{ 
[ses:SES]
[bss:Basic1 List]
[A:Id]
([es:EO+(Info)]. [thr:Thread].
([i:
||thr||]. [j:i].
(
(New(thr[j]) released before thr[i])) supposing
((k:{j + 1..i
}. (
thr[k] 
Send)) and
(thr[j] New))) supposing
(loc(thr)= A and
(thr is one of bss at A))) supposing
((Protocol1(bss) A) and
Honest(A))
supposing Legal(bss)
supposing SecurityAxioms }
{ Proof }
Definitions occuring in Statement :
ses-protocol1-legal: Legal(bss),
ses-protocol1: Protocol1(bss),
ses-protocol1-thread: (thr is one of bss at A),
ses-basic-sequence1: Basic1,
ses-thread-loc: loc(thr)= A,
ses-thread: Thread,
ses-axioms: SecurityAxioms,
release-before: (a released before e),
ses-honest: Honest(A),
ses-send: Send,
ses-new: New,
ses-info: Info,
security-event-structure: SES,
eclass-val: X(e),
in-eclass: e X,
event-ordering+: EO+(Info),
Id: Id,
select: l[i],
length: ||as||,
assert: b,
int_seg: {i..j},
uimplies: b supposing a,
uall: [x:A]. B[x],
all: x:A. B[x],
not: A,
apply: f a,
list: type List,
add: n + m,
natural_number: $n
Definitions :
all: x:A. B[x],
member: t T,
subtype: S 
T,
top: Top,
so_lambda: 
x y.t[x; y],
uall: [x:A]. B[x],
uimplies: b supposing a,
not: A,
implies: P 
Q,
false: False,
prop: 
,
le: A 
B,
int_seg: {i..j},
and: P 
Q,
ses-thread-member: e thr,
lelt: i j < k,
exists: 
x:A. B[x],
nat: ,
guard: {T},
cand: A c B,
ge: i 
j ,
es-E-interface: E(X),
Id: Id,
squash: 
T,
true: True,
assert: b,
ses-action: Action(e),
or: P 
Q,
btrue: tt,
ifthenelse: if b then t else f fi ,
ses-act: Act,
so_lambda: x.t[x],
ses-axioms: SecurityAxioms,
es-locl: (e <loc e'),
ses-thread: Thread,
l_member: (x l),
so_apply: x[s1;s2],
ses-thread-loc: loc(thr)= A,
strongwellfounded: SWellFounded(R[x; y]),
ses-nonce: PropertyN,
sq_type: SQType(T),
iff: P 
Q,
rev_implies: P Q,
sq_stable: SqStable(P),
ses-protocol1: Protocol1(bss),
ses-protocol1-legal: Legal(bss),
decidable: Dec(P),
so_apply: x[s],
es-le: e loc e' ,
ses-disjoint: ActionsDisjoint,
release-before: (a released before e),
!hyp_hide: x
Lemmas :
ses-flow-axiom-ordering,
ses-ordering-ordering',
ses-nonce-from-ordering,
es-E_wf,
event-ordering+_inc,
ses-info_wf,
ses-act_wf,
top_wf,
ses-send_wf,
es-interface-subtype_rel2,
sdata_wf,
event-ordering+_wf,
ses-new_wf,
release-before_wf,
eclass-val_wf,
select_wf,
length_wf_nat,
nat_wf,
int_seg_wf,
not_wf,
assert_wf,
in-eclass_wf,
ses-thread-loc_wf,
ses-protocol1-thread_wf,
ses-thread_wf,
ses-protocol1_wf,
ses-honest_wf,
Id_wf,
ses-protocol1-legal_wf,
ses-basic-sequence1_wf,
ses-axioms_wf,
security-event-structure_wf,
int_seg_properties,
length_wf1,
le_wf,
es-causl-swellfnd,
non_neg_length,
es-causl_wf,
es-loc_wf,
es-locl_wf,
event-has*_wf,
ses-action_wf,
nat_properties,
ge_wf,
subtype_base_sq,
atom2_subtype_base,
es-le-not-locl,
assert_elim,
bool_wf,
sq_stable_from_decidable,
decidable__ses-action,
bool_subtype_base,
ses-rcv_wf,
ses-encrypt_wf,
encryption-key_wf,
ses-decrypt_wf,
ses-sign_wf,
ses-verify_wf,
es-causle_weakening_locl,
es-causl_weakening,
es-causl_transitivity1,
decidable__ex_int_seg,
decidable__es-E-equal,
ses-legal-thread-has*-nonce,
decidable__equal_Id,
es-causl_transitivity2,
es-causle_weakening,
es-causl_irreflexivity,
es-locl_transitivity2,
es-le_weakening,
iseg_member,
decidable__le,
iseg_select2,
ses-thread-order,
squash_wf,
true_wf,
event_ordering_wf,
es-locl_irreflexivity,
ses-thread-weak-order,
add_wf,
decidable__lt,
eclass_wf,
es-le_wf
\mforall{}[ses:SES]
\mforall{}[bss:Basic1 List]
\mforall{}[A:Id]
(\mforall{}[es:EO+(Info)]. \mforall{}[thr:Thread].
(\mforall{}[i:\mBbbN{}||thr||]. \mforall{}[j:\mBbbN{}i].
(\mneg{}(New(thr[j]) released before thr[i])) supposing
((\mforall{}k:\{j + 1..i\msupminus{}\}. (\mneg{}\muparrow{}thr[k] \mmember{}\msubb{} Send)) and
(\muparrow{}thr[j] \mmember{}\msubb{} New))) supposing
(loc(thr)= A and
(thr is one of bss at A))) supposing
((Protocol1(bss) A) and
Honest(A))
supposing Legal(bss)
supposing SecurityAxioms
Date html generated:
2011_08_17-PM-07_45_25
Last ObjectModification:
2011_06_18-PM-01_40_50
Home
Index