363 research outputs found
Tree Automata for Detecting Attacks on Protocols with Algebraic Cryptographic Primitives
International audienceThis paper extends a rewriting approximations-based theoretical framework in which the security problem -- secrecy preservation against an active intruder -- may be semi-decided through a reachability analysis. In a recent paper, we have shown how to semi-decide whether a security protocol using algebraic properties of cryptographic primitives is safe. In this paper, we investigate the dual - insecurity - problem: we explain how to semi-decide whether a protocol using cryptographic primitive algebraic properties is unsafe. This improvement offers us to draw automatically a complete diagnostic of a security protocol with an unbounded number of sessions. Furthermore, our approach is supported by the tool TA4SP successfully applied for analysing the NSPK-xor protocol and the Diffie-Hellman protocol
Approximation based tree regular model checking
International audienceThis paper addresses the following general problem of tree regular model-checking: decide whether where is the reflexive and transitive closure of a successor relation induced by a term rewriting system , and and are both regular tree languages. We develop an automatic approximation-based technique to handle this -- undecidable in general -- problem in most practical cases, extending a recent work by Feuillade, Genet and Viet Triem Tong. We also make this approach fully automatic for practical validation of security protocols
Tree automata with one memory set constraints and cryptographic protocols
AbstractWe introduce a class of tree automata that perform tests on a memory that is updated using function symbol application and projection. The language emptiness problem for this class of tree automata is shown to be in DEXPTIME.We also introduce a class of set constraints with equality tests and prove its decidability by completion techniques and a reduction to tree automata with one memory.Finally, we show how to apply these results to cryptographic protocols. We introduce a class of cryptographic protocols and show the decidability of secrecy for an arbitrary number of agents and an arbitrary number of (concurrent or successive) sessions, provided that only a bounded number of new data is generated. The hypothesis on the protocol (a restricted copying ability) is shown to be necessary: without this hypothesis, we prove that secrecy is undecidable, even for protocols without nonces
Verifying Temporal Regular Properties of Abstractions of Term Rewriting Systems
The tree automaton completion is an algorithm used for proving safety
properties of systems that can be modeled by a term rewriting system. This
representation and verification technique works well for proving properties of
infinite systems like cryptographic protocols or more recently on Java Bytecode
programs. This algorithm computes a tree automaton which represents a (regular)
over approximation of the set of reachable terms by rewriting initial terms.
This approach is limited by the lack of information about rewriting relation
between terms. Actually, terms in relation by rewriting are in the same
equivalence class: there are recognized by the same state in the tree
automaton.
Our objective is to produce an automaton embedding an abstraction of the
rewriting relation sufficient to prove temporal properties of the term
rewriting system.
We propose to extend the algorithm to produce an automaton having more
equivalence classes to distinguish a term or a subterm from its successors
w.r.t. rewriting. While ground transitions are used to recognize equivalence
classes of terms, epsilon-transitions represent the rewriting relation between
terms. From the completed automaton, it is possible to automatically build a
Kripke structure abstracting the rewriting sequence. States of the Kripke
structure are states of the tree automaton and the transition relation is given
by the set of epsilon-transitions. States of the Kripke structure are labelled
by the set of terms recognized using ground transitions. On this Kripke
structure, we define the Regular Linear Temporal Logic (R-LTL) for expressing
properties. Such properties can then be checked using standard model checking
algorithms. The only difference between LTL and R-LTL is that predicates are
replaced by regular sets of acceptable terms
Optimised determinisation and completion of finite tree automata
Determinisation and completion of finite tree automata are important
operations with applications in program analysis and verification. However, the
complexity of the classical procedures for determinisation and completion is
high. They are not practical procedures for manipulating tree automata beyond
very small ones. In this paper we develop an algorithm for determinisation and
completion of finite tree automata, whose worst-case complexity remains
unchanged, but which performs far better than existing algorithms in practice.
The critical aspect of the algorithm is that the transitions of the
determinised (and possibly completed) automaton are generated in a potentially
very compact form called product form, which can reduce the size of the
representation dramatically. Furthermore, the representation can often be used
directly when manipulating the determinised automaton. The paper contains an
experimental evaluation of the algorithm on a large set of tree automata
examples
Abstract Regular Tree Model Checking
International audienceRegular (tree) model checking (RMC) is a promising generic method for formal verification of infinite-state systems. It encodes configurations of systems as words or trees over a suitable alphabet, possibly infinite sets of configurations as finite word or tree automata, and operations of the systems being examined as finite word or tree transducers. The reachability set is then computed by a repeated application of the transducers on the automata representing the currently known set of reachable configurations. In order to facilitate termination of RMC, various acceleration schemas have been proposed. One of them is a combination of RMC with the abstract-check-refine paradigm yielding the so-called abstract regular model checking (ARMC). ARMC has originally been proposed for word automata and transducers only and thus for dealing with systems with linear (or easily linearisable) structure. In this paper, we propose a generalisation of ARMC to the case of dealing with trees which arise naturally in a lot of modelling and verification contexts. In particular, we first propose abstractions of tree automata based on collapsing their states having an equal language of trees up to some bounded height. Then, we propose an abstraction based on collapsing states having a non-empty intersection (and thus "satisfying") the same bottom-up tree "predicate" languages. Finally, we show on several examples that the methods we propose give us very encouraging verification results
- âŠ