DocumentCode
2010034
Title
Towards Producing Formally Checkable Security Proofs, Automatically
Author
Goubault-Larrecq, Jean
fYear
2008
fDate
23-25 June 2008
Firstpage
224
Lastpage
238
Abstract
First-order logic models of security for cryptographic protocols, based on variants of the Dolev-Yao model, are now well-established tools. Given that we have checked a given security protocol pi using a given first-order prover, how hard is it to extract a formally checkable proof of it, as required in, e.g., common criteria at evaluation level 7? We demonstrate that this is surprisingly hard: the problem is non-recursive in general. On the practical side, we show how we can extract finite models M from a set S of clauses representing pi, automatically, in two ways. We then define a model-checker testing M |= S, and show how we can instrument it to output a formally checkable proof, e.g., in Coq. This was implemented in the h1 tool suite. Experience on a number of protocols shows that this is practical.
Keywords
Authentication; Automatic logic units; Automation; Computational modeling; Computer security; Cryptographic protocols; Equations; Instruments; National security; Testing; Coq; Dolev-Yao model; Paradox; first-order logic; h1; model-checking; proofs; security; tree automata;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Foundations Symposium, 2008. CSF '08. IEEE 21st
Conference_Location
Pittsburgh, PA, USA
ISSN
1940-1434
Print_ISBN
978-0-7695-3182-3
Type
conf
DOI
10.1109/CSF.2008.21
Filename
4556689
Link To Document