An environment for specifying and verifying security properties

Abstract

In this article we present an environment in which a variety of protocols can be analysed. The input accepted by the tool is a description of the protocol in a language similar to CAPSL. We extend CAPSL with a generalised form of control (e.g., parallelism and choice), explicit support for mutable state and expressing a variety of dependencies. The language also supports the specification of the security analyses that need to be performed. To effect the security analysis we translate the protocol into a suitable input for the theorem prover PVS. The proofs are then carried out in PVS. The tool automatically generates the lemmas required to prove the key theorems. These lemmas essentially describe simple, but key, properties of the possible messages. The tool also generates strategies to prove the lemmas and the main theorems.