John D. Ramsdell - Internet Archive Scholar

. * c 1995 John D. Ramsdell. ... D. ...

doi:10.1145/219726.219741 fatcat:f7l3fibhl5fepchbcxeyru5rj4

Acknowledgment Paul D. Rowe and Joshua D. Guttman provided valuable feedback on this paper. I thank Ed Zieglar for his support. ... Ramsdell [13] described cpsa's support for security goals. cpsa includes a tool that extracts a sentence that characterizes a shape analysis. ... init(a 0 , b 0 , s 0 , d 0 ), resp(a 1 , b 1 , s 1 , d 1 )}, Protocol i(resp, 2, {a 1 → a, b 1 → b, s 1 → s, d 1 → d}), i(init, 1, {a 0 → a, b 0 → b , s 0 → s, d 0 → d }) Instances Note b 0 is b not b! ...

arXiv:1403.3563v1 fatcat:b7t7m5gtgvfohnjrrhoitktzea

If adversary A gets P to use compromised door D ′ , the adversary can perform a man-in-themiddle attack: P → A : {|{|K|} P −1 |} D ′ A → D : {|{|K|} P −1 |} D D → A : {|T |} K A → D : T. ... The trust axiom is ∀p, d : A, s : D. nonA(p −1 ) ∧ person(s, c 1 ) ∧ person p (s, p) ∧ person d (s, d) ⊃ nonA(d −1 ). Figure 8 : 8 DoorSEP First sas protocol. ... The D-equations make an equivalence relation on the Razor constants. The constants occurring on the right-hand sides make a set of canonical representatives of M elements. ...

arXiv:1804.07158v1 fatcat:adpji3ailnhkfnopcbq5jdlpne

Authors' addresses: guttman, jherzog, ramsdell, bsniffen@mitre.org. ... curr_val(d, V) from says_curr_val(b, d, V), and inferring approx_val(d, V) from says_approx_val(b, d, V). ...

doi:10.1007/11580850_8 fatcat:4uibosmhhza5dcajxwdbzjobom

Thanks also to John Reppy, Dave MacQueen, Matthias Felleisen, and the anonymous reviewers from ... Oliva, Ramsdell, and Wand (1995) proved a VLISP compiler correct, and Lee, Crary and Harper (2006) have also implemented Harper and Stone's semantics using Twelf. ... Ramsdell (1992) presented a structural operational semantics for Scheme aimed at fixing the unspecified order of argument evaluation problem we discuss in subsection 4. ...

doi:10.1145/1039991.1039992 fatcat:jexkzbhxnvag5o4zgdmszaa2ma

"caves.scm" 27a ≡ (defskeleton caves (vars (v s name) (d text)) (defstrand server 8 (s s) (v v) (d d)) (deflistener d) (uniq-orig d) (non-orig (privk s) (privk v)))⋄ File defined by 17, 23, 24 ... This run yielded a shape with all roles represented, and with the following strand mappings: (defstrand server 8 (b b) (r r) (m m) (j j) (d d) (ns ns) (nv nv) (a a) (v v) (s s) (k k)) (deflistener d) ( ... kp))) (uniq-orig k) (annotations c (5 (says s (resource r d))))) (defrole server (vars (a v s name) (r m j d text) (ns nv data) (k kp skey) (b mesg)) (trace (recv (enc r a k (pubk s))) (send (enc s r a ...

arXiv:1207.0418v1 fatcat:vlpb3xikl5gzpcskdggyxul3za

The extend command takes a piece of data, d, and replaces the current value val of the PCR with the hash of d and val , i.e. #(d, val ). ... Sorts: M, ⊤, A, S, D, E Subsorts: A < ⊤, S < ⊤, D < ⊤, E < ⊤ Operations: bt : M TPM boot ex : ⊤ × M → M TPM extend (·, ·) : ⊤ × ⊤ → ⊤ Pairing {| · |} (·) : ⊤ × A → ⊤ Asymmetric encryption {| · |} (·) : ...

arXiv:1404.3899v2 fatcat:rqly23p52baopntch3srghc3p4

Multiple Versions

t , D, σθ) where t = c i x n+1 + k (c k mod c i )x k . Constrained variable identification does not invalidate any previous A +unification steps because gcd(d i , d j ) divides d i + d j . ... that T β[ c/ v; d/ w]. ... B Efficient Unification Author of this appendix: John D. Ramsdell. Date: February, 2014. ...

arXiv:1804.05713v1 fatcat:a5zgfi2ptrfe7gnri5vi6rsnsy

Authors' email addresses: {guttman,prowe,ramsdell}@mitre.org, {dd,guttman}@wpi.edu. ... The extend command takes a piece of data, d, and replaces the current value val of the PCR with the hash of d and val , i.e. #(d, val ). ...

doi:10.1007/978-3-319-10181-1_17 fatcat:4kmccmwlivespethjr5bbw4xli

The extend command takes a piece of data, d, and replaces the current value s of the PCR state with the hash of d and s, denoted #(d, s). ... This led to work by Ramsdell et al. [21] that used cpsa to draw conclusions in the states-as-messages model. ...

doi:10.1007/978-3-319-27152-1_13 fatcat:4pv5cxooz5dorldzl6gwmcr5w4

Multiple Versions

For instance, the domain attribute of esales_t stipulates that it belongs to the set of domains D. ... It holds if t 1 ∈ D, t 2 ∈ T , and (c, p) ∈ Γ for some allow statement in the configuration. α ρ (r 1 , r 2 ) is the role transition relation. ...

doi:10.3233/jcs-2005-13105 fatcat:iiiiaonoznddxj2ygogflhn7xq

When evaluation reaches a term of the form BP(j − 1, D(p, e 1 ), D(p, e 2 )) both term evaluations are complete. ... C([KIM q ā] i+1 i , p, e) v D(p, K q p (e)) [v = KIM(i, p, ā, e, K q p (e))] C([SIG] i+1 i , p, e) v D(p, [[e]]p) [ v = SIG(i, p, e, [[e]]p)] C([HSH] i+1 i , p, e) v D(p, #p e) [ v = HSH(i, p, e, #p e) ...

doi:10.1007/978-3-030-17138-4_9 dblp:conf/post/RamsdellRAHLPP19 fatcat:43qir7goxbdmfb5mq7udh7sfiy

It finds a sas that extends the length of the person strand to full length and equates D and D . ... The generated model is then given to cpsa, which infers that the door can decrypt the person's message only if C = D, i.e. if P intended it D. ...

doi:10.1007/978-3-319-98938-9_8 fatcat:3roo2oxdabf2pafxb6nbtxnc2m

Cryptographic protocols are useful for trust engineering in Web transactions. The Cryptographic Protocol Programming Language (CPPL) provides a model wherein trust management annotations are attached to protocol actions, and are used to constrain the behavior of a protocol participant to be compatible with its own trust policy. The first implementation of CPPL generated stand-alone, singlesession servers, making it unsuitable for deploying protocols on the Web. We describe a new compiler that

more »

... es a constraint-based analysis to produce multi-session server programs. The resulting programs run without persistent TCP connections for deployment on traditional Web servers. Most importantly, the compiler preserves existing proofs about the protocols. We present an enhanced version of the CPPL language, discuss the generation and use of constraints, show their use in the compiler, formalize the preservation of properties, present subtleties, and outline implementation details.

doi:10.1145/1242572.1242665 dblp:conf/www/McCarthyKGR07 fatcat:u7md3n4trjgtrhimjbqpcwb6hy

The informal Protocol Exchange seminar provided an excellent forum for discussion, at which Dusko Pavlovic and John Mitchell in particular planted seeds. ... A penetrator trace is one of the following: Mt: +t where t ∈text K K : +K C g,h : −g, −h, +gˆh S g,h : −gˆh, +g, +h E h,K : −K, −h, +{|h|} K D h,K : −K −1 , −{|h|} K , +h . ...

doi:10.1007/978-3-540-24725-8_23 fatcat:g4uos7hp7nbgndgliphjryeytq

CST

Preserved Fulltext

Proving Security Goals With Shape Analysis Sentences [article]

Preserved Fulltext

Homomorphisms and Minimality for Enrich-by-Need Security Analysis [article]

Preserved Fulltext

Programming Cryptographic Protocols [chapter]

Preserved Fulltext

An operational semantics for Scheme

Preserved Fulltext

An Analysis of the CAVES Attestation Protocol using CPSA [article]

Preserved Fulltext

A Hybrid Analysis for Security Protocols with State [article]

Preserved Fulltext

Other Versions

Enrich-by-need Protocol Analysis for Diffie-Hellman (Extended Version) [article]

Preserved Fulltext

A Hybrid Analysis for Security Protocols with State [chapter]

Preserved Fulltext

Formal Support for Standardizing Protocols with State [chapter]

Preserved Fulltext

Other Versions

Verifying information flow goals in Security-Enhanced Linux

Preserved Fulltext

Orchestrating Layered Attestations [chapter]

Preserved Fulltext

Security Protocol Analysis in Context: Computing Minimal Executions Using SMT and CPSA [chapter]

Preserved Fulltext

Compiling cryptographic protocols for deployment on the web

Preserved Fulltext

Trust Management in Strand Spaces: A Rely-Guarantee Method [chapter]

Preserved Fulltext