Publication


Interacting State Machines
- a stateful approach to proving security -

Proceedings of BCS FASec 2002


Author: David von Oheimb
Year: 2002
Publisher: Springer LNCS 2629
Editor: Ali Abdallah, Peter Ryan, Steve Schneider
CR Classification: D.2.4, F.1.2, H.2.0
CR General Terms: Security, Reliability, Theory, Verification
Abstract: We introduce Interacting State Machines (ISMs), a general formalism for abstract modeling and verification of reactive systems. We motivate and explain the concept of ISMs and describe their graphical representation with the CASE tool AutoFocus. The semantics of ISMs is defined using Higher-Order Logic within the theorem prover Isabelle. ISMs can be seen as high-level variants of Input/Output Automata, therefore we give also a semantic translation from ISMs to IOAs. By the ``benchmark'' example of Lowe's fix of the Needham-Schroeder protocol we demonstrate the strengths of the ISM approach to express and prove security properties in a both elegant and machine-checked way.


Copyright 2003 Springer-Verlag.
This paper is being published by Springer LNCS.
Improved version (with slight correctionss and extensions)
Slides


BibTeX entry:

@inproceedings{DvO-ISM02, author={Oheimb, David von}, title={{Interacting State Machines}: \textit{a stateful approach to proving security}}, booktitle = {Formal Aspects of Security}, editor = {Ali E.\ Abdallah and Peter Ryan and Steve Schneider}, conference = {BCS-FACS FASec 2002}, year = {2002}, publisher = {Springer}, series = {LNCS}, volume = 2629, pages = {15--32}, abstract = { We introduce Interacting State Machines (ISMs), a general formalism for abstract modeling and verification of reactive systems. We motivate and explain the concept of ISMs and describe their graphical representation with the CASE tool AutoFocus. The semantics of ISMs is defined using Higher-Order Logic within the theorem prover Isabelle. ISMs can be seen as high-level variants of Input/Output Automata, therefore we give also a semantic translation from ISMs to IOAs. By the ``benchmark'' example of Lowe's fix of the Needham-Schroeder protocol we demonstrate the strengths of the ISM approach to express and prove security properties in a both elegant and machine-checked way.}, CRClassification = {D.2.4, F.1.2, H.2.0}, CRGenTerms = {Security, Reliability, Theory, Verification}, url = {\url{http://ddvo.net/papers/ISMs.html}} }