Learn More
We advance the state-of-the-art in automated symbolic cryptographic protocol analysis by providing the first algorithm that can handle Diffie-Hellman exponentiation, bilinear pairing, and AC-operators. Our support for AC-operators enables protocol specifications to use multisets, natural numbers, and finite maps. We implement the algorithm in the TAMARIN(More)
We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI is the first such infrastructure that systematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a(More)
An equational theory decomposed into a set B of equational axioms and a set Δ of rewrite rules has the finite variant (FV) property in the sense of Comon-Lundh and Delaune iff for each term t there is a finite set {t1,. .. , tn} of →Δ,B-normalized instances of t so that any instance of t normalizes to an instance of some ti modulo B. This is a very useful(More)
Many cryptographic security definitions can be naturally formulated as observational equivalence properties. However, existing automated tools for verifying the observational equivalence of cryptographic protocols are limited: they do not handle protocols with mutable state and an unbounded number of sessions. We propose a novel definition of observational(More)
Current techniques for the formal modeling analysis of DoS attacks do not adequately deal with amplification attacks that may target a complex distributed system as a whole rather than a specific server. Such threats have emerged for important applications such as the VoIP Session Initiation Protocol (SIP). We demonstrate a model-checking technique for(More)
Narrowing is a well-known complete procedure for equational E-unification when E can be decomposed as a union E = ∆ B with B a set of axioms for which a finitary unification algorithm exists, and ∆ a set of confluent, terminating, and B-coherent rewrite rules. However, when B = ∅, effective narrowing strategies such as basic narrowing easily fail to be(More)
Investigate modularity and extensibility of programming languages Hoare logics Source-code level reasoning. Generic and modular program logics wanted. Develop theorem proving technology on top of the logics. This case study is a first step in this direction. Hoare logic for this programming language with side-effects, mathematically justified. ASIP+ITP We(More)
This paper presents a methodology for automatically validating program transformation rules that are part of a calculus for Java source code verification. We target the Java Dynamic Logic calculus which is implemented in the interactive prover of the KeY system. As a basis for validation, we take an existing SOS style rewriting logic semantics for Java,(More)
We present a new paradigm for unification arising out of a technique commonly used in cryptographic protocol analysis tools that employ unification modulo equational theories. This paradigm relies on: (i) a decomposition of an equational theory into (R, E) where R is conflu-ent, terminating, and coherent modulo E, and (ii) on reducing unification problems(More)
We address a problem that arises in cryptographic protocol analysis when the equational properties of the cryptosystem are taken into account: in many situations it is necessary to guarantee that certain terms generated during a state exploration are in normal form with respect to the equational theory. We give a tool-independent methodology for state(More)