Results 1  10
of
81
A logic of authentication
 ACM TRANSACTIONS ON COMPUTER SYSTEMS
, 1990
"... Questions of belief are essential in analyzing protocols for the authentication of principals in distributed computing systems. In this paper we motivate, set out, and exemplify a logic specifically designed for this analysis; we show how various protocols differ subtly with respect to the required ..."
Abstract

Cited by 1332 (22 self)
 Add to MetaCart
Questions of belief are essential in analyzing protocols for the authentication of principals in distributed computing systems. In this paper we motivate, set out, and exemplify a logic specifically designed for this analysis; we show how various protocols differ subtly with respect to the required initial assumptions of the participants and their final beliefs. Our formalism has enabled us to isolate and express these differences with a precision that was not previously possible. It has drawn attention to features of protocols of which we and their authors were previously unaware, and allowed us to suggest improvements to the protocols. The reasoning about some protocols has been mechanically verified. This paper starts with an informal account of the problem, goes on to explain the formalism to be used, and gives examples of its application to protocols from the literature, both with sharedkey cryptography and with publickey cryptography. Some of the examples are chosen because of their practical importance, while others serve to illustrate subtle points of the logic and to explain how we use it. We discuss extensions of the logic motivated by actual practice  for example, in order to account for the use of hash functions in signatures. The final sections contain a formal semantics of the logic and some conclusions.
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
, 2000
"... Two distinct, rigorous views of cryptography have developed over the years, in two mostly separate communities. One of the views relies on a simple but effective formal approach; the other, on a detailed computational model that considers issues of complexity and probability. ..."
Abstract

Cited by 378 (11 self)
 Add to MetaCart
Two distinct, rigorous views of cryptography have developed over the years, in two mostly separate communities. One of the views relies on a simple but effective formal approach; the other, on a detailed computational model that considers issues of complexity and probability.
Mobile Values, New Names, and Secure Communication
, 2001
"... We study the interaction of the "new" construct with a rich but common form of (firstorder) communication. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programminglanguage contexts. Specifically, we intro ..."
Abstract

Cited by 372 (17 self)
 Add to MetaCart
We study the interaction of the "new" construct with a rich but common form of (firstorder) communication. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programminglanguage contexts. Specifically, we introduce a simple, general extension of the pi calculus with value passing, primitive functions, and equations among terms. We develop semantics and proof techniques for this extended language and apply them in reasoning about some security protocols.
Secrecy by Typing in Security Protocols
 Journal of the ACM
, 1998
"... We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic co ..."
Abstract

Cited by 273 (10 self)
 Add to MetaCart
We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic concurrent language with cryptographic primitives, the spi calculus. They guarantee that, if a protocol typechecks, then it does not leak its secret inputs.
Abstractions for mobile computation
, 1999
"... Abstract. We discuss the difficulties caused by mobile computing and mobile computation over wide area networks. We propose a unified framework for overcoming such difficulties. 1 ..."
Abstract

Cited by 130 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We discuss the difficulties caused by mobile computing and mobile computation over wide area networks. We propose a unified framework for overcoming such difficulties. 1
The Join Calculus: A Language for Distributed Mobile Programming
 In Proceedings of the Applied Semantics Summer School (APPSEM), Caminha
, 2000
"... In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct emb ..."
Abstract

Cited by 76 (2 self)
 Add to MetaCart
In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct embedding of the ML programming language. The join calculus is used as the basis for several distributed languages and implementations, such as JoCaml and functional nets.
Proof Techniques for Cryptographic Processes
 in 14th Annual IEEE Symposium on Logic in Computer Science
, 1999
"... Contextual equivalences for cryptographic process calculi, like the spicalculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely maytesting and barbed equivalence, and ..."
Abstract

Cited by 70 (8 self)
 Add to MetaCart
(Show Context)
Contextual equivalences for cryptographic process calculi, like the spicalculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely maytesting and barbed equivalence, and investigate tractable proof methods for them. To this aim, we design an enriched labelled transition system, where transitions are constrained by the knowledge the environment has of names and keys. The new transition system is then used to define a trace equivalence and a weak bisimulation equivalence, that avoid quantification over contexts. Our main results are soundness and completeness of trace and weak bisimulation equivalence with respect to maytesting and barbed equivalence, respectively. They lead to more direct proof methods for equivalence checking. The use of these methods is illustrated with a few examples, concerning implementation of secure channels and verification of proto...
A Hierarchy of Equivalences for Asynchronous Calculi
, 2003
"... We generate a natural hierarchy of equivalences for asynchronous namepassing process calculi from simple variations on Milner and Sangiorgi's definition of weak barbed bisimulation. The calculus, used here, and the join calculus are examples of such calculi. ..."
Abstract

Cited by 66 (6 self)
 Add to MetaCart
We generate a natural hierarchy of equivalences for asynchronous namepassing process calculi from simple variations on Milner and Sangiorgi's definition of weak barbed bisimulation. The calculus, used here, and the join calculus are examples of such calculi.
Equational properties of mobile ambients
 MATHEMATICAL STRUCTURES IN COMPUTER SCIENCE
, 1999
"... ..."
(Show Context)
Bisimulations in the joincalculus
 Theoretical Computer Science
, 1998
"... We propose an objectoriented calculus with internal concurrency and classbased inheritance that is built upon the join calculus. Method calls, locks, and states are handled in a uniform manner, using asynchronous messages. Classes are partial message definitions that can be combined and transforme ..."
Abstract

Cited by 52 (6 self)
 Add to MetaCart
We propose an objectoriented calculus with internal concurrency and classbased inheritance that is built upon the join calculus. Method calls, locks, and states are handled in a uniform manner, using asynchronous messages. Classes are partial message definitions that can be combined and transformed. We design operators for behavioral and synchronization inheritance. We also give a type system that statically enforces basic safety properties. Our model is compatible with the JoCaml implementation