Burrows M., Abadi M. and Needham R. [1989], A logic of authentication, Technical Report 39, DEC Systems Research Center.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....behavior that satis es the property. This concept and the dual notion of relative safety property were introduced in [12] as a means of clarifying the shift from liveness to safety when timing constraints are introduced in a system. It can also be traced to the notion of machine closed property [1, 2, 4]. Here we make a di erent use of the concept and view it as an abstraction of a liveness property being true under fairness. In fact, we interpret relative liveness as a satisfaction relation for properties represented by temporal logic formulas [8, 23] Notice that for a property to be a relative ....

....one can build in PSPACE an automaton for the formula and for its complement [28] Hardness can be established by a reduction from regular language inclusion [10] 2 Note that Lemma 4.3 provides the link between relative liveness and machine closure. Indeed, recall the following de nition [1, 2, 4]. De nition 4.6 Let L , for an alphabet . L ; is called a machine closed live structure if and only if pre(L ) pre( We thus have that P is a relative liveness property of L if and only if (L ; P L ) is a machine closed live structure (see Lemma 4.3) General ....

Abadi, M., and Lamport, L. Composing speci cations. SRC Report 66, DEC System Research Center, October 1990.

....type R. From this example it should be clear that we wish to manipulate, compose, type and typecheck environments. For this reason we introduce the pure form calculus, a simple, untyped calculus of first class environments. The form calculus is essentially a # calculus of explicit substitutions [ACCL90] in which substitutions are first class values [SSB99] The contributions of this paper are: Syntax and semantics of the pure form calculus, a proposed system of contractual types for form expressions, type inference rules that generate contractual type expressions, with satisfaction ....

....as first class. Achermann s Piccola calculus [Ach02] also includes agents and channels, and can be seen as containing the pure form calculus presented here as a sublanguage. Neither Schneider s form calculus nor the Piccola calculus are typed. Abadi s calculus of explicit substitutions [ACCL90] makes environment explicit, but does not turn them into first class values. Dami s calculus of names, #N[Dam98] replaces variables by names, and has a similar flavour to our form calculus, but still does not treat environments as first class values. Nishizaki s environment calculus [Nis00] ....

Martn Abadi, Luca Cardelli, Pierre-Louis Curien, and Jean-Jacques Levy. Explicit substitutions. Technical Report 54, DEC Systems Research Center, Palo Alto, California, February 1990.

....what is meant by composable distributed services has not yet been given, nor have the re ective aspects of such compositions been adequately formalized. Chandy and Misra [5] propose a rely guarantee discipline for treating global and local properties of a system separately, and Abadi and Lamport [1] propose a method for describing open components of concurrent systems using assumption guarantee assertions [13] However, the above approaches address what might be called parallel composition of systems. We are not aware of any systematic approach to the formal semantics of services composed in ....

M. Abadi and L. Lamport. Conjoining specications. Technical Report 118, DEC Systems Research Center, 1994.

.... 1 A is the private component. That is, cryptographic keys are denoted by the mathematical function that is computed when the key is applied to data. The other half of an asymmetric key pair is the inverse function: IK(IK 1 (x) x CK 1 (CK(x) x This notation is similar to that of Needham[23, 22], but di#ers in that it distinguishes encipherment from digital signature. In Needham [22, page 4] it is assumed that key pairs are always usable for both purposes, whereas in this dissertation there is no assumption that the operations of encryption (for confidentiality) or signature (for ....

....for other users. Hence it is vitally important to use a method for obtaining public keys that works. In this chapter, the certification path method is examined in detail. 5.1. 1 Analysis of authentication properties In this section, I use the formal logic developed by Burrows, Abadi and Needham [23] to analyse the certification path mechanism. I will start by analysing its properties as an authentication mechanism. Later on, I will show how these authentication properties are also relevant to the case of non repudiation. Before embarking on the details of the analysis, it is worth making a ....

[Article contains additional citation context not shown here]

R. M. Needham, M. Burrows, and M. Abadi. A logic of authentication. Research Report 39, DEC Systems Research Center, February 1989.

....component. That is, cryptographic keys are denoted by the mathematical function that is computed when the key is applied to data. The other half of an asymmetric key pair is the inverse function: IK(IK Gamma1 (x) x CK Gamma1 (CK(x) x This notation is similar to that of Needham[23, 22], but differs in that it distinguishes encipherment from digital signature. In Needham [22, page 4] it is assumed that key pairs are always usable for both purposes, whereas in this dissertation there is no assumption that the operations of encryption (for confidentiality) or signature (for ....

....for other users. Hence it is vitally important to use a method for obtaining public keys that works. In this chapter, the certification path method is examined in detail. 5.1. 1 Analysis of authentication properties In this section, I use the formal logic developed by Burrows, Abadi and Needham [23] to analyse the certification path mechanism. I will start by analysing its properties as an authentication mechanism. Later on, I will show how these authentication properties are also relevant to the case of non repudiation. Before embarking on the details of the analysis, it is worth making a ....

[Article contains additional citation context not shown here]

R. M. Needham, M. Burrows, and M. Abadi. A logic of authentication. Research Report 39, DEC Systems Research Center, February 1989.

....as authentication, confidentiality, and integrity. New applications and systems eagerly demand security protocols suitable to their system requirements. Unfortunately, designing security protocols is a delicate task and experience shows that security protocols are notoriously hard to get right [BAN89, Low96]. This naturally raises the question whether the current security protocol design process is satisfactory. If the answer is no, how can we improve it The current process of finding a solution is usu ally ad hoc and involves little formalism, and almost no mechanical assistance. Such a design ....

....of two party mutual authentication protocols. Authentication protocols are among the most widely used and intensely studied security protocols. Their complexity is suitable for an initial case study, and they are known to be notoriously difficult to design correctly and hence a good challenge [BAN89, Low96]. We use the agreement properties proposed by Gavin Lowe for authentication protocols as the formal definition of the authentication property [Low97] A protocol guarantees a participant O agreement for a certain binding if each time a principal O completes a run of the protocol as a responder ....

M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical Report 39, DEC Systems Research Center, February 1989.

....as Isabelle [29] These approaches require more expertise with theorem provers and more human interaction, and have the disadvantage that they cannot generate counterexamples directly. Apart from the above approaches, there are also some tools [4, 5, 17] based on belief logics such as BAN logic [6] and GNY logic [13] that have been used to find flaws in some protocols. 1.2 Overview of Our Techniques We use our extension to the Strand Space Model (SSM) instead of the traditional TBM to represent protocol executions. Thayer, Herzog and Guttman proposed SSM for protocol representation and ....

M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical Report 39, DEC Systems Research Center, February 1989. 24

.... of lim(L) if and only if 8w 2 pre(lim(L) 9x 2 w ;1 (lim(L) wx 2P: Note 1 If lim(L) Sigma , then the definitions of a relative liveness property is equivalent to the definition of a liveness property [3] Usually, relativeliveness and the closely related concept of machine closure [1,2,4,18] are used to classify properties with respect to other properties. In contrast to this, we consider relative liveness as a satisfaction relation with an inherent fairness condition that we call approximate satisfaction [26] Definition 2.9 If P Sigma is a relative liveness property of ....

Mart'in Abadi and Leslie Lamport. Composing specifications. SRC Report 66, DEC System Research Center, October 1990.

....original crypt. Yet, it still has a fixed cost and thus cannot not adapt to faster hardware. As time passes, MD5 crypt offers steadily decreasing protection against off line guessing attacks. Significant optimizations have already been found to speed up the calculation of MD5 crypt. Abadi et al. [1] propose strengthening user chosen passwords by appending random bits to them. At authentication time, software uses the known part of the password and a hash of the full password to guess the random bits. As hardware gets faster, one can easily tune this technique by increasing the number of ....

Mart'in Abadi, T. Mark A. Lomas, and Roger Needham. Strengthening passwords. Technical note 1997-033, DEC Systems Research Center, September 1997.

....base level actors in possibly incompatible ways. Thus, standard safety and liveness properties are not adequate to specify components of ODS. Non interference properties must also be specified and checked. Similar observations have been made for traditional one level systems. For example, in [1] Abadi and Lamport give a method for describing open components of concurrent systems using assumption guarantee assertions [15] Assumptions are requirements on the components environment. Here we consider object based systems and have the additional important problem of ensuring that meta level ....

M. Abadi and L. Lamport. Conjoining specifications. Technical Report 118, DEC Systems Research Center, 1994.

....system has only been described for PTL however extensions for first order logic could be investigated. A first order normal form, SNF f , has been proposed in [Fis92b] and translation into SNF f described. However, as full First Order Temporal Logic is obviously undecidable [Hus87, Sza87, Aba88] we would first have to look for subsets of First Order Temporal Logic to which this form of temporal resolution could be successfully applied. 127 Appendix A Examples A set of examples taken from [MP81] used throughout the thesis. No Example 1 :w , w 2 :w , w 3 g :w , g w 4 w ....

M. Abadi. The Power of Temporal Proofs. Technical Report 30, DEC Systems Research Center, Palo Alto, California, August 1988.

....of ODS. Non interference properties must also be specified and checked. Similar observations have been made for traditional one level systems. Chandy and Misra [11] propose a rely guarantee discipline for treating global and local properties of a system separately, and Abadi and Lamport [1] propose a method for describing open components of concurrent systems using assumption guarantee assertions [20, 12] The rely assertions express requirements on the components environment. Duarte [15] proposes a rely guarantee design discipline for modular design of actor system components. ....

M. Abadi and L. Lamport. Conjoining specifications. Technical Report 118, DEC Systems Research Center, 1994.

....base level actors in possibly incompatible ways. Thus, standard safety and liveness properties are not adequate to specify components of ODS. Non interference properties must also be specified and checked. Similar observations have been made for traditional one level systems. For example, in [2] Abadi and Lamport give a method for describing open components of concurrent systems using assumption guarantee assertions [86] Assumptions are requirements on the components environment. Here we consider 57 object based systems and have the additional important problem of ensuring that ....

M. Abadi and L. Lamport. Conjoining specifications. Technical Report 118, DEC Systems Research Center, 1994.

....been developed for Propositional Temporal Logic only, and extensions for first order logic could be investigated. A first order translation to SNF exists [Fis92a] and a program to perform the translation has been prototyped. Note, however, that full FirstOrder Temporal Logic is undecidable [Hus87, Aba88] In spite of this, it may be possible to find subsets of First Order Temporal Logic to which this form of temporal resolution can be successfully applied. 61 Efficient translation to normal form. The development of an efficient translation to normal form could be investigated for PTL. A naive ....

Martn Abadi. The Power of Temporal Proofs. Technical Report 30, DEC Systems Research Center, Palo Alto, California, August 1988.

....as authentication, confidentiality, and integrity. New applications and systems eagerly demand security protocols suitable to their system requirements. Unfortunately, designing security protocols is a delicate task and experience shows that security protocols are notoriously hard to get right [BAN89, Low96]. This naturally raises the question whether the current security protocol design process is satisfactory. If the answer is no, how can we improve it The current process of finding a solution is usually ad hoc and involves little formalism, and almost no mechanical assistance. Such a design ....

....of two party mutual authentication protocols. Authentication protocols are among the most widely used and intensely studied security proto cols. Their complexity is suitable for an initial case study, and they are known to be notoriously difficult to design correctly and hence a good challenge [BAN89, Low96]. We use the agreement properties proposed by Gavin Lowe for authentication protocols as the formal definition of the authentication property [Low97] A protocol guarantees a participant B agreement for a certain binding x if each time a principal B completes a run of the protocol as a responder ....

M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical Report 39, DEC Systems Research Center, February 1989.

....DARPA through Rome Laboratories Contract F30602 97 C 0312, by DARPA and NASA through Contract NAS2 98073, by Office of Naval Research Contract N00014 96 C 0114, and by National Science Foundation Grants CCR 9505960 and CCR 9633363. 1 local properties of a system separately, and Abadi and Lamport [1] propose a method for describing open components of concurrent systems using assumption guarantee assertions [14] However, the above approaches address what might be called horizontal composition of systems. We are not aware of any systematic approach to the study of properties of services ....

M. Abadi and L. Lamport. Conjoining specifications. Technical Report 118, DEC Systems Research Center, 1994.

....formulas to characterise messages (i m) observe attributes of objects (s:a is t) and so on. For instance, p j= i m i . p is the message i:m. The structural connectives we propose are a distributed conjunction , reminiscent of the multiplicative conjunction of linear logic [6] in [2] a linear conjunction is also proposed in a logic of composition, in the context of composing assumptionguarantee speci cations of shared state reactive systems , and a hiding quanti er . Intuitively, a property holds of a con guration . p j q such that holds of . p and ....

M. Abadi and G. Plotkin. A logical view of composition. Technical Report 86, DEC Systems Research Center, Palo Alto, California, May 1992.

....behavior that satisfies the property. This concept and the dual notion of relative safety property were introduced in [12] as a means of clarifying the shift from liveness to safety when timing constraints are introduced in a system. It can also be traced to the notion of machine closed property [1, 2, 4]. Here we make a different use of the concept and view it as an abstraction of a liveness property being true under fairness. In fact, we interpret relative liveness as a satisfaction relation for properties represented by temporal logic formulas [8, 23] Notice that for a property to be a ....

....one can build in PSPACE an automaton for the formula and for its complement [28] Hardness can be established by a reduction from regular language inclusion [10] 2 Note that Lemma 4.3 provides the link between relative liveness and machine closure. Indeed, recall the following definition [1, 2, 4]. Definition 4.6 Let L Sigma , for an alphabet Sigma. L ; is called a machine closed live structure if and only if pre(L ) pre( We thus have that P Sigma is a relative liveness property of L if and only if (L ; P L ) is a machine closed live structure (see Lemma ....

Abadi, M., and Lamport, L. Composing specifications. SRC Report 66, DEC System Research Center, October 1990.

....protocols can be flawed even when designed carefully. Thus, it is necessary to develop rigorous ways to analyze these protocols. Many researchers have worked on applying formal techniques to the analysis of security protocols. They have developed logics of knowledge and belief such as BAN logic [2] and GNY logic [7] semi automatic and fully automatic tools such as the NRL Analyzer [14] the Interrogator Model [16] FDR [12] Mur [17] Brutus [5] and Revere [9] and theorem provers such as Isabelle [19] Automatic checkers have the practical advantage that they are easy to use and do not ....

M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical Report 39, DEC Systems Research Center, February 1989.

No context found.

Burrows M., Abadi M. and Needham R. [1989], A logic of authentication, Technical Report 39, DEC Systems Research Center.

No context found.

M. Burrows, M. Adbadi, and R. Needham. A Logic of Authentication. Technical Report 39, DEC Systems Research Center, February 1989.

No context found.

Martn Abadi, Luca Cardelli, Pierre-Louis Curien, and Jean-Jacques Levy. Explicit substitutions. Technical Report 54, DEC Systems Research Center, Palo Alto, California, February 1990.

No context found.

Michael Burrows, Mart'in Abadi, and Roger Needham. A logic of authentication. Technical report, DEC Systems ResearchCenter, February 1989. Research Report 39.

No context found.

Michael Burrows, Martn Abadi, and Roger Needham. A logic of authentication. Technical Report SRC-RP-39, DEC Systems Research Center, February 1989.

No context found.

BURROWS, M., ABADI, M., AND NEEDHAM, R. A logic of authentication. Tech. Rep. 39, DEC Systems Research Center, Feb. 1989.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC