On-the-fly Model Checking of Security Protocols

Due to extreme importance of security protocols in the modern world, to ensure security protocols to be more reliable, and to speed up the development of new protocols, it is important to have tools that support the activity of finding flaws in protocols, or guaranteeing correctness of protocols. Various formalisms for the specification of security protocols have been proposed based on, e.g. process calculi, belief logic, higher-order logic, first-order logic, linear logic, equational logic, hidden algebra, and tree automata. They adopted different full-automatic or semi-automatic techniques, such as model checking based on finite models, resolution, and higher-order theorem proving. However, security protocol analysis proves to be a rather difficult task. Due to the complication of the network, models for security protocol analysis should be carefully designed to depict each infinity factor one assumed. A dilemma has occurred when one tries to propose a methodology for security protocol analysis, dealing with the infinity factors above. On the one hand, a model for security protocols should be strong enough in expressiveness to describe any possible situation that a running protocol may reach, or it may fail in detecting subtle attacks of a security protocol. On the other hand, analyzing a property on a model strong in expressiveness may be undecidable. Thus automatic techniques may not terminate when detecting flaws. Our aim is to propose a flexible and expressive model to represent behaviors of security protocols. Deductive systems can be inserted freely to integrate the model, to represent infinitely many messages intruders or dishonest principals generate, due to different security assumptions. Driven by different security requirements, various security properties can be analyzed in the model. The analysis method is sound and complete with respect to the analyzed property, under the assumption provided by the model. The objectives are listed as follows,