{"title":"On the relationships between models in protocol verification (extended version)","authors":"S. Mödersheim","doi":"10.3929/ETHZ-A-006775802","DOIUrl":null,"url":null,"abstract":"We formally investigate the relationship between several models that are widely used in protocol verification, namely variants of the inductive model of message traces inspired by Paulson’s approach, and models based on rewriting. More precisely, we prove several overapproximation relationships between models, i.e. that one model allows strictly more traces or reachable states than the other. This is common in verification: often an over-approximation is easier to prove correct than the original model, and proving the over-approximation is safe implies that the original model is safe—provided that the models are indeed in an overapproximation relation. We also show that some over-approximations are not sound with respect to authentication goals. The precise formal account that we give on the relation of the models allows us to correct the situation.","PeriodicalId":10841,"journal":{"name":"CTIT technical reports series","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2011-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CTIT technical reports series","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3929/ETHZ-A-006775802","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
We formally investigate the relationship between several models that are widely used in protocol verification, namely variants of the inductive model of message traces inspired by Paulson’s approach, and models based on rewriting. More precisely, we prove several overapproximation relationships between models, i.e. that one model allows strictly more traces or reachable states than the other. This is common in verification: often an over-approximation is easier to prove correct than the original model, and proving the over-approximation is safe implies that the original model is safe—provided that the models are indeed in an overapproximation relation. We also show that some over-approximations are not sound with respect to authentication goals. The precise formal account that we give on the relation of the models allows us to correct the situation.