Symbolic bisimulation for the applied pi calculus

被引：20

作者：

Delaune, Stephanie ^{[1
,2
,3
]}

Kremer, Steve ^{[1
,2
,3
]}

Ryan, Mark ^{[4
]}

机构：

[1] ENS, LSV, Cachan, France

[2] CNRS, Paris, France

[3] INRIA, Rocquencourt, France

[4] Univ Birmingham, Sch Comp Sci, Birmingham, W Midlands, England

来源：

JOURNAL OF COMPUTER SECURITY | 2010年 / 18卷 / 02期

基金：

英国工程与自然科学研究理事会;

关键词：

Applied pi calculus; observational equivalence; security protocols;

D O I：

10.3233/JCS-2010-0363

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We propose a symbolic semantics for the finite applied pi calculus. The applied pi calculus is a variant of the pi calculus with extensions for modelling cryptographic protocols. By treating inputs symbolically, our semantics avoids potentially infinite branching of execution trees due to inputs from the environment. Correctness is maintained by associating with each process a set of constraints on terms. We define a symbolic labelled bisimulation relation, which is shown to be sound but not complete with respect to standard bisimulation. We explore the lack of completeness and demonstrate that the symbolic bisimulation relation is sufficient for many practical examples. This work is an important step towards automation of observational equivalence for the finite applied pi calculus, e.g. for verification of anonymity or strong secrecy properties.

引用

页码：317 / 377

页数：61

共 21 条

[1]

Abadi M., 1997, P 4 ACM C COMPUTER C, P36

[2] Deciding knowledge in security protocols under equational theories [J].