Showing papers by "Lawrence C. Paulson published in 2006"
TL;DR: A system in which Isabelle users obtain automatic support from automatic theorem provers such as Vampire and SPASS, and a working prototype that uses background processes already provides much of the desired functionality.
Abstract: Interactive theorem provers require too much effort from their users We have been developing a system in which Isabelle users obtain automatic support from automatic theorem provers (ATPs) such as Vampire and SPASS An ATP is invoked at suitable points in the interactive session, and any proof found is given to the user in a window displaying an Isar proof script There are numerous differences between Isabelle (polymorphic higher-order logic with type classes, natural deduction rule format) and classical ATPs (first-order, untyped, and clause form) Many of these differences have been bridged, and a working prototype that uses background processes already provides much of the desired functionality
70 citations
TL;DR: First verification results for the complete Purchase protocols of SET show that their primary goal is indeed met, however, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the Cardholder meant to send his credit card details to the very payment gateway that receives them.
Abstract: SET (Secure Electronic Transaction) is a suite of protocols proposed by a consortium of credit card companies and software corporations to secure e-commerce transactions The Purchase part of the suite is intended to guarantee the integrity and authenticity of the payment transaction while keeping the Cardholder's account details secret from the Merchant and his choice of goods secret from the Bank This paper details the first verification results for the complete Purchase protocols of SET Using Isabelle and the inductive method, we show that their primary goal is indeed met However, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the Cardholder meant to send his credit card details to the very payment gateway that receives them A major effort in the verification went into digesting the SET documentation to produce a realistic model The protocol's complexity and size make verification difficult, compared with other protocols However, our effort has yielded significant insights
61 citations
TL;DR: This paper provides a comparative, formal analysis of the nonrepudiation protocol of Zhou and Gollmann and the certified email protocol of Abadi et al, and confirms that they reach their goals under realistic conditions.
Abstract: Classical security protocols aim to achieve authentication and confidentiality under the assumption that the peers behave honestly. Some recent protocols are required to achieve their goals even if the peer misbehaves. Accountability is a protocol design strategy that may help. It delivers to peers sufficient evidence of each other's participation in the protocol. Accountability underlies the nonrepudiation protocol of Zhou and Gollmann and the certified email protocol of Abadi et al. This paper provides a comparative, formal analysis of the two protocols, and confirms that they reach their goals under realistic conditions. The treatment, which is conducted with mechanized support from the proof assistant Isabelle, requires various extensions to the existing analysis method. A byproduct is an account of the concept of higher-level protocol.
45 citations
01 Jan 2006
TL;DR: This paper implemented three higher-order to first-order translations, with particular emphasis on the translation of types, and describes the translations and experimental data that compares the three translations in respect of their success rates for various automatic provers.
Abstract: Proofs involving large specifications are typically carried out through interactive provers that use higher-order logic. A promising approach to improve the automation of interactive provers is by integrating them with automatic provers, which are usually based on first-order logic. Consequently, it is necessary to translate higher-order logic formulae to first-order form. This translation should ideally be both sound and practical. We have implemented three higher-order to first-order translations, with particular emphasis on the translation of types. Omitting some type information improves the success rate, but can be unsound, so the interactive prover must verify the proofs. In this paper, we will describe our translations and experimental data that compares the three translations in respect of their success rates for various automatic provers.
27 citations
TL;DR: In this article, simple techniques for defining and reasoning about quotient constructions, based on a general lemma library concerning functions that operate on equivalence classes, are presented for defining the integers from the natural numbers, and then to the definition of a recursive datatype satisfying equational constraints.
Abstract: A quotient construction defines an abstract type from a concrete type, using an equivalence relation to identify elements of the concrete type that are to be regarded as indistinguishable. The elements of a quotient type are equivalence classes: sets of equivalent concrete values. Simple techniques are presented for defining and reasoning about quotient constructions, based on a general lemma library concerning functions that operate on equivalence classes. The techniques are applied to a definition of the integers from the natural numbers, and then to the definition of a recursive datatype satisfying equational constraints.
23 citations