Results 11  20
of
445
Using Typed Lambda Calculus to Implement Formal Systems on a Machine
 Journal of Automated Reasoning
, 1992
"... this paper and the LF. In particular the idea of having an operator T : Prop ! Type appears already in De Bruijn's earlier work, as does the idea of having several judgements. The paper [24] describes the basic features of the LF. In this paper we are going to provide a broader illustration of ..."
Abstract

Cited by 85 (14 self)
 Add to MetaCart
(Show Context)
this paper and the LF. In particular the idea of having an operator T : Prop ! Type appears already in De Bruijn's earlier work, as does the idea of having several judgements. The paper [24] describes the basic features of the LF. In this paper we are going to provide a broader illustration of its applicability and discuss to what extent it is successful. The analysis (of the formal presentation) of a system carried out through encoding often illuminates the system itself. This paper will also deal with this phenomenon.
Kerberos version IV: Inductive analysis of the secrecy goals
 Computer Security — ESORICS 98, LNCS 1485
, 1998
"... Abstract. An operational model of cryptoprotocols is tailored to the detailed analysis of the secrecy goals accomplished by Kerberos Version IV. The model is faithful to the specification of the protocol presented by the MIT technical plan [14] — e.g. timestamping, double session key delivery mech ..."
Abstract

Cited by 81 (27 self)
 Add to MetaCart
(Show Context)
Abstract. An operational model of cryptoprotocols is tailored to the detailed analysis of the secrecy goals accomplished by Kerberos Version IV. The model is faithful to the specification of the protocol presented by the MIT technical plan [14] — e.g. timestamping, double session key delivery mechanism are included. It allows an eavesdropper to exploit the shared keys of compromised agents, and admits the accidental loss of expired session keys. Confidentiality is expressed from the viewpoint of each party involved in a protocol run, with particular attention to the assumptions the party relies on. If such assumptions are unrealistic, they highlight weaknesses of the protocol. This is particularly so from the viewpoint of the responder: the model suggests and proves a reasonable correction.
Mechanizing the metatheory of Standard ML
, 2006
"... We present an internal language with equivalent expressive power to Standard ML, and discuss its formalization in LF and the machinechecked verification of its type safety in Twelf. The internal language is intended to serve as the target of elaboration in an elaborative semantics for Standard ML ..."
Abstract

Cited by 78 (10 self)
 Add to MetaCart
We present an internal language with equivalent expressive power to Standard ML, and discuss its formalization in LF and the machinechecked verification of its type safety in Twelf. The internal language is intended to serve as the target of elaboration in an elaborative semantics for Standard ML in the style of Harper and Stone. Therefore, it includes all the programming mechanisms necessary to implement Standard ML, including translucent modules, abstraction, polymorphism, higher kinds, references, exceptions, recursive types, and recursive functions. Our successful formalization of the proof involved a careful interplay between the precise formulations of the various mechanisms, and required the invention of new representation and proof techniques of general interest. 1
Distributed proving in accesscontrol systems
 In Proceedings of the 2005 IEEE Symposium on Security and Privacy
, 2005
"... We present a distributed algorithm for assembling a proof that a request satisfies an accesscontrol policy expressed in a formal logic, in the tradition of Lampson et al. [16]. We show analytically that our distributed proofgeneration algorithm succeeds in assembling a proof whenever a centralized ..."
Abstract

Cited by 77 (13 self)
 Add to MetaCart
(Show Context)
We present a distributed algorithm for assembling a proof that a request satisfies an accesscontrol policy expressed in a formal logic, in the tradition of Lampson et al. [16]. We show analytically that our distributed proofgeneration algorithm succeeds in assembling a proof whenever a centralized prover utilizing remote certificate retrieval would do so. In addition, we show empirically that our algorithm outperforms centralized approaches in various measures of performance and usability, notably the number of remote requests and the number of user interruptions. We show that when combined with additional optimizations including caching and automatic tactic generation, which we introduce here, our algorithm retains its advantage, while achieving practical performance. Finally, we briefly describe the utilization of these algorithms as the basis for an accesscontrol framework being deployed for use at our institution. 1.
Type Classes and Overloading in HigherOrder Logic
 Theorem Proving in Higher Order Logics: TPHOLs ’97, LNCS 1275
, 1997
"... Type classes and overloading are shown to be independent concepts that can both be added to simple higherorder logics in the tradition of Church and Gordon, without demanding more logical expressiveness. In particular, modeltheoretic issues are not affected. Our metalogical results may serve as a ..."
Abstract

Cited by 74 (7 self)
 Add to MetaCart
Type classes and overloading are shown to be independent concepts that can both be added to simple higherorder logics in the tradition of Church and Gordon, without demanding more logical expressiveness. In particular, modeltheoretic issues are not affected. Our metalogical results may serve as a foundation of systems like Isabelle/Pure that offer the user Haskellstyle ordersorted polymorphism as an extended syntactic feature. The latter can be used to describe simple abstract theories with a single carrier type and a fixed signature of operations.
Mechanized Proofs for a Recursive Authentication Protocol
 In 10th IEEE Computer Security Foundations Workshop
, 1997
"... A novel protocol has been formally analyzed using the prover Isabelle/HOL, following the inductive approach described in earlier work [11]. There is no limit on the length of a run, the nesting of messages or the number of agents involved. A single run of the protocol delivers session keys for all t ..."
Abstract

Cited by 71 (3 self)
 Add to MetaCart
(Show Context)
A novel protocol has been formally analyzed using the prover Isabelle/HOL, following the inductive approach described in earlier work [11]. There is no limit on the length of a run, the nesting of messages or the number of agents involved. A single run of the protocol delivers session keys for all the agents, allowing neighbours to perform mutual authentication. The basic security theorem states that session keys are correctly delivered to adjacent pairs of honest agents, regardless of whether other agents in the chain are compromised. The protocol's complexity caused some difficulties in the specification and proofs, but its symmetry reduced the number of theorems to prove. CONTENTS i Contents 1 Introduction 1 2 The Recursive Authentication Protocol 2 3 Review of the Inductive Approach 4 4 A Formalization of Hashing 6 5 Modelling the Protocol 7 5.1 Modelling the Server . . . . . . . . . . . . . . . . . . . . . . . 8 5.2 A Coarser Model of the Server . . . . . . . . . . . . . . . . ....
tps: A theorem proving system for classical type theory
 Journal of Automated Reasoning
, 1996
"... This is a description of TPS, a theorem proving system for classical type theory (Church’s typed λcalculus). TPS has been designed to be a general research tool for manipulating wffs of first and higherorder logic, and searching for proofs of such wffs interactively or automatically, or in a comb ..."
Abstract

Cited by 71 (6 self)
 Add to MetaCart
(Show Context)
This is a description of TPS, a theorem proving system for classical type theory (Church’s typed λcalculus). TPS has been designed to be a general research tool for manipulating wffs of first and higherorder logic, and searching for proofs of such wffs interactively or automatically, or in a combination of these modes. An important feature of TPS is the ability to translate between expansion proofs and natural deduction proofs. Examples of theorems which TPS can prove completely automatically are given to illustrate certain aspects of TPS’s behavior and problems of theorem proving in higherorder logic. 7
Inductive Families
 Formal Aspects of Computing
, 1997
"... A general formulation of inductive and recursive definitions in MartinLof's type theory is presented. It extends Backhouse's `DoItYourself Type Theory' to include inductive definitions of families of sets and definitions of functions by recursion on the way elements of such sets ar ..."
Abstract

Cited by 70 (13 self)
 Add to MetaCart
(Show Context)
A general formulation of inductive and recursive definitions in MartinLof's type theory is presented. It extends Backhouse's `DoItYourself Type Theory' to include inductive definitions of families of sets and definitions of functions by recursion on the way elements of such sets are generated. The formulation is in natural deduction and is intended to be a natural generalization to type theory of MartinLof's theory of iterated inductive definitions in predicate logic. Formal criteria are given for correct formation and introduction rules of a new set former capturing definition by strictly positive, iterated, generalized induction. Moreover, there is an inversion principle for deriving elimination and equality rules from the formation and introduction rules. Finally, there is an alternative schematic presentation of definition by recursion. The resulting theory is a flexible and powerful language for programming and constructive mathematics. We hint at the wealth of possible applic...
Fundamentals Of Deductive Program Synthesis
 IEEE Transactions on Software Engineering
, 1992
"... An informal tutorial is presented for program synthesis, with an emphasis on deductive methods. According to this approach, to construct a program meeting a given specification, we prove the existence of an object meeting the specified conditions. The proof is restricted to be sufficiently construct ..."
Abstract

Cited by 70 (1 self)
 Add to MetaCart
(Show Context)
An informal tutorial is presented for program synthesis, with an emphasis on deductive methods. According to this approach, to construct a program meeting a given specification, we prove the existence of an object meeting the specified conditions. The proof is restricted to be sufficiently constructive, in the sense that, in establishing the existence of the desired output, the proof is forced to indicate a computational method for finding it. That method becomes the basis for a program that can be extracted from the proof. The exposition is based on the deductivetableau system, a theoremproving framework particularly suitable for program synthesis. The system includes a nonclausal resolution rule, facilities for reasoning about equality, and a wellfounded induction rule. INTRODUCTION This is an introduction to program synthesis, the derivation of a program to meet a given specification. It focuses on the deductive approach, in which the derivation task is regarded as a problem of ...
A Proof Theory for Generic Judgments
, 2003
"... this paper, we do this by adding the #quantifier: its role will be to declare variables to be new and of local scope. The syntax of the formula # x.B is like that for the universal and existential quantifiers. Following Church's Simple Theory of Types [Church 1940], formulas are given the ..."
Abstract

Cited by 65 (16 self)
 Add to MetaCart
(Show Context)
this paper, we do this by adding the #quantifier: its role will be to declare variables to be new and of local scope. The syntax of the formula # x.B is like that for the universal and existential quantifiers. Following Church's Simple Theory of Types [Church 1940], formulas are given the type o, and for all types # not containing o, # is a constant of type (# o) o. The expression # #x.B is ACM Transactions on Computational Logic, Vol. V, No. N, October 2003. 4 usually abbreviated as simply # x.B or as if the type information is either simple to infer or not important