The Journal of Supercomputing

, Volume 69, Issue 2, pp 629–672 | Cite as

A BSP algorithm for on-the-fly checking CTL* formulas on security protocols

  • Frédéric Gava
  • Franck Pommereau
  • Michaël Guedj


This paper presents a distributed (Bulk-Synchronous Parallel or bsp) algorithm to compute on-the-fly whether a structured model of a security protocol satisfies a ctl \(^*\) formula. Using the structured nature of the security protocols allows us to design a simple method to distribute the state space under consideration in a need-driven fashion. Based on this distribution of the states, the algorithm for logical checking of a ltl formula can be simplified and optimised allowing, with few tricky modifications, the design of an efficient algorithm for ctl \(^*\) checking. Some prototype implementations have been developed, allowing to run benchmarks to investigate the parallel behaviour of our algorithms.


bsp ltl ctl\(^*\) Security protocols State-space Model-checking 

Supplementary material

11227_2014_1099_MOESM1_ESM.ppt (491 kb)
Supplementary material 1 (ppt 491 KB)


  1. 1.
    Armando A, Carbone R, Compagna L (2009) Ltl model checking for security protocols. Appl Non Class Log 19(4):403–429CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Armando A, et al (2005) The AVISPA tool for the automated validation of Internet security protocols and applications. In: Etessami K, Rajamani SK (eds) Proceedings of Computer Aided Verification (CAV), LNCS. Springer, vol 3576, pp 281–285Google Scholar
  3. 3.
    Backes M, Unruh D (2008) Theory and application of cryptology and information security (ASIACRYPT), LNCS. In: Pieprzyk J (ed) Limits of constructive security proofs. Springer, New York, pp 290–307Google Scholar
  4. 4.
    Barnat J, Brim L, Cëerná I (2002) Property driven distribution of nested dfs. In: Leuschel M, Ultes-Nitsche U (eds) Workshop on verification and computational logic (VCL), vol DSSE-TR-2002-5, pp 1–10. Department of Electronics and Computer Science, University of Southampton (DSSE), UK, Technical ReportGoogle Scholar
  5. 5.
    Barnat J, Chaloupka J, Pol JVD (2011) Distributed algorithms for SCC decomposition. J Log Comput 21(1):23–44CrossRefzbMATHGoogle Scholar
  6. 6.
    Basin D, Cremers C, Meadows C (2011) Model checking security protocols, chap 24. Springer, New YorkGoogle Scholar
  7. 7.
    Bhat G, Cleaveland R, Grumberg O (1995) Efficient on-the-fly model checking for ctl*. In: Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science (LICS). IEEE Computer Society, pp 388–398Google Scholar
  8. 8.
    Bisseling RH (2004) Parallel scientific computation. A structured approach using BSP and MPI. Oxford University Press, OxfordzbMATHGoogle Scholar
  9. 9.
    Blanchet B (2001) An efficient cryptographic protocol verifier based on Prolog rules. In: IEEE CSFW’01. IEEE Computer SocietyGoogle Scholar
  10. 10.
    Blom S, Lisser B, van de Pol J, Weber M (2011) A database approach to distributed state-space generation. J Log Comput 21(1):45–62CrossRefzbMATHGoogle Scholar
  11. 11.
    Boukala MC, Petrucci L (2012) Distributed model-checking and counterexample search for ctl logic. IJCCBS 3(1/2):44–59CrossRefGoogle Scholar
  12. 12.
    Brucker AD, Mödersheim S (2009) Integrating automated and interactive protocol verification. In: Formal Aspects in Security and Trust (FAST), LNCS, vol 5983. Springer, New York, pp 248–262Google Scholar
  13. 13.
    Chaou S, Utard G, Pommereau F (2011) Evaluating a peer-to-peer storage system in presence of malicious peers. In: Smari WW, McIntire JP (eds) High performance computing and simulation (HPCS). IEEE, pp 419–426Google Scholar
  14. 14.
    Christensen S, Kristensen LM, Mailund T (2001) A sweep-line method for state space exploration. In: Margaria T, Yi W (eds) Proceedings of Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS, vol 2031. Springer, New York, pp 450–464Google Scholar
  15. 15.
    Ciardo G, Gluckman J, Nicol DM (1998) Distributed state space generation of discrete-state stochastic models. INFORMS J Computg 10(1):82–93CrossRefGoogle Scholar
  16. 16.
    Comon-Lundh H, Cortier V (2011) How to prove security of communication protocols? a discussion on the soundness of formal models w.r.t. computational ones. In: STACS, pp 29–44Google Scholar
  17. 17.
    Cortier V, Degrieck J, Delaune S (2012) Principles of security and trust (POST), LNCS. In: Degano P, Guttman JD (eds) Analysing routing protocols: four nodes topologies are sufficient. Springer, New York, pp 30–50Google Scholar
  18. 18.
    Cremers CJF (2006) Scyther-semantics and verification of security protocols. Ph.D. thesis, Technische Universiteit EindhovenGoogle Scholar
  19. 19.
    Cremers JF, Lafourcade P, Nadeau P (2009) Comparing state spaces in automatic security protocol analysis. In: Formal to Practical Security, LNCS, vol 5458. Springer, New York, pp 70–94Google Scholar
  20. 20.
    Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Evangelista S, Kristensen LM (2012) Application and theory of petri nets, LNCS. In: Haddad S, Pomello L (eds) Hybrid on-the-fly ltl model checking with the sweep-line method. Springer, New York, pp 248–267Google Scholar
  22. 22.
    Ezekiel J, Lüttgen G (2008) Measuring and evaluating parallel state-space exploration algorithms. Electron Notes Theor Comput Sci 198(1):47–61CrossRefGoogle Scholar
  23. 23.
    Fokkink W, Dashti MT, Wijs A (2010) Conference on Application of Concurrency to System Design (ACSD). In: Gomes L, Khomenko V, Fernandes JM (eds) Partial order reduction for branching security protocols. IEEE Computer Society, Portugal, pp 191–200Google Scholar
  24. 24.
    Garavel H, Mateescu R, Smarandache IM (2001) Proceedings of SPIN, LNCS. In: Dwyer MB (ed) Parallel state space construction for model-checking. Springer, New York, pp 217–234Google Scholar
  25. 25.
    Goranko V, Kyrilov A, Shkatov D (2010) Tableau tool for testing satisfiability in ltl: implementation and experimental analysis. Electron Notes Theor Comput Sci 262:113–125CrossRefMathSciNetGoogle Scholar
  26. 26.
    Guedj M (2012) Bsp algorithms for ltl & ctl* model checking of security protocols. Ph.D. thesis, University of Paris-EstGoogle Scholar
  27. 27.
    Hinsen K (2007) Parallel scripting with Python. Comput Sci Eng 9(6):82–89Google Scholar
  28. 28.
    Holzmann G, Peled D, Yannakakis M (1996) The spin verification system. On nested depth first search (extended abstract). American Mathematical Society, USA, pp 23–32Google Scholar
  29. 29.
    Inggs C, Barringer H, Nenadic A, Zhang N (2004) Model checking a security protocol. In: Southern African Telecommunications Network and Applications Conference (SATNAC)Google Scholar
  30. 30.
    Inggs CP, Barringer H (2006) Ctl\(^{\text{* }}\) model checking on a shared-memory architecture. Form Methods Syst Des 29(2):135–155CrossRefzbMATHGoogle Scholar
  31. 31.
    Losup A, Sonmez O, Anoep S, Epema D (2008) The performance of bags-of-tasks in large-scale distributed systems. In: Symposium on High performance distributed computing (HPDC). ACM, USA, pp 97–108Google Scholar
  32. 32.
    Kremer S, Markowitch O, Zhou J (2002) An intensive survey of fair non-repudiation protocols. Comput Commun 25(17):1606–1621CrossRefGoogle Scholar
  33. 33.
    Kumar R, Mercer EG (2005) Load balancing parallel explicit state model checking. In: ENTCS, vol 128. Elsevier, Amsterdam, pp 19–34Google Scholar
  34. 34.
    Lerda F, Sista R (1999) Proceedings of SPIN, no. 1680 in LNCS. In: Dams D, Gerth R, Leue S, Massink M (eds) Distributed-memory model checking with SPIN. Springer, New York, pp 22–39Google Scholar
  35. 35.
    Leucker M, Somla R, Weber M (2003) Parallel model checking for ltl, ctl*, l. Electron Notes Theor Comput Sci 1–1Google Scholar
  36. 36.
    Margaria T, Steffen B (eds) (1996) Tools and algorithms for construction and analysis of systems (TACAS), LNCS. Breaking and fixing the needham-schroeder public-key protocol using fdr. Springer, New York, pp 147–166Google Scholar
  37. 37.
    Maggi P, Sisto R (2002) Model Checking of Software (SPIN), LNCS. In: Bosnacki D, Leue S (eds) Using spin to verify security properties of cryptographic protocols. Springer, New York, pp 187–204Google Scholar
  38. 38.
    Mitchell JC, Mitchell M, Stern U (1997) Automated analysis of cryptographic protocols using murphi. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp 141–151Google Scholar
  39. 39.
    Orzan S, van de Pol J, Espada M (2005) A state space distributed policy based on abstract interpretation. In: ENTCS, vol 128. Elsevier, Amsterdam, pp 35–45Google Scholar
  40. 40.
    Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6(1–2):85–128Google Scholar
  41. 41.
    Petcu D (2003) Parallel explicit state reachability analysis and state space construction. In: Proceedings of ISPDC. IEEE Computer Society, pp 207–214Google Scholar
  42. 42.
    Pommereau F (2010) Algebras of coloured petri nets. Lambert Academic Publisher, Germany (ISBN 978-3-8433-6113-2)Google Scholar
  43. 43.
    Stern U, Dill DL (2001) Parallelizing the murj verifier. Form Methods Syst Des 18(2):117–129CrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Frédéric Gava
    • 1
  • Franck Pommereau
    • 2
  • Michaël Guedj
    • 1
  1. 1.LACLUniversity of Paris-EastCréteilFrance
  2. 2.IBISCUniversity of ÉvryÉvryFrance

Personalised recommendations