Approximation-based Tree Regular Model-Checking

This paper addresses the following general problem of tree regular model-checking: decide whether R*(L) ∩ Lp = θ where R* is the reflexive and transitive closure of a successor relation induced by a term rewriting system R, and L and Lp are both regular tree languages. We develop an automatic approximation-based technique to handle this - undecidable in general - problem in most practical cases, extending a recent work by Feuillade, Genet and Viet Triem Tong. We also make this approach fully automatic for practical validation of security protocols.

[1]  Yannick Chevalier,et al.  Combining Intruder Theories , 2005, ICALP.

[2]  Sebastian Mödersheim,et al.  Models and methods for the automated analysis of security protocols , 2007 .

[3]  Marcus Nilsson,et al.  Transitive Closures of Regular Relations for Verifying Infinite-State Systems , 2000, TACAS.

[4]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[5]  Tayssir Touili,et al.  Reachability Analysis of Synchronized PA Systems , 2005, INFINITY.

[6]  Yassine Lakhnech,et al.  HERMES: An Automatic Tool for Verification of Secrecy in Security Protocols , 2003, CAV.

[7]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[8]  Alain Finkel,et al.  FASTer Acceleration of Counter Automata in Practice , 2004, TACAS.

[9]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[10]  Valérie Viet Triem Tong,et al.  Reachability Analysis over Term Rewriting Systems , 2004, Journal of Automated Reasoning.

[11]  Yohan Boichut,et al.  Feasible Trace Reconstruction for Rewriting Approximations , 2006, RTA.

[12]  Patrice Godefroid,et al.  Symbolic Verification of Communication Protocols with Infinite State Spaces Using QDDs (Extended Abstract) , 1996, CAV.

[13]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[14]  Parosh Aziz Abdulla,et al.  Symbolic Verification of Lossy Channel Systems: Application to the Bounded Retransmission Protocol , 1999, TACAS.

[15]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[16]  Stéphanie Delaune,et al.  Easy intruder deduction problems with homomorphisms , 2006, Inf. Process. Lett..

[17]  Bertrand Jeannet,et al.  Lattice Automata: A Representation for Languages on Infinite Alphabets, and Some Applications to Verification , 2007, SAS.

[18]  Olga Kouchnarenko,et al.  Automatic Verification of Security Protocols Using Approximations , 2005 .

[19]  Olga Kouchnarenko,et al.  Tree Automata for Detecting Attacks on Protocols with Algebraic Cryptographic Primitives , 2009, INFINITY.

[20]  Jean Goubault-Larrecq,et al.  Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically , 2005, J. Log. Algebraic Methods Program..

[21]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[22]  Toshinori Takai,et al.  ACTAS : A System Design for Associative and Commutative Tree Automata Theory , 2005, Electron. Notes Theor. Comput. Sci..

[23]  Bertrand Jeannet Representing and Approximating Transfer Functions in Abstract Interpretation of Hetereogeneous Datatypes , 2002, SAS.

[24]  Hanne Riis Nielson,et al.  Static Validation of a Voting Protocol , 2005, ARSPA@ICALP.

[25]  Pascal Lafourcade,et al.  Intruder deduction for the equational theory of Abelian groups with distributive encryption , 2007, Inf. Comput..

[26]  David Monniaux,et al.  Abstracting cryptographic protocols with tree automata , 1999, Sci. Comput. Program..

[27]  Véronique Cortier,et al.  A survey of algebraic properties used in cryptographic protocols , 2006, J. Comput. Secur..

[28]  Véronique Cortier,et al.  Tree automata with one memory set constraints and cryptographic protocols , 2005, Theor. Comput. Sci..

[29]  Sophie Tison,et al.  Regular Tree Languages and Rewrite Systems , 1995, Fundam. Informaticae.

[30]  Yassine Lakhnech,et al.  A symbolic decision procedure for cryptographic protocols with time stamps , 2005, J. Log. Algebraic Methods Program..

[31]  Anca Muscholl,et al.  Permutation rewriting and algorithmic verification , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[32]  Tayssir Touili,et al.  A Generic Approach to the Static Analysis of Concurrent Programs with Procedures , 2003, Int. J. Found. Comput. Sci..

[33]  Hubert Comon,et al.  Tree automata techniques and applications , 1997 .

[34]  Parosh Aziz Abdulla,et al.  Tree regular model checking: A simulation-based approach , 2006, J. Log. Algebraic Methods Program..

[35]  Pierpaolo Degano,et al.  Handling exp, × (and Timestamps) in Protocol Analysis , 2006, FoSSaCS.

[36]  A. N.A.DurginP.D.LincolnJ.C.Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[37]  Martín Abadi,et al.  Computer-Assisted Verification of a Protocol for Certified Email , 2003, SAS.

[38]  Sophie Tison,et al.  The theory of ground rewrite systems is decidable , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[39]  Yohan Boichut,et al.  Rewriting Approximations for Fast Prototyping of Static Analyzers , 2007, RTA.

[40]  Florent Jacquemard,et al.  Decidable Approximations of Term Rewriting Systems , 1996, RTA.

[41]  Pierre Réty,et al.  Regular Sets of Descendants by Some Rewrite Strategies , 2002, RTA.

[42]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[43]  Olga Kouchnarenko,et al.  Handling Algebraic Properties in Automatic Analysis of Security Protocols , 2006, ICTAC.

[44]  Véronique Cortier,et al.  Security properties: two agents are sufficient , 2003, Sci. Comput. Program..

[45]  Zohar Manna,et al.  Verification : theory and practice : essays dedicated to Zohar Manna on the occasion of his 64th birthday , 2004 .

[46]  Amir Pnueli,et al.  Liveness and Acceleration in Parameterized Verification , 2000, CAV.

[47]  Pierre Réty,et al.  Regular Sets of Descendants by Leftmost Strategy , 2002, Electron. Notes Theor. Comput. Sci..

[48]  Sándor Vágvölgyi,et al.  Bottom-Up Tree Pushdown Automata and Rewrite Systems , 1991, RTA.

[49]  Stéphanie Delaune,et al.  Decision Procedures for the Security of Protocols with Probabilistic Encryption against Offline Dictionary Attacks , 2005, Journal of Automated Reasoning.

[50]  Pierre Wolper,et al.  Verifying Systems with Infinite but Regular State Spaces , 1998, CAV.

[51]  Sebastian Mödersheim,et al.  An On-the-Fly Model-Checker for Security Protocol Analysis , 2003, ESORICS.

[52]  Kai Salomaa,et al.  Deterministic Tree Pushdown Automata and Monadic Tree Rewriting Systems , 1988, J. Comput. Syst. Sci..

[53]  Alessandro Armando,et al.  An Optimized Intruder Model for SAT-based Model-Checking of Security Protocols , 2005, ARSPA@IJCAR.

[54]  Thomas Genet,et al.  Rewriting for Cryptographic Protocol Verification , 2000, CADE.

[55]  Ralf Treinen,et al.  Easy Intruder Deductions , 2003, Verification: Theory and Practice.

[56]  Alain Finkel,et al.  How to Compose Presburger-Accelerations: Applications to Broadcast Protocols , 2002, FSTTCS.

[57]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[58]  John A. Clark,et al.  A Survey of Authentication Protocol Literature , 2010 .

[59]  Yannick Chevalier,et al.  An NP decision procedure for protocol insecurity with XOR , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[60]  Patrice Godefroid,et al.  Symbolic Verification of Communication Protocols with Infinite State Spaces using QDDs , 1999, Formal Methods Syst. Des..

[61]  Ralf Küsters,et al.  Automata-Based Analysis of Recursive Cryptographic Protocols , 2004, STACS.

[62]  Roberto Gorrieri,et al.  Security Analysis of a Probabilistic Non-repudiation Protocol , 2002, PAPM-PROBMIV.

[63]  Tomasz Truderung Regular Protocols and Attacks with Regular Knowledge , 2005, CADE.

[64]  Pierre Wolper,et al.  A direct symbolic approach to model checking pushdown systems , 1997, INFINITY.

[65]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[66]  Alain Finkel,et al.  Verification of programs with half-duplex communication , 2005, Inf. Comput..

[67]  Tayssir Touili,et al.  Extrapolating Tree Transformations , 2002, CAV.

[68]  Chris Hankin,et al.  A framework for security analysis of mobile wireless networks , 2006, Theor. Comput. Sci..

[69]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[70]  Tayssir Touili Regular Model Checking using Widening Techniques , 2001, Electron. Notes Theor. Comput. Sci..

[71]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[72]  Parosh Aziz Abdulla,et al.  On-the-Fly Analysis of Systems with Unbounded, Lossy FIFO Channels , 1998, CAV.

[73]  José Meseguer,et al.  Equational Cryptographic Reasoning in the Maude-NRL Protocol Analyzer , 2007, Electron. Notes Theor. Comput. Sci..

[74]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[75]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..