{ 
s:SES
(SecurityAxioms
(es:EO+(Info). A:Id. thr:Thread.
((Legal(thr)@A 
noncelike-signatures(s;es;thr))
(sg:E(Sign). e:Act.
(e 
thr
e has* signature(sg)
(
e':E
((e' <loc e)
Action(e')
e' has* signature(sg)
e' thr))
(e = sg)
supposing e':E
((e' < e)
Action(e')
e' has* signature(sg)
((loc(e') = A) (
e' 
Send)))))))) }
{ Proof }
Definitions occuring in Statement :
noncelike-signatures: noncelike-signatures(s;es;thr),
ses-legal-thread: Legal(thr)@A,
ses-thread-member: e thr,
ses-thread: Thread,
ses-axioms: SecurityAxioms,
event-has*: e has* a,
ses-act: Act,
ses-action: Action(e),
ses-sig: signature(e),
ses-sign: Sign,
ses-send: Send,
ses-info: Info,
security-event-structure: SES,
es-E-interface: E(X),
in-eclass: e X,
event-ordering+: EO+(Info),
es-locl: (e <loc e'),
es-causl: (e < e'),
es-loc: loc(e),
es-E: E,
Id: Id,
assert: b,
uimplies: b supposing a,
all: x:A. B[x],
exists: x:A. B[x],
not: A,
implies: P Q,
or: P Q,
and: P Q,
equal: s = t
Definitions :
ses-act: Act,
member: t T,
prop: 
,
cand: A c B,
exists: x:A. B[x],
or: P Q,
and: P Q,
true: True,
squash: 
T,
infix_ap: x f y,
so_lambda: 
x y.t[x; y],
top: Top,
all: x:A. B[x],
es-E-interface: E(X),
ifthenelse: if b then t else f fi ,
guard: {T},
btrue: tt,
false: False,
assert: b,
ses-action: Action(e),
bfalse: ff,
ses-used-atoms: UsedAtoms(e),
implies: P Q,
ses-info-flow: ->>,
eq_int: (i =
j),
ycomb: Y,
rel_exp: R^n,
so_apply: x[s1;s2],
same-action: same-action(x;y),
le: A 
B,
nat: 
,
not: A,
nat_plus: 
,
es-le: e loc e' ,
ses-axioms: SecurityAxioms,
uall: [x:A]. B[x],
sq_stable: SqStable(P),
iff: P 
Q,
rev_implies: P Q,
uimplies: b supposing a,
ses-R: PropertyR,
sq_type: SQType(T),
decidable: Dec(P),
unit: Unit,
bool: 
,
ses-D: PropertyD,
rel_star: R^*,
event-has*: e has* a,
es-locl: (e <loc e'),
ses-nonce-disjoint: NoncesCiphersAndKeysDisjoint,
noncelike-signatures: noncelike-signatures(s;es;thr),
pi2: snd(t),
subtype: S 
T,
it: 
,
!hyp_hide: x
Lemmas :
ses-action_wf,
ses-legal-thread-has-atom,
ses-sig_wf,
event-has_wf,
ses-info_wf,
event-ordering+_inc,
es-E_wf,
ses-thread-member_wf,
event-has*_wf,
es-locl_wf,
decidable__ses-action,
sq_stable_from_decidable,
ses-info-flow_wf,
event-has*-iff,
member-useable-atoms,
top_wf,
event-ordering+_wf,
sdata_wf,
es-interface-subtype_rel2,
ses-rcv_wf,
in-eclass_wf,
assert_wf,
ses-send_wf,
assert_elim,
ses-new_wf,
ses-verify_wf,
Id_wf,
ses-sign_wf,
ses-decrypt_wf,
encryption-key_wf,
ses-encrypt_wf,
bool_subtype_base,
subtype_base_sq,
es-causl_transitivity2,
es-causle_weakening_locl,
ses-used-atoms_wf,
l_member_wf,
ses-useable-atoms_wf,
decidable__atom_equal_1,
decidable__l_member,
ses-act-has-atom,
bool_wf,
sdata-atoms_wf,
assert_of_bnot,
eqff_to_assert,
bnot_wf,
uiff_transitivity,
not_wf,
eqtt_to_assert,
iff_weakening_uiff,
ses-legal-thread-decrypt,
atom1_subtype_base,
sdata_subtype_base,
eclass-val_wf,
ses-decryption-key_wf,
ses-cipher_wf,
ses-verify-signed_wf,
ses-verify-sig_wf,
ses-signed_wf,
ses-encryption-key_wf,
encryption-key-atoms_wf,
member-used-atoms,
es-le_weakening,
es-locl_transitivity2,
decidable__es-le,
es-le_wf,
nat_properties,
ses-decrypted_wf,
ses-crypt_wf,
true_wf,
squash_wf,
event-has*-transitive-encrypt,
ses-cipher-unique,
ses-flow-axiom-ordering,
int_subtype_base,
decidable__equal_int,
event-has_functionality,
eclass_wf,
le_wf,
rel_exp_wf,
ses-info-flow-exp_functionality
\mforall{}s:SES
(SecurityAxioms
{}\mRightarrow{} (\mforall{}es:EO+(Info). \mforall{}A:Id. \mforall{}thr:Thread.
((Legal(thr)@A \mwedge{} noncelike-signatures(s;es;thr))
{}\mRightarrow{} (\mforall{}sg:E(Sign). \mforall{}e:Act.
(e \mmember{} thr
{}\mRightarrow{} e has* signature(sg)
{}\mRightarrow{} (\mexists{}e':E. ((e' <loc e) \mwedge{} Action(e') \mwedge{} e' has* signature(sg) \mwedge{} e' \mmember{} thr)) \mvee{} (e = sg)
supposing \mforall{}e':E
((e' < e)
{}\mRightarrow{} Action(e')
{}\mRightarrow{} e' has* signature(sg)
{}\mRightarrow{} ((loc(e') = A) \mwedge{} (\mneg{}\muparrow{}e' \mmember{}\msubb{} Send))))))))
Date html generated:
2011_08_17-PM-07_37_13
Last ObjectModification:
2011_06_18-PM-01_29_27
Home
Index