aimed at bridging the gap between (a) objectoriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specifiation an ..."
Abstract

Cited by 47 (19 self)
 Add to MetaCart
This paper reports on the ongoing KeY project aimed at bridging the gap between (a) objectoriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specifiation and deductive verification.