Florent Jacquemard

Compiling and verifying security protocols

We propose a direct and fully automated translation from standard security protocol descriptions to rewrite rules. This compilation defines non-ambiguous operational semantics for protocols and intruder behavior: they are rewrite systems executed by applying a variant of ac-narrowing. The rewrite rules are processed by the theorem-prover daTac. Multiple instances of a protocol can be run simultaneously as well as a model of the intruder (among several possible). The existence of flaws in the protocol is revealed by the derivation of an inconsistency. Our implementation of the compiler CASRUL, together with the prover daTac, permitted us to derive security flaws in many classical cryptographic protocols.

Decidable Approximations of Term Rewriting Systems

A linear term rewriting system \(\mathcal{R}\)is growing when, for every rule l→r ∈ \(\mathcal{R}\), each variable which is shared by l and r occurs at depth one in l. We show that the set of ground terms having a normal form w.r.t. a growing rewrite system is recognized by a finite tree automaton. This implies in particular that reachability and sequentiality of growing rewrite systems are decidable. Moreover, the word problem is decidable for related equational theories. We prove that our conditions are actually necessary: relaxing them yields undecidability of reachability.

A decision procedure for the verification of security protocols with explicit destructors

We present a non-deterministic polynomial time procedure to decide the problem of insecurity, in the presence of a bounded number of sessions, for cryptographic protocols containing explicit destructor symbols, like decryption and projection. These operators are axiomatized by an arbitrary convergent rewrite system satisfying some syntactic restrictions. This approach, with parameterized semantics, allows us to weaken the security hypotheses for verification, i.e.to address a larger class of attacks than for models based on free algebra. Our procedure is defined by an nference system based on basic narrowing techniques for deciding satisfiability of combinations of first-order equations and intruder deduction constraints.

A theory of dictionary attacks and its complexity

We consider the problem of automating proofs of cryptographic protocols when some data, like poorly chosen passwords, can be guessed by dictionary attacks. First, we define a theory of these attacks: we introduce an inference system modeling the guessing capabilities of an intruder. This system extends the classical Dolev-Yao rules. Using proof rewriting techniques, we show a locality lemma for our inference system which yields the PTIME-completeness of the deduction problem. This result is lifted to the simultaneous solving of intruder deduction constraints with variables. Constraint solving is the basis of a NP algorithm for the protocol insecurity problem in the presence of dictionary attacks, assuming a bounded number of sessions. This extends the classical NP-completeness result for the Dolev-Yao model. We illustrate the procedure with examples of published protocols. The model and decision algorithm have been validated on some examples in a prototype implementation.

Pumping, Cleaning and Symbolic Constraints Solving

We define a new class of tree automata which generalizes both the encompassment automata of [3] and the automata with tests between brothers of [2]. We give a pumping lemma for these automata, which implies that the emptiness of the corresponding language is decidable. Then, we show how to decide emptiness by means of a ”cleaning” algorithm, which leads to more effective decision procedures.

Tree automata with equality constraints modulo equational theories

This paper presents new classes of tree automata combining automata with equality test and automata modulo equational theories. We believe that these classes have a good potential for application in e.g. software verification. These tree automata are obtained by extending the standard Horn clause representations with equational conditions and rewrite systems. We show in particular that a generalized membership problem (extending the emptiness problem) is decidable by proving that the saturation of tree automata presentations with suitable paramodulation strategies terminates. Alternatively our results can be viewed as new decidable classes of first-order formula.

An Analysis of a Public Key Protocol with Membranes

From the contents:Introduction.- Bioapplications.- Computer Science Applications.- Linguistics Applications.- Membrane Software.- Selective Bibliography of Membrane Computing.In this paper, we develop an analysis of the Needham-Schroeder Public-Key Protocol in the framework of membrane computing. This analysis is used to validate the protocol and exhibits, as expected, a well known logical attack. The novelty of our approach is to use multiset rewriting in a nest of membranes. The use of membranes enables to tight the conditions for detecting an attack. The approach has been validated by developing a full implementation for several versions of the analysis.

Ground reducibility is EXPTIME-complete

We prove that ground reducibility is EXPTIME-complete in the general case. EXPTIME-hardness is proved by encoding the emptiness problem for the intersection of recognisable tree languages. It is more difficult to show that ground reducibility belongs to DEXPTIME. We associate first an automaton with disequality constraints AR,t to a rewrite system R and a term t. This automaton is deterministic and accepts at least one term iff t is not ground reducible by R. The number of states of AR,t is O(2||R||×||t||) and the size of its constraints is polynomial in the size of R, t. Then we prove some new pumping lemmas, using a total ordering on the computations of the automaton. Thanks to these lemmas, we can show that emptiness for an automaton with disequality constraints can be decided in a time which is polynomial in the number of states and exponential in the size of the constraints. Altogether, we get a simply exponential time deterministic algorithm for ground reducibility decision.

Operational semantics of a domain specific language for real time musician---computer interaction

With the advent and availability of powerful personal computing, the computer music research and industry have been focusing on real-time musical interactions between musicians and computers; delegating human-like actions to computers who interact with a musical environment. One common use-case of this kind is Automatic Accompaniment where the system is comprised of a real-time machine listening system that in reaction to recognition of events in a score from a human performer, launches necessary actions for the accompaniment section. While the real-time detection of score events out of live musicians’ performance has been widely addressed in the literature, score accompaniment (or the reactive part of the process) has been rarely discussed. This paper deals with this missing component in the literature from a formal language perspective. We show how language considerations would enable better authoring of time and interaction during programming/composing and how it addresses critical aspects of a musical performance (such as errors) in real-time. We sketch the real-time features required by automatic musical accompaniment seen as a reactive system. We formalize the timing strategies for musical events taking into account the various temporal scales used in music. Various strategies for the handling of synchronization constraints and the handling of errors are presented. We give a formal semantics to model the possible behaviors of the system in terms of Parametric Timed Automata.

Automatic verification of conformance of firewall configurations to security policies

The configuration of firewalls is highly error prone and automated solution are needed in order to analyze its correctness. We propose a formal and automatic method for checking whether a firewall reacts correctly with respect to a security policy given in an high level declarative language. When errors are detected, some feedback is returned to the user in order to correct the firewall configuration. Furthermore, the procedure verifies that no conflicts exist within the security policy. We show that our method is both correct and complete. Finally, it has been implemented in a prototype of verifier based on a satisfiability solver modulo theories (SMT). Experiment conducted on relevant case studies demonstrate the efficiency and scalability of the approach.