Tree Automata with One Memory, Set Constraints, and Ping-Pong Protocols
We introduce a class of tree automata that perform tests on a memory that is updated using function symbol application and projection. The language emptiness problem for this class of tree automata is shown to be in DEXPTIME. We also introduce a class of set constraints with equality tests and prove its decidability by completion techniques and a reduction to tree automata with one memory. Set constraints with equality tests may be used to decide secrecy for a class of cryptographic protocols that properly contains a class of memoryless “ping-pong protocols” introduced by Dolev and Yao.
Unable to display preview. Download preview PDF.
- 1.M. Abadi and A. Gordon. A calculus for cryptographic protocols: the spi calculus. Information and Computation, 148(1), 1999.Google Scholar
- 3.R. Amadio and D. Lugiez. On the reachability problem in cryptographic protocols. In Proc. CONCUR’00, volume 1877 of Lecture Notes in Computer Science, 2000.Google Scholar
- 4.B. Bogaert and S. Tison. Equality and disequality constraints on brother terms in tree automata. In A. Finkel, editor, Proc. 9th. Symposium on Theoretical Aspects of Comp. Science, Cachan, France, 1992.Google Scholar
- 5.I. Cervesato, N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. A meta-notation for protocol analysis. In P. Syverson, editor, 12-th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 1999.Google Scholar
- 6.W. Charatonik and L. Pacholski. Negative set constraints with equality. In Proc. IEEE Symp. on Logic in Computer Science, pages 128–136, Paris, 1994.Google Scholar
- 7.W. Charatonik and A. Podelski. Set constraints with intersection. In Proc. IEEE Symposium on Logic in Computer Science, Varsaw, 1997.Google Scholar
- 8.J. Clarke and J. Jacobs. A survey of authentication protocol. literature: Version 1.0. Draft paper, 1997.Google Scholar
- 9.H. Comon, M. Dauchet, R. Gilleron, F. Jacquemard, D. Lugiez, S. Tison, and M. Tommasi. Tree automata techniques and applications. Available on: http://www.grappa.univ-lille3.fr/tata, 1997.
- 11.D. Dolev and A. Yao. On the security of public key protocols. In Proc. IEEE Symp. on Foundations of Computer Science, pages 350–357, 1981.Google Scholar
- 12.N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. Undecidability of bounded security protocols. In Proc. Workshop on formal methods in security protocols, Trento, Italy, 1999.Google Scholar
- 13.S. Even and O. Goldreich. On the security of multi-party ping-pong protocols. Technical Report 285, Technion, Haifa, Israel, 1983. Extended abstract appeared in IEEE Symp. Foundations of Computer Science, 1983.Google Scholar
- 14.N. Heintze and J. Tygar. A model for secure protocols and their compositions. IEEE transactions on software engineering, 22(1), 1996.Google Scholar
- 15.N. Heinze and J. Jaffar. A decision procedure for a class of set constraints. In Proc. IEEE Symp. on Logic in Computer Science, Philadelphia, 1990.Google Scholar