The Experts below are selected from a list of 26691 Experts worldwide ranked by ideXlab platform
Veronique Cortier - One of the best experts on this subject based on the ideXlab platform.
-
Lengths may break privacy -- or how to check for equivalences with length
2013Co-Authors: Vincent Cheval, Veronique Cortier, Antoine PletAbstract:Security protocols have been successfully analyzed using symbolic models, where messages are represented by terms and protocols by processes. Privacy properties like anonymity or untraceability are typically expressed as equivalence between processes. While some decision procedures have been proposed for automatically deciding process equivalence, all existing approaches abstract away the information an attacker may get when observing the length of messages. In this paper, we study process equivalence with length tests. We first show that, in the static case, almost all existing Decidability results (for static equivalence) can be extended to cope with length tests. In the active case, we prove Decidability of trace equivalence with length tests, for a bounded number of sessions and for standard primitives. Our result relies on a previous Decidability result from Cheval et al [15] (without length tests). Our procedure has been implemented and we have discovered a new flaw against privacy in the biometric passport protocol.
-
Decidability and Combination Results for Two Notions of Knowledge in Security Protocols
Journal of Automated Reasoning, 2012Co-Authors: Veronique Cortier, Stéphanie DelauneAbstract:In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, ...). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually considered: deducibility and indistinguishability. Those notions are well-studied and several Decidability results already exist to deal with a variety of equational theories. Most of the existing results are dedicated to specific equational theories and only few results, especially in the case of indistinguishability, have been obtained for equational theories with associative and commutative properties $(\textsf{AC})$ . In this paper, we show that existing Decidability results can be easily combined for any disjoint equational theories: if the deducibility and indistinguishability relations are decidable for two disjoint theories, they are also decidable for their union. We also propose a general setting for solving deducibility and indistinguishability for an important class (called monoidal ) of equational theories involving $\textsf{AC}$ operators. As a consequence of these two results, new Decidability and complexity results can be obtained for many relevant equational theories.
-
Decidability and combination results for two notions of knowledge in security protocols.
Journal of Automated Reasoning, 2012Co-Authors: Veronique Cortier, Stéphanie DelauneAbstract:In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, . . . ). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually considered: deducibility and indistinguishability. Those notions are well-studied and several Decidability results already exist to deal with a variety of equational theories. Most of the existing results are dedicated to specific equational theories and only few results, especially in the case of indistinguishability, have been obtained for equational theories with associative and commutative properties (AC). In this paper, we show that existing Decidability results can be easily combined for any disjoint equational theories: if the deducibility and indistinguishability relations are decidable for two disjoint theories, they are also decidable for their union. We also propose a general setting for solving deducibility and indistinguishability for an important class (called monoidal ) of equational theories involving AC operators. As a consequence of these two results, new Decidability and complexity results can be obtained for many relevant equational theories.
-
Combining algorithms for deciding knowledge in security protocols
2007Co-Authors: Mathilde Arnaud, Veronique Cortier, Stéphanie DelauneAbstract:In formal approaches, messages sent over a network are usu- ally modeled by terms together with an equational theory, axiomatiz- ing the properties of the cryptographic functions (encryption, exclusive or, . . . ). The analysis of cryptographic protocols requires a precise un- derstanding of the attacker knowledge. Two standard notions are usu- ally considered: deducibility and indistinguishability. Those notions are well-studied and several Decidability results already exist to deal with a variety of equational theories. However most of the results are dedicated to specific equational theories. We show that Decidability results can be easily combined for any disjoint equational theories: if the deducibility and indistinguishability relations are decidable for two disjoint theories, they are also decidable for their union. As an application, new Decidability results can be obtained using this combination theorem.
-
Combining algorithms for deciding knowledge in security protocols
2007Co-Authors: Mathilde Arnaud, Veronique Cortier, Stéphanie DelauneAbstract:In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, ...). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually used: deducibility and indistinguishability. Those notions are well-studied and a lot of Decidability results already exist to deal with a variety of equational theories. We show that Decidability results can be easily combined for any disjoint equational theories: if the deducibility and indistinguishability relations are decidable for two disjoint theories, they are also decidable for their union. As an application, new Decidability results can be obtained using this combination theorem.
Vincent Padovani - One of the best experts on this subject based on the ideXlab platform.
-
Ticket Entailment is decidable
Mathematical Structures in Computer Science, 2012Co-Authors: Vincent PadovaniAbstract:We prove the Decidability of the logic T → of Ticket Entailment. This issue was first raised by Anderson and Belnap within the framework of relevance logic, and is equivalent to the question of the Decidability of type inhabitation in simply typed combinatory logic with the partial basis BB′IW . We solve the equivalent problem of type inhabitation for the restriction of simply typed lambda calculus to hereditarily right-maximal terms.
-
Decidability of All Minimal Models (Revised Version - 2012)
2012Co-Authors: Vincent PadovaniAbstract:This unpublished note is an alternate, shorter (and hopefully more readable) proof of the Decidability of all minimal models. The Decidability follows from a proof of the existence of a cellular term in each observational equivalence class of a minimal model.
-
Ticket Entailment is decidable
arXiv: Logic in Computer Science, 2011Co-Authors: Vincent PadovaniAbstract:We prove the Decidability of Ticket Entailment. Raised by Anderson and Belnap within the framework of relevance logic, this question is equivalent to the question of the Decidability of type inhabitation in simply-typed combinatory logic with the partial basis BB'IW. We solve the equivalent problem of type inhabitation for the restriction of simply-typed lambda-calculus to hereditarily right-maximal terms.
-
Retracts in Simple Types
2001Co-Authors: Vincent PadovaniAbstract:We prove the Decidability of the existence of a definable retraction between two given simple types when both types are built over a unique ground type. Instead of defining some extension of a former type system from which these retractions could be inferred, we obtain this result as a corollary of the Decidability of the minimal model of simply typed λ-calculus.
Stéphane Lafortune - One of the best experts on this subject based on the ideXlab platform.
-
On the Decidability and Complexity of Diagnosability for Labeled Petri Nets
IEEE Transactions on Automatic Control, 2017Co-Authors: Xiang Yin, Stéphane LafortuneAbstract:In this paper, we investigate the Decidability and complexity of the fault diagnosis problem in unbounded labeled Petri nets. First, we show that checking diagnosability for unbounded Petri nets is decidable. We present a new necessary and sufficient condition for diagnosability, which can be reduced to a model checking problem for unbounded Petri nets. Then, we show that checking diagnosability for unbounded Petri nets is EXPSPACE-complete. This complexity result is further extended to various subclasses of Petri nets. To the best of our knowledge, this is the first paper that establishes Decidability and complexity results for diagnosability of unbounded Petri nets.
Marie Duflot - One of the best experts on this subject based on the ideXlab platform.
-
Bounding messages for free in security protocols – extension to various security properties
Information and Computation, 2014Co-Authors: Myrto Arapinis, Marie DuflotAbstract:While the verification of security protocols has been proved to be undecidable in general, several approaches use simplifying hypotheses in order to obtain Decidability for interesting subclasses. Amongst the most common is type abstraction, i.e. considering only well-typed runs of the protocol, therefore bounding message length. In this paper, we show how to get message boundedness “for free” under a reasonable (syntactic) assumption on protocols, in order to verify a variety of interesting security properties including secrecy and several authentication properties. This enables us to improve existing Decidability results by restricting the search space for attacks.
Loïc Hélouët - One of the best experts on this subject based on the ideXlab platform.
-
Decidable Classes of Unbounded Petri Nets with Time and Urgency
2016Co-Authors: Sundararaman Akshay, Blaise Genest, Loïc HélouëtAbstract:Adding real time information to Petri net models often leads to un-Decidability of classical verification problems such as reachability and bounded-ness. For instance, models such as Timed-Transition Petri nets (TPNs) are intractable except in a bounded setting. On the other hand, the model of Timed-Arc Petri nets enjoys Decidability results for boundedness and control-state reachability problems at the cost of disallowing urgency (the ability to enforce actions within a time delay). Our goal is to investigate decidable classes of Petri nets with time that capture some urgency and still allow unbounded behaviors, which go beyond finite state systems. We present, up to our knowledge, the first Decidability results on reachability and boundedness for Petri net variants that combine unbounded places, time, and urgency. For this, we introduce the class of Timed-Arc Petri nets with restricted Urgency, where urgency can be used only on transitions consuming tokens from bounded places. We show that control-state reachability and boundedness are de-cidable for this new class, by extending results from Timed-Arc Petri nets (without urgency). Our main result concerns (marking) reachability, which is un-decidable for both TPNs (because of unrestricted urgency) [20] and Timed-Arc Petri Nets (because of infinite number of " clocks "). We obtain Decidability of reachability for unbounded TPNs with restricted urgency under a new, yet natural , timed-arc semantics presenting them as Timed-Arc Petri Nets with restricted urgency. Decidability of reachability under the intermediate marking semantics is also obtained for a restricted subclass.
-
Timed Petri Nets with (restricted) Urgency
2014Co-Authors: Sundararaman Akshay, Blaise Genest, Loïc HélouëtAbstract:Time Petri Nets (TPN) [Mer74] and Timed Petri Nets [Wal83] are two incomparable classes of concurrent models with timing constraints: urgency cannot be expressed using Timed Petri Nets, while TPNs can only keep track of a bounded number of continuous values ("clocks"). We introduce Timed Petri Nets with Urgency, extending Timed Petri Nets with the main features of TPNs. We present upto-our-knowledge the first Decidability results for Petri Net vari-ants combining time, urgency and unbounded places. First, we obtain Decidability of control-state reachability for the subclass of Timed Petri Nets with Urgency where urgency constraints can only be used on bounded places. By restricting this class to use a finite number of "clocks", we further show Decidability of (marking) reachability. Formally, this class corresponds to TPNs under a new, yet natural, timed semantics where urgency constraints are restricted to bounded places. Fur-ther, under their original semantics, we obtain the Decidability of reachability for a more restricted class of TPNs. TPNs
