## Proof Scores in the OTS/CafeOBJ method (2003)

Venue: | In Proc. of The 6th IFIP WG6.1 International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS 2003), volume 2884 of LNCS |

Citations: | 13 - 10 self |

### BibTeX

@INPROCEEDINGS{Ogata03proofscores,

author = {Kazuhiro Ogata and Kokichi Futatsugi and Nec Software Hokuriku},

title = {Proof Scores in the OTS/CafeOBJ method},

booktitle = {In Proc. of The 6th IFIP WG6.1 International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS 2003), volume 2884 of LNCS},

year = {2003},

pages = {170--184},

publisher = {Springer}

}

### OpenURL

### Abstract

Abstract. A way to write proof scores showing that distributed systems have invariant properties in algebraic specification languages is described, which has been devised through several case studies. The way makes it possible to divide a formula stating an invariant property under discussion into reasonably small ones, each of which is proved by writing proof scores individually. This relieves the load to reduce logical formulas and can decrease the number of subcases into which the case is split in case analysis.

### Citations

1047 | On the security of public-key protocols
- Dolev, Yao
- 1983
(Show Context)
Citation Context ...omething against the protocol as well, namely eavesdropping and/or faking messages. The combination and cooperation of untrustable principals is modeled as the most general intruder à la Dolev and Yao=-=[14]-=-. The intruder can do the following: – Eavesdrop any message flowing in the network. – Glean any nonce and cipher from the message; however the intruder can decrypt a cipher only if she/he knows the k... |

864 |
Using encryption for authentication in large networks of computers
- Needham, Schroeder
(Show Context)
Citation Context ...)) implies invi(s ′ , xi), SIHi implies istep i (xi). 5 Example: The NSLPK Authentication Protocol The NSLPK authentication protocol[10, 11] is the modified version of the NSPK authentication protocol=-=[13]-=- by G. Lowe. The protocol can be described as follows: Msg1 p → q : Eq(np, p) Msg2 q → p : Ep(np, nq, q) Msg3 p → q : Eq(nq) Suppose that each principal is given a private/public key pair, and the pub... |

738 |
Parallel Program Design: A Foundation
- Chandy, Misra
- 1988
(Show Context)
Citation Context ...t an infinite number of indexes i ∈ {0, 1, . . .} such that υi+1 =S τ(υi). 4 In addition to invariant properties, there are unless, stable, ensures and leads-to properties, which are inspired by UNITY=-=[12]-=-. The way to write proof scores described in this paper can also be applied to unless, stable, ensures properties.sop init : -> H Suppose that the initial value of oi1,...,im is f(i1, . . . , im). Thi... |

613 | Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR
- Lowe
- 1996
(Show Context)
Citation Context ... 3 describes compositional proofs of invariants. A way of writing proof scores based on the compositional proofs of invariants is described in Sect. 4. Section 5 uses the NSLPK authentication protocol=-=[10, 11]-=- as an example to demonstrate how to write proof scores. Section 6 discusses the advantages of our method and concludes the paper. 2 Preliminaries 2.1 CafeOBJ in a Nutshell CafeOBJ[7, 8] can be used t... |

212 | An attack on the Needham-Schroeder public-key authentication protoco1
- Lowe
- 1995
(Show Context)
Citation Context ... 3 describes compositional proofs of invariants. A way of writing proof scores based on the compositional proofs of invariants is described in Sect. 4. Section 5 uses the NSLPK authentication protocol=-=[10, 11]-=- as an example to demonstrate how to write proof scores. Section 6 discusses the advantages of our method and concludes the paper. 2 Preliminaries 2.1 CafeOBJ in a Nutshell CafeOBJ[7, 8] can be used t... |

188 | A hierarchy of authentication specifications
- Lowe
- 1997
(Show Context)
Citation Context ..., which can be incorporated in the OTS/CafeOBJ method. In addition to the proof that nonces are really secret in the NSLPK protocol, we have proved that the protocol has one-to-many agreement property=-=[18]-=-, which is expressed as the following two invariants: invariant (not(p = intruder) and m1(p, p, q, enc1(q, n(p, q, r), p)) \in nw(s) and m2(q1, q, p, enc2(p, n(p, q, r), n, q)) \in nw(s) implies m2(q,... |

113 |
ALogical Approach to Discrete Math
- Gries, Schneider
- 1994
(Show Context)
Citation Context ...on system, proof scores, the NSLPK authentication protocol, verification. 1 Introduction Equations are the most basic logical formulas and equational reasoning is the most fundamental way of reasoning=-=[1]-=-, which can moderate the difficulties of proofs that might otherwise become too hard to understand. Algebraic specification languages make it possible to describe systems in terms of equations and ver... |

52 |
Refutational theorem proving using term-rewriting systems
- Hsiang
- 1985
(Show Context)
Citation Context ...es of invariants in CafeOBJ, the compositional proofs of invariants described in Sect. 3 has the following advantages:s1. CafeOBJ reduces a logical formula into an exclusive-or normal form à la Hsiang=-=[15]-=-, of which response time crucially depends on the length of the formula, essentially the possible number of or’s in it. The compositional proofs of invariants make it possible to focus on each conjunc... |

35 | Behavioral coherence in object-oriented algebraic specification
- Diaconescu
- 1998
(Show Context)
Citation Context ...rvational transition systems, or OTSs, which are described in CafeOBJ[7, 8], an algebraic specification language. The CafeOBJ description of OTSs can be regarded as restricted behavioral specification=-=[9]-=-. We verify that OTSs, which are models of systems, have properties by writing proof scores in CafeOBJ. In this paper, we describe a way to write proof scores showing that distributed systems have inv... |

17 | Software Engineering with OBJ: algebraic specification in action, chapter Introducing OBJ
- Goguen, Winkler, et al.
- 2000
(Show Context)
Citation Context ... verify that systems have properties by means of equational reasoning. Writing proofs, or proof scores in algebraic specification languages has been mainly promoted by researchers of the OBJ community=-=[2]-=-. We have been successfully applying such algebraic techniques to modeling, specification and verification of distributed systems such as distributed mutual exclusion algorithms[3, 4] and security pro... |

11 |
CafeOBJ report
- Diaconescu, Futatsugi
- 1998
(Show Context)
Citation Context ...l exclusion algorithms[3, 4] and security protocols[5, 6]. In our method called the OTS/CafeOBJ method, systems are modeled as observational transition systems, or OTSs, which are described in CafeOBJ=-=[7, 8]-=-, an algebraic specification language. The CafeOBJ description of OTSs can be regarded as restricted behavioral specification[9]. We verify that OTSs, which are models of systems, have properties by w... |

9 |
Formal Analysis of the iKP Electronic Payment Protocols
- Ogata, Futatsugi
- 2003
(Show Context)
Citation Context ...ave been successfully applying such algebraic techniques to modeling, specification and verification of distributed systems such as distributed mutual exclusion algorithms[3, 4] and security protocols=-=[5, 6]-=-. In our method called the OTS/CafeOBJ method, systems are modeled as observational transition systems, or OTSs, which are described in CafeOBJ[7, 8], an algebraic specification language. The CafeOBJ ... |

8 | Component-based algebraic specification and verification
- Diaconescu, Futatsugi, et al.
- 1999
(Show Context)
Citation Context ...ct-based distributed systems by modeling an object as an OTS. In the behavioral specification in CafeOBJ, modeling and verification techniques that are specific to object-orientation have been studied=-=[17]-=-, which can be incorporated in the OTS/CafeOBJ method. In addition to the proof that nonces are really secret in the NSLPK protocol, we have proved that the protocol has one-to-many agreement property... |

7 |
Formal analysis of suzuki&kasami distributed mutual exclusion algorithm
- Ogata, Futatsugi
- 2002
(Show Context)
Citation Context ...of the OBJ community[2]. We have been successfully applying such algebraic techniques to modeling, specification and verification of distributed systems such as distributed mutual exclusion algorithms=-=[3, 4]-=- and security protocols[5, 6]. In our method called the OTS/CafeOBJ method, systems are modeled as observational transition systems, or OTSs, which are described in CafeOBJ[7, 8], an algebraic specifi... |

6 |
Formal verification of the Horn-Preneel micropayment protocol
- Ogata, Futatsugi
- 2003
(Show Context)
Citation Context ...ave been successfully applying such algebraic techniques to modeling, specification and verification of distributed systems such as distributed mutual exclusion algorithms[3, 4] and security protocols=-=[5, 6]-=-. In our method called the OTS/CafeOBJ method, systems are modeled as observational transition systems, or OTSs, which are described in CafeOBJ[7, 8], an algebraic specification language. The CafeOBJ ... |

5 |
Formally modeling and verifying Ricart&Agrawala distributed mutual exclusion algorithm
- Ogata, Futatsugi
- 2001
(Show Context)
Citation Context ...of the OBJ community[2]. We have been successfully applying such algebraic techniques to modeling, specification and verification of distributed systems such as distributed mutual exclusion algorithms=-=[3, 4]-=- and security protocols[5, 6]. In our method called the OTS/CafeOBJ method, systems are modeled as observational transition systems, or OTSs, which are described in CafeOBJ[7, 8], an algebraic specifi... |

5 |
Isabelle/HOL — A Proof Assistant for Higer-Order Logic
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ...formulas may depend on each other in the sense that the proof of one uses the other to strengthen inductive hypotheses in inductive cases and vice versa. Existing proof assistants such as Isabelle/HOL=-=[16]-=- may not allow to divide a formula into such two subformulas. It is significant to split the case into multiple subcases in an inductive case and find another inductive hypothesis (or a lemma) to stre... |

5 | Rewriting-based verification of authentication protocols - Ogata, Futatsugi - 2002 |