Title:On-the-Fly Model Checking of Security Protocols
Venue:Lecture Room 334,State Key Lab of Computer Science, Level 3 Building #5, Institute of Software, CAS
Abstract: Design and analysis of security protocols prove
to be a challenging problem over 30 years. Many formalisms have been adopted
to describe security protocols, and been analyzed by various automatic and semi-automatic
techniques. Due to the complication of the network, methodologies for the analysis
should be carefully designed to represent
each infinity factor one assumed, such as, an unbounded number of sessions one principal participates, an unbounded number of principals one principal communicates with, and an unbounded number of messages intruders and dishonest principals produce.
This talk introduces a sound and complete model checking method to analyze
various security properties under certain assumptions. That is, when flaws are
not detected, the protocol is guaranteed to be secure under these assumptions.
When various security properties of security protocols are analyzed under different
assumptions, infinity factors are abstracted to be finite by several techniques,
so that security properties can be checked automatically by a sound and complete
on-the-fly model checking under these assumptions,
(i) secrecy and authentication properties in bounded sessions,
(ii) authentication property for recursive protocols, and
(iii) non-repudiation and fairness properties in bounded sessions.
Among them, (ii) and (iii) are first analyzed by model checking methods.The methodology is implemented by Maude. By the facility of the reachability analysis in Maude (implemented as search), each property can be checked at the same time when a model is generated. etc..