2,801 Hits in 2.5 sec


John D. Ramsdell
1995 SIGPLAN notices  
. * c 1995 John D. Ramsdell.  ...  D.  ... 
doi:10.1145/219726.219741 fatcat:f7l3fibhl5fepchbcxeyru5rj4

Proving Security Goals With Shape Analysis Sentences [article]

John D. Ramsdell
2014 arXiv   pre-print
Acknowledgment Paul D. Rowe and Joshua D. Guttman provided valuable feedback on this paper. I thank Ed Zieglar for his support.  ...  Ramsdell [13] described cpsa's support for security goals. cpsa includes a tool that extracts a sentence that characterizes a shape analysis.  ...  init(a 0 , b 0 , s 0 , d 0 ), resp(a 1 , b 1 , s 1 , d 1 )}, Protocol i(resp, 2, {a 1 → a, b 1 → b, s 1 → s, d 1 → d}), i(init, 1, {a 0 → a, b 0 → b , s 0 → s, d 0 → d }) Instances Note b 0 is b not b!  ... 
arXiv:1403.3563v1 fatcat:b7t7m5gtgvfohnjrrhoitktzea

Homomorphisms and Minimality for Enrich-by-Need Security Analysis [article]

Daniel J. Dougherty and Joshua D. Guttman and John D. Ramsdell
2018 arXiv   pre-print
If adversary A gets P to use compromised door D ′ , the adversary can perform a man-in-themiddle attack: P → A : {|{|K|} P −1 |} D ′ A → D : {|{|K|} P −1 |} D D → A : {|T |} K A → D : T.  ...  The trust axiom is ∀p, d : A, s : D. nonA(p −1 ) ∧ person(s, c 1 ) ∧ person p (s, p) ∧ person d (s, d) ⊃ nonA(d −1 ). Figure 8 : 8 DoorSEP First sas protocol.  ...  The D-equations make an equivalence relation on the Razor constants. The constants occurring on the right-hand sides make a set of canonical representatives of M elements.  ... 
arXiv:1804.07158v1 fatcat:adpji3ailnhkfnopcbq5jdlpne

Programming Cryptographic Protocols [chapter]

Joshua D. Guttman, Jonathan C. Herzog, John D. Ramsdell, Brian T. Sniffen
2005 Lecture Notes in Computer Science  
Authors' addresses: guttman, jherzog, ramsdell,  ...  curr_val(d, V) from says_curr_val(b, d, V), and inferring approx_val(d, V) from says_approx_val(b, d, V).  ... 
doi:10.1007/11580850_8 fatcat:4uibosmhhza5dcajxwdbzjobom

An operational semantics for Scheme

John D. Ramsdell
1992 ACM SIGPLAN Lisp Pointers  
Thanks also to John Reppy, Dave MacQueen, Matthias Felleisen, and the anonymous reviewers from  ...  Oliva, Ramsdell, and Wand (1995) proved a VLISP compiler correct, and Lee, Crary and Harper (2006) have also implemented Harper and Stone's semantics using Twelf.  ...  Ramsdell (1992) presented a structural operational semantics for Scheme aimed at fixing the unspecified order of argument evaluation problem we discuss in subsection 4.  ... 
doi:10.1145/1039991.1039992 fatcat:jexkzbhxnvag5o4zgdmszaa2ma

An Analysis of the CAVES Attestation Protocol using CPSA [article]

John D. Ramsdell and Joshua D. Guttman and Jonathan K. Millen and Brian O'Hanlon
2012 arXiv   pre-print
"caves.scm" 27a ≡ (defskeleton caves (vars (v s name) (d text)) (defstrand server 8 (s s) (v v) (d d)) (deflistener d) (uniq-orig d) (non-orig (privk s) (privk v)))⋄ File defined by 17, 23, 24  ...  This run yielded a shape with all roles represented, and with the following strand mappings: (defstrand server 8 (b b) (r r) (m m) (j j) (d d) (ns ns) (nv nv) (a a) (v v) (s s) (k k)) (deflistener d) (  ...  kp))) (uniq-orig k) (annotations c (5 (says s (resource r d))))) (defrole server (vars (a v s name) (r m j d text) (ns nv data) (k kp skey) (b mesg)) (trace (recv (enc r a k (pubk s))) (send (enc s r a  ... 
arXiv:1207.0418v1 fatcat:vlpb3xikl5gzpcskdggyxul3za

A Hybrid Analysis for Security Protocols with State [article]

John D. Ramsdell, Daniel J. Dougherty, Joshua D. Guttman, Paul D. Rowe
2014 arXiv   pre-print
The extend command takes a piece of data, d, and replaces the current value val of the PCR with the hash of d and val , i.e. #(d, val ).  ...  Sorts: M, ⊤, A, S, D, E Subsorts: A < ⊤, S < ⊤, D < ⊤, E < ⊤ Operations: bt : M TPM boot ex : ⊤ × M → M TPM extend (·, ·) : ⊤ × ⊤ → ⊤ Pairing {| · |} (·) : ⊤ × A → ⊤ Asymmetric encryption {| · |} (·) :  ... 
arXiv:1404.3899v2 fatcat:rqly23p52baopntch3srghc3p4

Enrich-by-need Protocol Analysis for Diffie-Hellman (Extended Version) [article]

Moses D. Liskov and Joshua D. Guttman and John D. Ramsdell and Paul D. Rowe and F. Javier Thayer
2018 arXiv   pre-print
t , D, σθ) where t = c i x n+1 + k (c k mod c i )x k . Constrained variable identification does not invalidate any previous A +unification steps because gcd(d i , d j ) divides d i + d j .  ...  that T β[ c/ v; d/ w].  ...  B Efficient Unification Author of this appendix: John D. Ramsdell. Date: February, 2014.  ... 
arXiv:1804.05713v1 fatcat:a5zgfi2ptrfe7gnri5vi6rsnsy

A Hybrid Analysis for Security Protocols with State [chapter]

John D. Ramsdell, Daniel J. Dougherty, Joshua D. Guttman, Paul D. Rowe
2014 Lecture Notes in Computer Science  
Authors' email addresses: {guttman,prowe,ramsdell}, {dd,guttman}  ...  The extend command takes a piece of data, d, and replaces the current value val of the PCR with the hash of d and val , i.e. #(d, val ).  ... 
doi:10.1007/978-3-319-10181-1_17 fatcat:4kmccmwlivespethjr5bbw4xli

Formal Support for Standardizing Protocols with State [chapter]

Joshua D. Guttman, Moses D. Liskov, John D. Ramsdell, Paul D. Rowe
2015 Lecture Notes in Computer Science  
The extend command takes a piece of data, d, and replaces the current value s of the PCR state with the hash of d and s, denoted #(d, s).  ...  This led to work by Ramsdell et al. [21] that used cpsa to draw conclusions in the states-as-messages model.  ... 
doi:10.1007/978-3-319-27152-1_13 fatcat:4pv5cxooz5dorldzl6gwmcr5w4

Verifying information flow goals in Security-Enhanced Linux

Joshua D. Guttman, Amy L. Herzog, John D. Ramsdell, Clement W. Skorupka, Roberto Gorrieri
2005 Journal of Computer Security  
For instance, the domain attribute of esales_t stipulates that it belongs to the set of domains D.  ...  It holds if t 1 ∈ D, t 2 ∈ T , and (c, p) ∈ Γ for some allow statement in the configuration. α ρ (r 1 , r 2 ) is the role transition relation.  ... 
doi:10.3233/jcs-2005-13105 fatcat:iiiiaonoznddxj2ygogflhn7xq

Orchestrating Layered Attestations [chapter]

John D. Ramsdell, Paul D. Rowe, Perry Alexander, Sarah C. Helble, Peter Loscocco, J. Aaron Pendergrass, Adam Petz
2019 Research Series on the Chinese Dream and China's Development Path  
When evaluation reaches a term of the form BP(j − 1, D(p, e 1 ), D(p, e 2 )) both term evaluations are complete.  ...  C([KIM q ā] i+1 i , p, e) v D(p, K q p (e)) [v = KIM(i, p, ā, e, K q p (e))] C([SIG] i+1 i , p, e) v D(p, [[e]]p) [ v = SIG(i, p, e, [[e]]p)] C([HSH] i+1 i , p, e) v D(p, #p e) [ v = HSH(i, p, e, #p e)  ... 
doi:10.1007/978-3-030-17138-4_9 dblp:conf/post/RamsdellRAHLPP19 fatcat:43qir7goxbdmfb5mq7udh7sfiy

Security Protocol Analysis in Context: Computing Minimal Executions Using SMT and CPSA [chapter]

Daniel J. Dougherty, Joshua D. Guttman, John D. Ramsdell
2018 Lecture Notes in Computer Science  
It finds a sas that extends the length of the person strand to full length and equates D and D .  ...  The generated model is then given to cpsa, which infers that the door can decrypt the person's message only if C = D, i.e. if P intended it D.  ... 
doi:10.1007/978-3-319-98938-9_8 fatcat:3roo2oxdabf2pafxb6nbtxnc2m

Compiling cryptographic protocols for deployment on the web

Jay A. McCarthy, Shriram Krishnamurthi, Joshua D. Guttman, John D. Ramsdell
2007 Proceedings of the 16th international conference on World Wide Web - WWW '07  
Cryptographic protocols are useful for trust engineering in Web transactions. The Cryptographic Protocol Programming Language (CPPL) provides a model wherein trust management annotations are attached to protocol actions, and are used to constrain the behavior of a protocol participant to be compatible with its own trust policy. The first implementation of CPPL generated stand-alone, singlesession servers, making it unsuitable for deploying protocols on the Web. We describe a new compiler that
more » ... es a constraint-based analysis to produce multi-session server programs. The resulting programs run without persistent TCP connections for deployment on traditional Web servers. Most importantly, the compiler preserves existing proofs about the protocols. We present an enhanced version of the CPPL language, discuss the generation and use of constraints, show their use in the compiler, formalize the preservation of properties, present subtleties, and outline implementation details.
doi:10.1145/1242572.1242665 dblp:conf/www/McCarthyKGR07 fatcat:u7md3n4trjgtrhimjbqpcwb6hy

Trust Management in Strand Spaces: A Rely-Guarantee Method [chapter]

Joshua D. Guttman, F. Javier Thayer, Jay A. Carlson, Jonathan C. Herzog, John D. Ramsdell, Brian T. Sniffen
2004 Lecture Notes in Computer Science  
The informal Protocol Exchange seminar provided an excellent forum for discussion, at which Dusko Pavlovic and John Mitchell in particular planted seeds.  ...  A penetrator trace is one of the following: Mt: +t where t ∈text K K : +K C g,h : −g, −h, +gˆh S g,h : −gˆh, +g, +h E h,K : −K, −h, +{|h|} K D h,K : −K −1 , −{|h|} K , +h .  ... 
doi:10.1007/978-3-540-24725-8_23 fatcat:g4uos7hp7nbgndgliphjryeytq
« Previous Showing results 1 — 15 out of 2,801 results