Integrating Automated and Interactive Protocol Verification

Brucker, Achim D.; Mödersheim, Sebastian

doi:10.1007/978-3-642-12459-4_18

Cited by 11 publications

(15 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A recent approach by Brucker and Mödersheim for automatic generation of machine-checkable proofs is described in [12]. They use the OFMC model checker [34] to compute a fixpoint of an abstraction of the transition relation of the protocol P of interest.…”

Section: Related Workmentioning

confidence: 99%

“…The time needed to generate and machine-check proofs is orders of magnitude faster than the results for the automatic generation of machine-checked proofs reported in [12], [13]. Moreover, the resulting framework, comprising both our Isabelle/HOL protocol theory and the proof-generation algorithm, is the first framework that combines the benefits of manual (machine-checkable) proof construction with the efficiency of automatic protocol verification.…”

Section: Introductionmentioning

confidence: 96%

See 1 more Smart Citation

Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs

Meier

Cremers

Basin

2010

2010 23rd IEEE Computer Security Foundations Symposium

View full text Add to dashboard Cite

Abstract-We embed an operational semantics for security protocols in the interactive theorem prover Isabelle/HOL and derive two strong protocol-independent invariants. These invariants allow us to reason about the possible origin of messages and justify a local typing assumption for the otherwise untyped protocol variables. The two rules form the core of a theory that is well-suited for interactively constructing natural, human-readable, correctness proofs. Moreover, we develop an algorithm that automatically generates proof scripts based on these invariants. Both interactive and automatic proof construction are faster than competing approaches. Moreover, we have strong correctness guarantees since all proofs, including those deriving the underlying theory from the semantics, are machine checked.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 96%

Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs

Meier

Cremers

Basin

2010

2010 23rd IEEE Computer Security Foundations Symposium

View full text Add to dashboard Cite

show abstract

“…If σ has not been found False, and if σ is in the stack (meaning that its SCC is still being constructed), the σ and σ will be in the same SCC: we reflect this by updating σ .low accordingly. We also update σ .valid by removing formulas whose starting points occur after σ ; as we show below, these formulas cannot be used as evidence for the success of the SCC containing σ and σ (lines [8][9][10][11][12][13][14]. Once the subgoal processing is completed, loop ltl checks to see whether a new SCC component has been detected; if no, it removes it from the stack (lines [18][19][20][21][22][23] and finally backtracks to the parent call (line 25).…”

Section: Resultsmentioning

confidence: 99%

A BSP algorithm for on-the-fly checking CTL* formulas on security protocols

2014

View full text Add to dashboard Cite

This paper presents a distributed (Bulk-Synchronous Parallel or BSP) algorithm to compute on-the-fly whether a structured model of a security protocol satisfies or not a CTL * formula. Using the structured nature of the security protocols allows us to design a simple method to distribute the state-space under consideration in a need-driven fashion. Based on this distribution of the states, the algorithm for logical checking of a LTL formula can be simplified and optimised allowing, with few tricky modifications, the design of an efficient algorithm for CTL * checking. Some prototype implementations have been developed, allowing to run benchmarks to investigate the parallel behaviour of our algorithms.

show abstract

“…This tool can be seen as a re-implementation of the Scyther tool [15], extending it with support for proof-generation and verification in an untyped protocol model. Compared to the other two existing approaches for the automatic generation of machine-checked protocol security proofs [13,23], our approach is orders of magnitude faster than [13] and as fast as [23], but more expressive with respect to the security properties supported. Moreover, the Isabelle/HOL formalization of our theory and the proof-generation algorithm constitute the first framework that combines the benefits of manual, machine-checkable, proof construction with the efficiency of automatic protocol verification.…”

Section: Contributionsmentioning

confidence: 94%

“…Brucker and Mödersheim describe an approach for the automatic generation of machine-checkable proofs in [13]. They use the OFMC model checker [33] to compute a fixpoint of an abstraction of the transition relation of the protocol P of interest.…”

Section: Related Workmentioning

confidence: 99%

Efficient construction of machine-checked symbolic protocol security proofs

Meier

Cremers

Basin

2013

JCS

View full text Add to dashboard Cite

We embed an untyped security protocol model in the interactive theorem prover Isabelle/HOL and derive a theory for constructing proofs of secrecy and authentication properties. Our theory is based on two key ingredients. The first is an inference rule for enumerating the possible origins of messages known to the intruder. The second is a class of protocol-specific invariants that formalize type assertions about variables in protocol specifications. The resulting theory is well suited for interactively constructing human-readable, protocol security proofs. We additionally give an algorithm that automatically generates Isabelle/HOL proof scripts based on this theory. We provide case studies showing that both interactive and automatic proof construction are efficient. The resulting proofs provide strong correctness guarantees since all proofs, including those deriving our theory from the security protocol model, are machinechecked. S. Meier et al. / Efficient construction of machine-checked symbolic protocol security proofsprover Isabelle/HOL [34]. The protocols verified include the TLS handshake [36], Kerberos IV [8] and SET [7]. As reported in [35], the time required for an expert in interactive theorem proving to model and verify a protocol using this approach ranges from several days for small academic protocols to six weeks for a protocol like the TLS handshake [36].An alternative approach to security protocol verification is to use automatic tools such as ProVerif [11] or Scyther [15]. Such tools have two substantial advantages over interactive approaches: they require less user expertise and produce results orders of magnitude faster. However none of these tools produces machine-checked proofs.We combine the benefits of these two approaches to security protocol verification. We develop a tool-supported framework for the efficient construction of machinechecked protocol security proofs using automatic proof generation, where possible, and interactive proof construction, where required.

show abstract

Integrating Automated and Interactive Protocol Verification

Cited by 11 publications

References 25 publications

Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs

Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs

A BSP algorithm for on-the-fly checking CTL* formulas on security protocols

Efficient construction of machine-checked symbolic protocol security proofs

Contact Info

Product

Resources

About