Proceedings of the 12th IEEE Computer Security Foundations Workshop
DOI: 10.1109/csfw.1999.779762
|View full text |Cite
|
Sign up to set email alerts
|

A meta-notation for protocol analysis

Abstract: Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the "Dolev-Yao model." In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the way that existential quantification provides a succinct way of choosing new values, such as new keys or nonces. We define a class of theories in this formalism that correspond to finite-length protocols, with a bounde… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
198
0
1

Publication Types

Select...
6
1

Relationship

1
6

Authors

Journals

citations
Cited by 160 publications
(201 citation statements)
references
References 24 publications
0
198
0
1
Order By: Relevance
“…In contrast, existing symbolic models (e.g. [24,54,22]) directly address the more complex multi-session case, even in the symbolic model. Consequently, our symbolic modeling involves fewer runtime states and thus lends to more effective mechanical analysis.…”
Section: Generalmentioning
confidence: 98%
“…In contrast, existing symbolic models (e.g. [24,54,22]) directly address the more complex multi-session case, even in the symbolic model. Consequently, our symbolic modeling involves fewer runtime states and thus lends to more effective mechanical analysis.…”
Section: Generalmentioning
confidence: 98%
“…We formalize state change using multiset rewriting (MSR) [4,9]. Strands contain special state synchronization events that synchronize them with the state of the principal executing the strands, as formalized in Definition 11.…”
Section: Protocol Behavior and Mutable Statementioning
confidence: 99%
“…We represent states by multisets of facts, and state change by multiset rewriting [4,9], although with several differences from Mitchell, Scedrov et al First, they use multiset rewriting to model protocol and communication behavior, as well as the states of the principals. We instead use strands for the protocol and communication behavior.…”
Section: Introductionmentioning
confidence: 99%
“…The main systematic or formal approaches include specialised logics such as BAN logic [13,19,27], special-purpose tools designed for cryptographic protocol analysis [39], and theorem proving [55,56] and model-checking techniques using several general purpose tools [43,46,51,61,63]. Although these approaches differ in significant ways, all reflect the same basic assumptions about the way an adversary may interact with the protocol or attempt to decrypt encrypted messages.…”
Section: Introductionmentioning
confidence: 99%