Integrating Automated and Interactive Protocol Verification

  • Achim D. Brucker
  • Sebastian A. Mödersheim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5983)


A number of current automated protocol verification tools are based on abstract interpretation techniques and other over-approximations of the set of reachable states or traces. The protocol models that these tools employ are shaped by the needs of automated verification and require subtle assumptions. Also, a complex verification tool may suffer from implementation bugs so that in the worst case the tool could accept some incorrect protocols as being correct. These risks of errors are also present, but considerably smaller, when using an LCF-style theorem prover like Isabelle. The interactive security proof, however, requires a lot of expertise and time.

We combine the advantages of both worlds by using the representation of the over-approximated search space computed by the automated tools as a “proof idea” in Isabelle. Thus, we devise proof tactics for Isabelle that generate the correctness proof of the protocol from the output of the automated tools. In the worst case, these tactics fail to construct a proof, namely when the representation of the search space is for some reason incorrect. However, when they succeed, the correctness only relies on the basic model and the Isabelle core.


Reference Model Security Protocol Automate Tool Horn Clause Proof Generation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Héam, P.C., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005), CrossRefGoogle Scholar
  2. 2.
    Armando, A., Compagna, L.: SAT-based Model-Checking for Security Protocols Analysis. Int. J. of Information Security 6(1), 3–32 (2007)Google Scholar
  3. 3.
    Bella, G.: Formal Correctness of Security Protocols. Springer, Heidelberg (2007)zbMATHCrossRefGoogle Scholar
  4. 4.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW 2001, pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  5. 5.
    Blanchet, B.: Security protocols: from linear to classical logic by abstract interpretation. Information Processing Letters 95(5), 473–479 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Boichut, Y., Héam, P.C., Kouchnarenko, O., Oehl, F.: Improvements on the Genet and Klay technique to automatically verify security protocols. In: AVIS 2004, pp. 1–11 (2004)Google Scholar
  7. 7.
    Bozga, L., Lakhnech, Y., Perin, M.: Pattern-based abstraction for verifying secrecy in protocols. Int. J. on Software Tools for Technology Transfer 8(1), 57–76 (2006)CrossRefGoogle Scholar
  8. 8.
    Brucker, A., Mödersheim, S.: Integrating Automated and Interactive Protocol Verification (extended version). Tech. Rep. RZ3750, IBM Zurich Research Lab (2009),
  9. 9.
    Cervesato, I., Durgin, N., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A Comparison between Strand Spaces and Multiset Rewriting for Security Protocol Analysis. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 356–383. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Chevalier, Y., Vigneron, L.: Automated Unbounded Verification of Security Protocols. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Clark, J., Jacob, J.: A survey of authentication protocol: Literature: Version 1.0 (1997),
  12. 12.
    Clarke, E., Fehnker, A., Han, Z., Krogh, B., Ouaknine, J., Stursberg, O., Theobald, M.: Abstraction and counterexample-guided refinement in model checking of hybrid systems. Int. J. of Foundations of Computer Science 14(4), 583–604 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 99–113. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Cousot, P.: Abstract interpretation. Symposium on Models of Programming Languages and Computation, ACM Computing Surveys 28(2), 324–328 (1996)Google Scholar
  15. 15.
    Cremers, C.: Scyther. Semantics and Verification of Security Protocols. Phd-thesis, University Eindhoven (2006)Google Scholar
  16. 16.
    Erkök, L., Matthews, J.: Using Yices as an automated solver in Isabelle/HOL. In: AFM 2008 (2008)Google Scholar
  17. 17.
    Fontaine, P., Marion, J.Y., Merz, S., Nieto, L.P., Tiu, A.F.: Expressiveness + automation + soundness: Towards combining SMT solvers and interactive proof assistants. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 167–181. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Goubault-Larrecq, J.: Towards producing formally checkable security proofs, automatically. In: CSF 2008, pp. 224–238. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  19. 19.
    Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. In: CSFW 2000. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  20. 20.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Meier, S.: A formalization of an operational semantics of security protocols. Diploma thesis, ETH Zurich (2007),
  22. 22.
    Meng, J., Quigley, C., Paulson, L.C.: Automation for interactive proof: First prototype. Information and Computation 204(10), 1575–1596 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Mödersheim, S.: On the Relationships between Models in Protocol Verification. J. of Information and Computation 206(2–4), 291–311 (2008)zbMATHCrossRefGoogle Scholar
  24. 24.
    Mödersheim, S., Viganò, L.: The open-source fixed-point model checker for symbolic analysis of security protocols. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 4677, pp. 166–194. Springer, Heidelberg (2007)Google Scholar
  25. 25.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic. LNCS 2283. Springer-Verlag (2002)zbMATHGoogle Scholar
  26. 26.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. of Computer Security 6(1-2), 85–128 (1998)Google Scholar
  27. 27.
    Paulson, L.C., Susanto, K.W.: Source-level proof reconstruction for interactive theorem proving. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 232–245. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Roscoe, A.W., Goldsmith, M.: The perfect spy for model-checking crypto-protocols. In: DIMACS (1997)Google Scholar
  29. 29.
    Weber, T., Amjad, H.: Efficiently checking propositional refutations in HOL theorem provers. J. of Applied Logic 7(1), 26–40 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    Weidenbach, C., Schmidt, R.A., Hillenbrand, T., Rusev, R., Topic, D.: System description: Spass version 3.0. In: Pfenning, F. (ed.) CADE 2007. LNCS (LNAI), vol. 4603, pp. 514–520. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  31. 31.
    Wenzel, M., Wolff, B.: Building formal method tools in the Isabelle/Isar framework. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 352–367. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Zunino, R., Degano, P.: Handling exp, × (and Timestamps) in Protocol Analysis. In: Aceto, L., Ingólfsdóttir, A. (eds.) FOSSACS 2006. LNCS, vol. 3921, pp. 413–427. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Achim D. Brucker
    • 1
  • Sebastian A. Mödersheim
    • 2
  1. 1.SAP ResearchKarlsruheGermany
  2. 2.IBM ResearchRüschlikonSwitzerland

Personalised recommendations