G. Lowe. Casper: A compiler for the analysis of security protocols. Journal of Computer Security, 6:53--84, 1998. World Wide Web home page at URL http: //www.mcs.le.ac.uk/~glowe/Security/Casper/index.html.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford, OX1 3QD, UK; e mail: gavin.lowe comlab.ox.ac.uk. 1 Model checking techniques where a model checker is used to search the state space of a small system running the protocol, looking for attacks; see, for example, [13, 5, 12, 6, 10, 8, 14, 11] Direct proofs where the protocol is proved correct directly (possibly with the help of machine assistance) typically using some form of induction; see, for example, 19, 2, 15, 22] These techniques have proved successful at analysing the protocols that have appeared in the academic literature. ....

....for writing specifications for the protocol; we discuss this further in Section 2.4. Each honest agent can be represented by a CSP process, describing the way the agent sends and receives messages. The precise details will depend upon the protocol in question; a number of previous papers (e.g. [6, 8, 10, 18]) have described the translation from a protocol description in standard form to a CSP representation. However, it turns out that we don t need to assume anything else about the CSP representation of the honest agents (apart from the fact that such a representation exists) our results apply to ....

[Article contains additional citation context not shown here]

G. Lowe. Casper: A compiler for the analysis of security protocols. Journal of Computer Security, 6:53--84, 1998. World Wide Web home page at URL http: //www.mcs.le.ac.uk/~glowe/Security/Casper/index.html.

....and Jacob s library of security protocols [3] This library has been the subject of a previous study [2] with which we can compare our results. We have used FDR, a model checker for the process algebra CSP [9] for the analysis. The CSP descriptions of the protocols were prepared using Casper [7], a compiler that produces the CSP from a more concise description. The ease of our techniques is evidenced by the fact that most of the analyses were carried out by the first two authors as part of their final year undergraduate projects; these two authors knew nothing about security protocols at ....

G. Lowe. Casper: A compiler for the analysis of security protocols. Journal of Computer Security, 6:53--84, 1998. World Wide Web home page at URL http://www.mcs.le.ac.uk/glowe/ Security/Casper/index.html.

....methods for analysing protocols. One recently developed technique is to encode the protocol and an intruder in CSP [Hoa85] and then use the FDR refinement tool [Ros94] to verify that no successful attacks can occur (indeed, some of the above attacks were discovered using this technique) see [Ros95, Low96a, LR96, Low96b] for more details. ....

Gavin Lowe. Casper: A compiler for the analysis of security protocols, 1996. World Wide Web home page at URL http:// www.mcs.le.ac.uk/~gl7/Security/Casper/index.html.

....3] the CCITT X. 509 Protocol [3] the Yahalom Protocol [3] a number of ISO protocols [9, 10] the TMN Protocol [30] the Denning Sacco public key protocol [4] the Woo and Lam protocols [31] and the SPLICE Protocol [32] Some of these case studies are available via the Casper World Wide Web page [15]. The techniques seem to scale well to medium sized protocols, albeit with a reduction in the size of the system that can be studied. We are currently applying these techniques to a large commercial protocol produced by Cybercash. This protocol contains a very large number of fields, and several ....

Gavin Lowe. Casper: A compiler for the analysis of security protocols, 1996. World Wide Web home page at URL http://www.mcs.le.ac.uk/ ~glowe/Security/Casper/index.html.

....considered in this paper have been implemented within Casper. Thus Casper and FDR can be used together to test which, if any, authentication specifications are met by a particular protocol. A number of case studies using these techniques are available via the Casper World Wide Web page [Low96b] these case studies demonstrate the practicality of our methods. When analyzing protocols using FDR we normally make a number of implementation assumptions, which are reflected in the way we model the agents taking part in the protocol, and also the intruder. For example: ffl When we discussed ....

Gavin Lowe. Casper: A compiler for the analysis of security protocols, 1996. World Wide Web home page at URL http:// www.mcs.le.ac.uk/~gl7/Security/Casper/index.html.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC