A rippling-based difference reduction technique to automatically prove security protocol goals

Abstract

The inductive approach [1] has been successfully used for verifying a number of security protocols, uncovering hidden assumptions. Yet it requires a high level of skill to use: a user must guide the proof process, selecting the tactic to be applied, inventing a key lemma, etc. This paper suggests that a proof planning approach [2] can provide automation in the verification of security protocols using the inductive approach. Proof planning uses AI techniques to guide theorem provers. It has been successfully applied in formal methods to software development. Using inductive proof planning [3], we have written a method which takes advantage of the differences in term structure introduced by rule induction, a chief inference rule in the inductive approach. Using difference matching [4], our method first identifies the differences between a goal and the associated hypotheses. Then, using rippling [5], the method attempts to remove such differences. We have successfully conducted a number of experiments using HOL-Clam [6], a socket-based link that combines the HOL theorem prover [7] and the Clam proof planner [8]. While this paper key's contribution centres around a new insight to structuring the proof of some security theorems, it also reports on the development of the inductive approach within the HOL system. © Springer-Verlag Berlin Heidelberg 2004.