Learn More
In this paper we focus on tackling the insecurity problem of security protocols in the presence of an unbounded number of data such as nonces or session keys. First, we pinpoint four open problems in this category. The first two problems concern protocols with natural restrictions that any "realistic' protocol should satisfy while the second two concern(More)
Bisimulation equivalence is decidable in polynomial time for both sequential and commutative normed context-free processes, known as BPA and BPP, respectively. Despite apparent similarity between the two classes, different techniques were used in each case. We provide one polynomial-time algorithm that works in a superclass of both normed BPA and BPP. It is(More)
We extend Delaune, Kremer and Steel's framework for analysis of PKCS#11-based APIs from bounded to unbounded fresh data. We achieve this by: formally defining the notion of an attribute policy; showing that a well-designed API should have a certain class of policy we call complete; showing that APIs with complete policies may be safely abstracted to APIs(More)
We investigate the difference between two well-known notions of independence bisimilarity, history-preserving bisimulation and hereditary history-preserving bisimulation. We characterise the difference between the two bisimulations in trace-theoretical terms, advocating the view that the first is (just) a bisimulation for causality, while the second is a(More)
We propose a polynomial-time decision procedure for hereditary history preserving bisimilarity (hhp-b) on Basic Parallel Processes (BPP). Furthermore , we give a sound and complete equational axiomatization for the equivalence. Both results are derived from a decomposition property of hhp-b, which is the main technical contribution of the paper. Altogether,(More)
PKCS#11 is a widely adopted standard that defines a security API for accessing devices such as smartcards and hardware security modules. Motivated by experiments on several devices we develop an approach that allows us to formally establish security properties of keys stored on such devices. We use first-order linear time logic extended by past operators.(More)