Results 1  10
of
47
Automated Analysis of Cryptographic Protocols Using Murphi
, 1997
"... A methodology is presented for using a generalpurpose state enumeration tool, Murphi, to analyze cryptographic and securityrelated protocols. We illustrate the feasibility of the approach by analyzing the NeedhamSchroeder protocol, finding a known bug in a few seconds of computation time, and anal ..."
Abstract

Cited by 293 (24 self)
 Add to MetaCart
(Show Context)
A methodology is presented for using a generalpurpose state enumeration tool, Murphi, to analyze cryptographic and securityrelated protocols. We illustrate the feasibility of the approach by analyzing the NeedhamSchroeder protocol, finding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study. The efficiency of Murphi allows us to examine multiple runs of relatively short protocols, giving us the ability to detect replay attacks, or errors resulting from confusion between independent execution of a protocol by independent parties.
The Murφ Verification System
 IN COMPUTER AIDED VERIFICATION. 8TH INTERNATIONAL CONFERENCE
, 1996
"... This is a brief overview of the Murφ verification system. ..."
Abstract

Cited by 172 (8 self)
 Add to MetaCart
This is a brief overview of the Murφ verification system.
Symbolic model checking with rich assertional languages
 Theoretical Computer Science
, 1997
"... Abstract. The paper shows that, by an appropriate choice of a rich assertional language, it is possible to extend the utility of symbolic model checking beyond the realm of bddrepresented nitestate systems into the domain of in nitestate systems, leading to a powerful technique for uniform veri c ..."
Abstract

Cited by 119 (4 self)
 Add to MetaCart
Abstract. The paper shows that, by an appropriate choice of a rich assertional language, it is possible to extend the utility of symbolic model checking beyond the realm of bddrepresented nitestate systems into the domain of in nitestate systems, leading to a powerful technique for uniform veri cation of unbounded (parameterized) process networks. The main contributions of the paper are a formulation of a general framework for symbolic model checking of in nitestate systems, a demonstration that many individual examples of uniformly veri ed parameterized designs that appear in the literature are special cases of our general approach, verifying the correctness of the Futurebus+ design for all singlebus con gurations, extending the technique to tree architectures, and establishing that the presented method is a precise dual to the topdown invariant generation method used in deductive veri cation. 1
Automatic Deductive Verification with Invisible Invariants
, 2001
"... The paper presents a method for the automatic verification of a certain class of parameterized systems. These are boundeddata systems consisting of N processes (N being the parameter), where each process is finitestate. First, we show that if we use the standard deductive inv rule for proving inva ..."
Abstract

Cited by 101 (11 self)
 Add to MetaCart
(Show Context)
The paper presents a method for the automatic verification of a certain class of parameterized systems. These are boundeddata systems consisting of N processes (N being the parameter), where each process is finitestate. First, we show that if we use the standard deductive inv rule for proving invariance properties, then all the generated verification conditions can be automatically resolved by finitestate (bddbased) methods with no need for interactive theorem proving. Next, we show how to use modelchecking techniques over finite (and small) instances of the parameterized system in order to derive candidates for invariant assertions. Combining this automatic computation of invariants with the previously mentioned resolution of the VCs (verification conditions) yields a (necessarily) incomplete but fully automatic sound method for verifying boundeddata parameterized systems. The generated invariants can be transferred to the VCvalidation phase without ever been examined by the user, which explains why we refer to them as "invisible". We illustrate the method on a nontrivial example of a cache protocol, provided by Steve German.
Parameterized Verification with Automatically Computed Inductive Assertions
, 2001
"... The paper presents a method, called the method of verification by invisible invariants, for the automatic verification of a large class of parameterized systems. The method is based on the automatic calculation of candidate inductive assertions and checking for their inductiveness, using symbolic mo ..."
Abstract

Cited by 89 (9 self)
 Add to MetaCart
The paper presents a method, called the method of verification by invisible invariants, for the automatic verification of a large class of parameterized systems. The method is based on the automatic calculation of candidate inductive assertions and checking for their inductiveness, using symbolic modelchecking techniques for both tasks. First, we show how to use modelchecking techniques over finite (and small) instances of the parameterized system in order to derive candidates for invariant assertions. Next, we show that the premises of the standard deductive inv rule for proving invariance properties can be automatically resolved by finitestate (bddbased) methods with no need for interactive theorem proving. Combining the automatic computation of invariants with the automatic resolution of the VCs (verification conditions) yields a (necessarily) incomplete but fully automatic sound method for verifying large classes of parameterized systems. The generated invariants can be transferred to the VCvalidation phase without ever been examined by the user, which explains why we refer to them as "invisible". The efficacy of the method is demonstrated by automatic verification of diverse parameterized systems in a fully automatic and efficient manner.
Reducing model checking of the many to the few
 In 17th International Conference on Automated Deduction (CADE17
, 2000
"... Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parametrized Model Checking Problem (PMCP) is to determine whether a temporal property is true for every size instance of the system. Unfortunately, it is undecidable in general. We are able to establ ..."
Abstract

Cited by 67 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parametrized Model Checking Problem (PMCP) is to determine whether a temporal property is true for every size instance of the system. Unfortunately, it is undecidable in general. We are able to establish, nonetheless, decidability of the PMCP in quite a broad framework. We consider asynchronous systems comprised of an arbitrary number ¢ of homogeneous copies of a generic process template. The process template is represented as a synchronization skeleton while correctness properties are expressed using Indexed CTL* £ X. We reduce model checking for systems of arbitrary size ¢ to model checking for systems of size (up to) a small cutoff size ¤. This establishes decidability of PMCP as it is only necessary model check a finite number of relatively small systems. The results generalize to systems comprised of multiple heterogeneous classes of processes, where each class is instantiated by many homogenous copies of the class template (e.g., ¥ readers and ¢ writers). 1
Constructing Quantified Invariants via Predicate Abstraction
 CONFERENCE ON VERIFICATION, MODEL CHECKING AND ABSTRACT INTERPRETATION (VMCAI ’04), LNCS 2937
, 2004
"... Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models where the system state conta ..."
Abstract

Cited by 40 (8 self)
 Add to MetaCart
(Show Context)
Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models where the system state contains mutable function and predicate state variables. Such a model can describe systems containing arbitrarily large memories, buffers, and arrays of identical processes. We describe a form of predicate abstraction that constructs a formula over a set of universally quantified variables to describe invariant properties of the function state variables. We provide a formal justification of the soundness of our approach and describe how it has been used to verify several hardware and software designs, including a directorybased cache coherence protocol with unbounded FIFO channels.
Control and Data Abstraction: The Cornerstones of Practical Formal Verification.
 Software Tools for Technology Transfer
, 2000
"... ion: The Cornerstones of Practical Formal Verification. Yonit Kesten 1 , Amir Pnueli 2 1 Dept. of Communication Systems Engineering, Ben Gurion University, BeerSheva, Israel, email: ykesten@bgumail.bgu.ac.il 2 Dept. of Applied Mathematics and Computer Science, the Weizmann Institute of S ..."
Abstract

Cited by 33 (9 self)
 Add to MetaCart
(Show Context)
ion: The Cornerstones of Practical Formal Verification. Yonit Kesten 1 , Amir Pnueli 2 1 Dept. of Communication Systems Engineering, Ben Gurion University, BeerSheva, Israel, email: ykesten@bgumail.bgu.ac.il 2 Dept. of Applied Mathematics and Computer Science, the Weizmann Institute of Science, Rehovot, Israel, email: amir@wisdom.weizmann.ac.il The date of receipt and acceptance will be inserted by the editor Abstract. In spite of the impressive progress in the development of the two main methods for formal verification of reactive systems  Symbolic Model Checking and Deductive Verification, they are still limited in their ability to handle large systems. It is generally recognized that the only way these methods can ever scale up is by the extensive use of abstraction and modularization, which break the task of verifying a large system into several smaller tasks of verifying simpler systems. In this paper, we review the two main tools of compositionality and abstrac...
Parameterized verification of the FLASH cache coherence protocol by compositional model checking
 In CHARME 01: IFIP Working Conference on Correct Hardware Design and Verification Methods, Lecture Notes in Computer Science 2144
, 2001
"... Abstract. We consider the formal verification of the cache coherence protocol of the Stanford FLASH multiprocessor for N processors. The proof uses the SMV proof assistant, a proof system based on symbolic model checking. The proof process is described step by step. The protocol model is derived fro ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the formal verification of the cache coherence protocol of the Stanford FLASH multiprocessor for N processors. The proof uses the SMV proof assistant, a proof system based on symbolic model checking. The proof process is described step by step. The protocol model is derived from an earlier proof of the FLASH protocol, using the PVS system, allowing a direct comparison between the two methods. 1 Introduction The verification of cache coherence protocols was perhaps the earliest commercial application of model checking [MS91]. Later, more efficient model checking methods were developed for this application [CD93], and compositional methods were applied to show that a verified protocol was implemented correctly in hardware [Eir98]. However, these techniques were unsound, in the sense that they could be applied only to fixed number N of nodes in the network, whereas in fact N had no useful upper bound. This left open the possibility that a protocol error was missed, which only manifested itself for N greater than the size verifiable by model checking.
Predicate Abstraction with Indexed Predicates
, 2007
"... Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models containing firstorder state v ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models containing firstorder state variables, where the system state includes mutable functions and predicates. Such a model can describe systems containing arbitrarily large memories, buffers, and arrays of identical processes. We describe a form of predicate abstraction that constructs a formula over a set of universally quantified variables to describe invariant properties of the firstorder state variables. We provide a formal justification of the soundness of our approach and describe how it has been used to verify several hardware and software designs, including a directorybased cache coherence protocol.