Maude-PSL: a new input language for Maude-NPA

Abstract

Maude-NPA is a narrowing-based model checker for analysing cryptographic protocols in the Dolev-Yao model modulo equations. Maude-NPA is a powerful analyzer that is sound and never returns spurious counter-examples. Maude- NPA is also very flexible, providing the user great flexibility in designing his/her own custom notation. Maude-NPA also supports a large variety of equational theories (any theory possessing the finite variant property, plus dedicated al- gorithms for homomorphism and exclusive or). However, Maude-NPA relies on a strand-based notation that, while very precise, is less familiar to users of the Alice-Bob notation. Furthermore, the input language itself is rather dif- ficult to read and write. This makes Maude-NPA hard to use, and therefore a less attractive option for protocol verification despite its power. We pro- pose a new input language called the Maude Protocol Specification Language (Maude-PSL). The Maude-PSL extends the Alice-and-Bob notation with the following additional pieces of information: the interpretation each principal has for every message he/she sends and receives, the information each principal is assumed to know at the start of the protocol execution, and the information the principal should know after execution. The Maude-PSL also provides simple yet expressive syntax for specifying intruder capabilities, secrecy attacks and authentication attacks. The Maude-PSL retains the flexible, Maude-like syn- tax for specifying the operators, type structure, and algebraic properties of a protocol. The semantics of the language is defined as a rewrite theory that rewrites Maude-PSL specifications into Maude-NPA strands. This provides a formal grounding of Maude-PSL specifications in a well understood model of cryptographic protocols