Mart'in Abadi and Leslie Lamport. Composing specifications. Research Report 66, Digital Equipment Corporation Systems Research Center, 1990. A preliminary version appeared in [dBdRR90].  Home/Search   Document Not in Database   Summary   Related Articles   Check

....shared variable and communication based concurrency. In the meantime, there has been a number of e orts on general methods for composing assumption commitment speci cations, such as Abadi Lamport s composition theorem [1] and its reformulation in [6] at the semantical level, and the systems in [10,5,2] at the proof theoretic level. Abadi Lamport s composition theorem is particularly powerful, and it is speculated in [1] that it can be applied to several veri cation methods. In this paper, we show that the proof rules for the two styles of concurrency are special instances of a new general ....

....for the correctness formula. Moreover, our rule above is also similar to theirs. However, they only studied shared variable concurrency in that paper, and subsequently restricted the assumptions to state transitions as those used in the shared variable rule. The latest work by Abadi and Lamport [2] also uses spiral interpretation. Instead of agents, the index variables in the TLA formulas seem to have played a similar role. Informally, the soundness of our rule can be understood as follows. The rst thing to observe is that both E 1 and E 2 hold as long as (i.e. will not become false ....

M. Abadi and L. Lamport. Conjoining specications. Digital Equipment Corporation Systems Research Center, Research Report 118, 1993.

....approaches are particular instances of the same semantic rule. This semantic rule, which is independent of the communication mechanism, takes its origin in [2, 4] and has been further investigated in [12] however, the version proposed here is slightly di#erent and more similar to the one in [3]. It is also more abstract in the sense that parallel composition is represented by a semantic merging operator# that can be instantiated in several ways. Actually, this operator reflects the compositionality of the computational model. The soundness proof of the semantic rule can be carried out ....

....those computations that satisfy other commitments of the process, especially liveness commitments. We then use C to denote the pair (SC, OC) This notation indicates that the safety commitments, represented by SC at the semantic level, are clearly identified from other commitments. The rules in [2, 3] focus on the particular case where SC is the smallest safety set greater than SC#OC but keeping this generality allows a direct mapping into the specifications of [17, 21] that we want to consider in this paper. Example 1. We later consider a tuple (pre, rely, guar, post) of predicates. Then, ....

[Article contains additional citation context not shown here]

Abadi, M., Lamport, L.: Conjoining specifications, Digital Equipment Corporation Systems Research Center, Research Report 118, 1993.

....approaches are particular instances of the same semantic rule. This semantic rule, which is independent of the communication mechanism, takes its origin in [2, 4] and has been further investigated in [12] however, the version proposed here is slightly different and more similar to the one in [3]. It is also more abstract in the sense that parallel composition is represented by a semantic merging operator Omega that can be instantiated in several ways. Actually, this operator reflects the compositionality of the computational model. The soundness proof of the semantic rule can be ....

....those computations that satisfy other commitments of the process, especially liveness commitments. We then use C to denote the pair (SC; OC) This notation indicates that the safety commitments, represented by SC at the semantic level, are clearly identified from other commitments. The rules in [2, 3] focus on the particular case where SC is the smallest safety set greater than SC OC but keeping this generality allows a direct mapping into the specifications of [17, 21] that we want to consider in this paper. Example 1. We later consider a tuple (pre; rely; guar; post) of predicates. Then, ....

[Article contains additional citation context not shown here]

Abadi, M., Lamport, L.: Conjoining specifications, Digital Equipment Corporation Systems Research Center, Research Report 118, 1993.

....Abadi, and Burrows contains many rules for reasoning about delegation of authority, principals acting in roles, and authentication with multiple certification authorities. The logic was used to design an authentication system as part of Digital Equipment Corporation s Taos operating system, [5]. Taos featured a distributed file system that authenticated principals and their privileges. Conclusions Having confidence that a system is secure requires having confidence in the cryptographic algorithms, confidence that the security mechanisms are implemented properly, and that the ....

Edward Wobber, Martin Abadi, and Mike Burroughs Butler Lampson. Authentication in the TAOS Operating System. Report 117, Digital Equipment Corporation Systems Research Center, Palo Alto, CA, December 1993.

....just as secure in the case of Restrictiveness, or just as simple yet more secure in the case of Noninference) may work. As new properties are developed, the situation will deteriorate further. For this reason general theories of system composition, such as the one developed by Abadi and Lamport [1], are extremely appealing. A number of researchers in the security community are attempting to use the Abadi Lamport Composition Principle to develop a general theory of composition for confidentiality properties. However, the Abadi Lamport Composition Principle is restricted to the class of ....

....traces that the system can exhibit. Abadi and Lamport add to this framework the concept of a specification, which is a property formed by taking the union of the set of traces that conform to a system s desired behavior and the set of traces that contain violations of a system s input restrictions [1]. The latter set reflects assumptions about the environment in which the system is to be run. The former set reflects requirements about how a system can react when placed in an environment that satisfies its input restrictions. A program satisfies a specification if the specification holds for ....

[Article contains additional citation context not shown here]

Martin Abadi and Leslie Lamport, Composing Specifications, Technical Report 66, Digital Equipment Corporation Systems Research Center, Palo Alto, CA, 1990.

No context found.

Mart'in Abadi and Leslie Lamport. Composing specifications. Research Report 66, Digital Equipment Corporation Systems Research Center, 1990. A preliminary version appeared in [dBdRR90].

No context found.

M. Abadi and A. D. Gordon. A Calculus for Cryptographic Protocols. The Spi Calculus. Technical Report 149, Digital Equipment Corporation Systems Research Center, Palo Alto, California, 1998.

.... can be studied and analyzed (see for example [20, 26, 23, 27, 28, 11, 16] Within the model checking approaches [7] we remind the studies, oriented to define an effective theoretical framework in [18, 15, 14] and the recent BRUTUS model checker [19] This paper focuses on spi calculus [4], a process algebra derived from the calculus [21, 22] with operators to encrypt and decrypt messages. The spicalculus is expressive and flexible enough to easily allow the description of a wide class of cryptographic protocols. Basic properties, such as secrecy and integrity (a weak form of ....

....A; B step 2: S A : fB; K ab ; T s ; fK ab ; A; T s gK bs gKas step 3: A B : fK ab ; A; T s gK bs step 3 0 : I(A) B : fK ab ; A; T s gK bs 4 Language Syntax In this section we describe the syntax our spi calculus dialect. It is a modified version of the spi calculus of Abadi and Gordon [4], without mobility and where the let and case constructs have been embedded into, respectively, the output and input primitives. Mobility is a characteristic that in cryptographic protocols seems to have a minor interest than in other protocols, at least at the abstract level we intend to ....

M. Abadi and A. D. Gordon. A Calculus for Cryptographic Protocols. The Spi Calculus. Technical Report 149, Digital Equipment Corporation Systems Research Center, Palo Alto, California, 1998.

....errors to be reliable. During the last years many researchers have dedicated their efforts to propose plenty of formal frameworks in which cryptographic protocols can be analyzed (e.g. see [5, 26, 30, 1, 17] Among the different proposed approaches we are mainly interested in the spi calculus [2] of Abadi and Gordon. The spi calculus is a process algebra derived from the calculus [21, 22] with operators to encrypt and decrypt messages. Using the spi calculus syntax is possible to express all the shared key cryptographic protocols and, with light modifications [2] also other ....

....in the spi calculus [2] of Abadi and Gordon. The spi calculus is a process algebra derived from the calculus [21, 22] with operators to encrypt and decrypt messages. Using the spi calculus syntax is possible to express all the shared key cryptographic protocols and, with light modifications [2], also other cryptographic paradigms such as public keys, hash functions and digital signatures. In spi calculus secrecy and integrity properties [3] can be naturally formalized as may testing equivalences [25] and automatic strategies have been shown to be effective [4, 13] in verifying them. On ....

M. Abadi and A. D. Gordon. A Calculus for Cryptographic Protocols. The Spi Calculus. Technical Report 149, Digital Equipment Corporation Systems Research Center, Palo Alto, California, 1998.

No context found.

M. Abadi and A. D. Gordon. A Calculus for Cryptographic Protocols. The Spi Calculus. Technical Report 149, Digital Equipment Corporation Systems Research Center, Palo Alto, California, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC