Cervesato, I., N. Durgin, M. Kanovich and A. Scedrov, Interpreting strands in linear logic, in: H. Veith, N. Heintze and E. Clark, editors,  Home/Search   Document Details and Download   Summary   Related Articles   Check

....studied as basis of logical speci cation formalisms dedicated to speci cation, veri cation and analysis of programs, properties or systems. We can mention such formalisms in the context of real time systems [13] concurrent objectoriented programming [2, 8, 15] protocol veri cation and analysis [7] In these settings, the study of provability is central, for instance properties may be expressed as provability problems and computations are often considered following the proof search as computations paradigm. Substructural logics like LL intrinsically allow to consider formulae as resources ....

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In Workshop on Formal Methods and Computer Security (satellite workshop of CAV 2000.

....of facts, with fv(S ) fx 1 ; xm g. Let F be the formula 9x 1 ; xm : 2S . F can be derived from B if and only if 9 , substitution of x 1 ; xm by terms, 9T ; hT: S i 2 lfp 0 ( B ) Proof This theorem is a slightly modi ed version of Theorem 6. 1 of [14]. 14] uses a restricted version of the rule 9r in which the variable x is replaced by a constant and not by an arbitrary term: c [c=x]A ; c 9x:A 9r (Here ; c is the signature of the language used to build terms. This is why, with our notations, in [14, Theorem 6.1] ....

....of facts, with fv(S ) fx 1 ; xm g. Let F be the formula 9x 1 ; xm : 2S . F can be derived from B if and only if 9 , substitution of x 1 ; xm by terms, 9T ; hT: S i 2 lfp 0 ( B ) Proof This theorem is a slightly modi ed version of Theorem 6. 1 of [14] [14] uses a restricted version of the rule 9r in which the variable x is replaced by a constant and not by an arbitrary term: c [c=x]A ; c 9x:A 9r (Here ; c is the signature of the language used to build terms. This is why, with our notations, in [14, Theorem 6.1] substitutes x 1 ....

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting Strands in Linear Logic. In 2000.

....other paradigms to which this work can be related. Given that there is a well known connection between # calculus style encodings and eigenvariables [23] it would seem quite natural to explore more fully possible connections with the spi calculus [1] Also, the connection between strand spaces [4, 6, 12] and cutfree proofs using role formulas seems likely be strong: one of the relations involved in defining a strand space should be that of subformula within a common role and the other relation should relate two atoms (messages) appearing together in the same initial sequent. 9 Acknowledgments. ....

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000.

....for logics for security protocols. The net runs are histories on which to interpret security properties, perhaps expressed in the style of BAN logic. On another tack, Petri nets form models of linear logic [5] close it seems to the linear logic for security protocols based on multiset rewriting [2]. As suggested by an anonymous referee, the expressiveness of SPL could be useful in characterising natural classes of protocols with decidable security properties. Acknowledgements. We are grateful to Stewart Lee and an anonymous referee for suggestions and encouragement. GW thanks Martn Abadi ....

I. Cervesato, N. A. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In FMCS'00, 2000.

....Bob. Unfortunately (for Alice and Bob) networks are populated by potentially malicious agents. We will specify a generic intruder in the following section. 5.1 A Theory for the Intruder In order to test the protocol it is necessary to specify the actions of a potential intruder. Following [CDKS00,Mas99] the intruder can be viewed as an agent with public and privat keys who has the capability of decomposing and storing all messages he receives. Furthermore, he can create new nonces and compose new messages using the information he has stored (e.g. he can compose a new messages using old ....

....constructs to specify beliefs of agents and to describe their modi cation as an e ect of the interaction with the environment. Being a specialized logic, BAN is a very rich speci cation language, that however does not have an immediate operational reading. Recently, Cervesato et al. CDL 99,CDKS00,CDL 00] have studied and compared several models (including Dolev Yao [DY83] with speci cation languages closer to the logic programming perspective, i.e. enjoying a simple procedural view. In [CDL 99] an important inspiration for our experiments) Cervesato et al. showed that multiset ....

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting Strands in Linear Logic In Proc. of FMCS'00, 2000.

No context found.

Cervesato, I., N. Durgin, M. Kanovich and A. Scedrov, Interpreting strands in linear logic, in: H. Veith, N. Heintze and E. Clark, editors,

No context found.

I. Cervesato, N. Durgin, M. I. Kanovich, and A. Scedrov. Interpreting Strands in Linear Logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000.

No context found.

Iliano Cervesato, Nancy A. Durgin, Max Kanovich, and Andre Scedrov. Interpreting strands in linear logic. In 2000.

No context found.

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000 Workshop on Formal Methods and Computer Security, Chicago, IL, 2000.

No context found.

I. Cervesato, N. Durgin, M. I. Kanovich, and A. Scedrov. Interpreting Strands in Linear Logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000.

No context found.

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic, 2000. In Proc. of FMCS'00.

No context found.

Iliano Cervesato, Nancy A. Durgin, Max Kanovich, and Andre Scedrov. Interpreting strands in linear logic. In 2000.

No context found.

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic, 2000. In Proc. of FMCS'00.

.... equivalent in [8] A language with a Petri net semantics, strand spaces and inductive models for security protocols [22] are related in [9] while similarities between strand spaces and multi agent systems are investigated in [15] Mappings between multiset rewriting and linear logic are given in [7, 19]. The present work links process based languages, an important but so far isolated family of speci cation methods, to this cluster of connected formalisms. While it immediately allows a transitive comparison with strand spaces for example, it opens the way for a future exchange of reasoning ....

I. Cervesato, N. Durgin, M. I. Kanovich, and A. Scedrov. Interpreting Strands in Linear Logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000.

.... may also be viewed as the existential Horn fragment of rst order linear logic [Gir87a] The close connection between standard multiset rewriting (without existential quanti cation) and simple fragments of linear logic has been studied extensively [Asp87, MOM91, GG90b, Kan94] and extended in [CDKS00] to include parameters and ex3 istential quanti cation. Under this correspondence, every MSR transition sequence corresponds to a linear logic derivation in normal form, and conversely. A linear logical framework automated tool LLF [CP96] may be used to simulate the execution of protocols, ....

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic, 2000. In Proc. of FMCS'00.

....of message components was expressed in a relational manner by means of persistent information predicates and to a minor extent by typing declarations. In particular, variables that ought to be instantiated to fresh objects during execution were marked with an existential quantifier. In [11, 10], we proved the substantial equivalence between MSR and extensions of popular formalisms such as strand spaces. Nonetheless, the resulting specifications were not completely satisfactory for two reasons: persistent information proved difficult to reason about, and the rigid structure of MSR rules ....

....[6] respectively. Static checks of this kind are particularly useful when modeling complex crypto protocols. Previous versions of MSR were mostly aimed at investigating decidability problems for crypto protocols [9, 15] and at establishing the relative expressive power of different formalisms [11, 10]. The present work makes MSR usable as a specification language for a large class of security protocols thanks to the introduction of a few key constructs and a flexible typing infrastructure. Memory predicates, in particular, allow a principal to share data and control among different role ....

I. Cervesato, N. A. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In Proc. FMCS'00, Chigaco, IL, 2000.

....of persistent information predicates and to a minor extent by typing declarations. In particular, variables that ought to be instantiated to fresh objects during execution were marked with an existential quantifier (this operator can indeed be used for that purpose in logical specifications) In [9, 10, 12], we proved the substantial equivalence between MSR and extension of popular formalisms such as strand spaces. Nonetheless, the resulting specifications were not completely satisfactory for two reasons: persistent information proved difficult to reason about, and the rigid structure of MSR rules ....

....are implemented is invisible (and irrelevant) to the resulting protocol theory. This presentation is organized as follow. In Section 2, we introduce the syntax of an MSR specification and sketch its execution model. We discuss the changes with respect to our previous definitions of this language [9, 10, 11, 12, 18] in Section 3. The next three sections formalize as many popular case studies in MSR. More specifically, Section 4 implements the simplified version of the Needham Schroeder public key authentication protocol. Section 5 extends this specification to the full protocol, inclusive of the server ....

[Article contains additional citation context not shown here]

I. Cervesato, N. A. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In 2000 Workshop on Formal Methods and Computer Security --- FMCS'00, Chigaco, IL, July 2000.

.... protocol is in general undecidable [8, 15] We have moreover showed its substantial equivalence in expressive power to extensions of popular specification languages for security protocols, such as strand spaces [16] and further studied their similarities under the microscope of linear logic [6]. On the practical side, MSR fuels the CAPSL authentication protocol verification tool in the form of the underlying CIL intermediate language [13] In spite of these achievements, MSR is a very low level language, poorly suited for the direct specification of security protocols. In particular, ....

....scope of these quantifiers is limited to the right hand side of the current rule. Later rules can refer to the values created by these variables by introducing universal quantifiers of the proper type: synchronization is ensured by their occurrence in the role state predicates. We have shown in [6] that, when encoding of MSR in logic, our marker for fresh data is indeed rendered by an existential quantification. 4.2 Roles Role state predicates record the information accessed by a rule. They are also the mechanism by which a rule can enable the execution of another rule in the same role. ....

[Article contains additional citation context not shown here]

I. Cervesato, N. A. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In 2000 Workshop on Formal Methods and Computer Security --- FMCS'00, Chigaco, IL, July 2000.

....on the message flow rather than on typing details, and of course it limits the size of the specification. Algorithmic rules for this form of type reconstruction are the subject of current research. 7 Conclusions and Future Work In this paper, we have presented the typing infrastructure of MSR [7, 6, 8, 10, 11, 9], a strongly typed specification language for security protocols. Typing contributes to writing elegant and precise formalizations. It enables static checks aimed at discovering simple but potentially harmful specification mistakes, e.g. the unduly transmission of a long term key. It also ....

I. Cervesato, N. A. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In 2000 Workshop on Formal Methods and Computer Security --- FMCS'00, Chigaco, IL, July 2000.

No context found.

I. Cervesato, N. Durgin, M. Kanovich, and A. Scedrov. Interpreting strands in linear logic. In H. Veith, N. Heintze, and E. Clark, editors, 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC