A Reduced Semantics for Deciding Trace Equivalence

Many privacy-type properties of security protocols can be modelled using trace equivalence properties in suitable process algebras. It has been shown that such properties can be decided for interesting classes of finite processes (i.e., without replication) by means of symbolic execution and constraint solving. However, this does not suffice to obtain practical tools. Current prototypes suffer from a classical combinatorial explosion problem caused by the exploration of many interleavings in the behaviour of processes. M\"odersheim et al. have tackled this problem for reachability properties using partial order reduction techniques. We revisit their work, generalize it and adapt it for equivalence checking. We obtain an optimisation in the form of a reduced symbolic semantics that eliminates redundant interleavings on the fly. The obtained partial order reduction technique has been integrated in a tool called APTE. We conducted complete benchmarks showing dramatic improvements.Comment: Accepted for publication in LMC

Partial Order Reduction for Security Protocols

Security protocols are concurrent processes that communicate using cryptography with the aim of achieving various security properties. Recent work on their formal verification has brought procedures and tools for deciding trace equivalence properties (e.g., anonymity, unlinkability, vote secrecy) for a bounded number of sessions. However, these procedures are based on a naive symbolic exploration of all traces of the considered processes which, unsurprisingly, greatly limits the scalability and practical impact of the verification tools. In this paper, we overcome this difficulty by developing partial order reduction techniques for the verification of security protocols. We provide reduced transition systems that optimally eliminate redundant traces, and which are adequate for model-checking trace equivalence properties of protocols by means of symbolic execution. We have implemented our reductions in the tool Apte, and demonstrated that it achieves the expected speedup on various protocols

On the Expressivity of Minimal Generic Quantification

AbstractWe come back to the initial design of the ∇ quantifier by Miller and Tiu, which we call minimal generic quantification. In the absence of fixed points, it is equivalent to seemingly stronger designs. However, several expected theorems about (co)inductive specifications can not be derived in that setting. We present a refinement of minimal generic quantification that brings the expected expressivity while keeping the minimal semantic, which we claim is useful to get natural adequate specifications. We build on the idea that generic quantification is not a logical connective but one that is defined, like negation in classical logics. This allows us to use the standard (co)induction rule, but obtain much more expressivity than before. We show classes of theorems that can now be derived in the logic, and present a few practical examples

De la webradio lambda à la lambda-webradio

National audienceLa génération et la manipulation de flux audio -- pour une radio web par exemple -- est une tâche complexe, difficilement réalisable à l'aide des langages de programmation habituels. Nous présentons dans cet article un langage fonctionnel fortement typé appelé Liquidsoap qui offre des abstractions confortables pour décrire la construction de flux élaborés. Il se démarque par sa souplesse d'utilisation et la richesse des possibilités qu'il offre: de l'utilisation de divers types d'entrées (fichiers audio, micro, requêtes d'utilisateurs) que l'on peut sélectionner dynamiquement (selon la disponibilité ou encore l'horaire) à la gestion des transitions entre morceaux et autres traitements audio. La nécessité d'avoir un langage riche et abordable nous a amenés à introduire une variante du lambda-calcul typé, avec étiquettes et arguments optionnels, dont la portée va au delà du domaine du traitement audio

De la webradio lambda à la λ-webradio

National audienceLa génération et la manipulation de flux audio - pour une radio web par exemple - est une tâche complexe, difficilement réalisable à l'aide des langages de programmation habituels. Nous présentons dans cet article un langage fonctionnel fortement typé appelé Liquidsoap qui offre des abstractions confortables pour décrire la construction de flux élaborés. Il se démarque par sa souplesse d'utilisation et la richesse des possibilités qu'il offre : de l'utilisation de divers types d'entrées (fichiers audio, micro, requêtes d'utilisateurs) que l'on peut sélectionner dynamiquement (selon la disponibilité ou encore l'horaire) à la gestion des transitions entre morceaux et autres traitements audio. La nécessité d'avoir un langage riche et abordable nous a amenés à introduire une variante du λ-calcul typé, avec étiquettes et arguments optionnels, dont la portée va au delà du domaine du traitement audio

A Hypersequent Calculus with Clusters for Tense Logic over Ordinals

Prior\u27s tense logic forms the core of linear temporal logic, with both past- and future-looking modalities. We present a sound and complete proof system for tense logic over ordinals. Technically, this is a hypersequent system, enriched with an ordering, clusters, and annotations. The system is designed with proof search algorithms in mind, and yields an optimal coNP complexity for the validity problem. It entails a small model property for tense logic over ordinals: every satisfiable formula has a model of order type at most omega^2. It also allows to answer the validity problem for ordinals below or exactly equal to a given one