Niveau: Supérieur, Doctorat, Bac+8
Automated Verification of Selected Equivalences for Security Protocols Bruno Blanchet CNRS, Ecole Normale Superieure, Paris Martın Abadi University of California, Santa Cruz Cedric Fournet Microsoft Research, Cambridge Abstract In the analysis of security protocols, methods and tools for reasoning about protocol behaviors have been quite ef- fective. We aim to expand the scope of those methods and tools. We focus on proving equivalences P ≈ Q in which P and Q are two processes that differ only in the choice of some terms. These equivalences arise often in applications. We show how to treat them as predicates on the behaviors of a process that represents P and Q at the same time. We develop our techniques in the context of the applied pi cal- culus and implement them in the tool ProVerif. 1. Introduction Many security properties can be expressed as predicates on system behaviors. These properties include some kinds of secrecy properties (for instance, “the system never broad- casts the key k”). They also include correspondence prop- erties (for instance, “if the system deletes file f , then the administrator must have requested it”). Such predicates on system behaviors are the focus of many successful meth- ods for security analysis. In recent years, several tools have made it possible to prove many such predicates automati- cally or semi-automatically, even for infinite-state systems.
- pi calculus
- signature de ?
- such predicates
- key encryption
- evalua- tion context
- many successful
- observational equivalence
- prove many
- ments mac when