Learn More
If a set of equations E∪Ax is such that E is confluent, terminating , and coherent modulo Ax, narrowing with E modulo Ax provides a complete E ∪Ax-unification algorithm. However, except for the hopelessly inefficient case of full narrowing, nothing seems to be known about effective narrowing strategies in the general modulo case beyond the quite depressing(More)
We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI is the first such infrastructure that systematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a(More)
To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the human-computer interface is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic bugs in GUI design/implementation. Visual spoofing attacks that exploit these flaws can lure even security-(More)
An equational theory decomposed into a set B of equational axioms and a set Δ of rewrite rules has the finite variant (FV) property in the sense of Comon-Lundh and Delaune iff for each term t there is a finite set {t1,. .. , tn} of →Δ,B-normalized instances of t so that any instance of t normalizes to an instance of some ti modulo B. This is a very useful(More)
Many cryptographic security definitions can be naturally formulated as observational equivalence properties. However, existing automated tools for verifying the observational equivalence of cryptographic protocols are limited: they do not handle protocols with mutable state and an unbounded number of sessions. We propose a novel definition of observational(More)
Current techniques for the formal modeling analysis of DoS attacks do not adequately deal with amplification attacks that may target a complex distributed system as a whole rather than a specific server. Such threats have emerged for important applications such as the VoIP Session Initiation Protocol (SIP). We demonstrate a model-checking technique for(More)
Narrowing is a well-known complete procedure for equational E-unification when E can be decomposed as a union E = ∆ B with B a set of axioms for which a finitary unification algorithm exists, and ∆ a set of confluent, terminating, and B-coherent rewrite rules. However, when B = ∅, effective narrowing strategies such as basic narrowing easily fail to be(More)
Investigate modularity and extensibility of programming languages Hoare logics Source-code level reasoning. Generic and modular program logics wanted. Develop theorem proving technology on top of the logics. This case study is a first step in this direction. Hoare logic for this programming language with side-effects, mathematically justified. ASIP+ITP We(More)
This paper presents a methodology for automatically validating program transformation rules that are part of a calculus for Java source code verification. We target the Java Dynamic Logic calculus which is implemented in the interactive prover of the KeY system. As a basis for validation, we take an existing SOS style rewriting logic semantics for Java,(More)
We present a new paradigm for unification arising out of a technique commonly used in cryptographic protocol analysis tools that employ unification modulo equational theories. This paradigm relies on: (i) a decomposition of an equational theory into (R, E) where R is conflu-ent, terminating, and coherent modulo E, and (ii) on reducing unification problems(More)