A framework for compositional verification of security protocols

Suzana Andova, Cas Cremers, Kristian Gjøsteen, Sjouke Mauw, Stig F. Mjølsnes, Saša Radomirović (Lead / Corresponding author)

Research output: Contribution to journalArticlepeer-review

43 Citations (Scopus)
177 Downloads (Pure)


Automatic security protocol analysis is currently feasible only for small protocols. Since larger protocols quite often are composed of many small protocols, compositional analysis is an attractive, but non-trivial approach. We have developed a framework for compositional analysis of a large class of security protocols. The framework is intended to facilitate automatic as well as manual verification of large structured security protocols. Our approach is to verify properties of component protocols in a multi-protocol environment, then deduce properties about the composed protocol. To reduce the complexity of multi-protocol verification, we introduce a notion of protocol independence and prove a number of theorems that enable analysis of independent component protocols in isolation. To illustrate the applicability of our framework to real-world protocols, we study a key establishment sequence in WiMAX consisting of three subprotocols. Except for a small amount of trivial reasoning, the analysis is done using automatic tools.

Original languageEnglish
Pages (from-to)425-459
Number of pages35
JournalInformation and Computation
Issue number2-4
Early online date28 Nov 2007
Publication statusPublished - 2008
EventJoint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis - Seattle, United States
Duration: 15 Aug 200616 Aug 2006


  • Authentication
  • Automatic verification
  • Compositionality
  • Confidentiality
  • Security properties
  • Security protocols
  • Semantics
  • WiMAX

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Information Systems
  • Computer Science Applications
  • Computational Theory and Mathematics


Dive into the research topics of 'A framework for compositional verification of security protocols'. Together they form a unique fingerprint.

Cite this