Date Added: Apr 2010
The authors embed an operational semantics for security protocols in the interactive theorem prover Isabelle/HOL and derive two strong protocol-independent invariants. These invariants allow them to reason about the possible origin of messages and justify a local typing assumption for the otherwise untyped protocol variables. The two rules form the core of a theory that is well-suited for interactively constructing natural, human-readable, correctness proofs. Moreover, they develop an algorithm that automatically generates proof scripts based on these invariants. Both interactive and automatic proof construction is faster than competing approaches. Moreover, they have strong correctness guarantees since all proofs, including those deriving the underlying theory from the semantics, are machine checked.