Transactional Memory with Strong Atomicity Using Off-the-Shelf Memory Protection Hardware (2009)
Martín Abadi, Tim Harris, Mojtaba Mehrara
This paper introduces a new way to provide strong atomicity in an implementation of transactional memory. Strong atomicity lets us offer clear semantics to programs, even if they access the same...
A Model of Cooperative Threads (2009)
We develop a model of concurrent imperative programming with threads. We focus on a small imperative language with cooperative threads which execute without interruption until they terminate or...
Code-Carrying Authorization (2009)
Sergio Maffeis, Martín Abadi, Cédric Fournet, Andrew D. Gordon
Abstract. In authorization, there is often a wish to shift the burden of proof to those making requests, since they may have more resources and more specific knowledge to construct the required...
Variations in Access Control Logic (2009)
Abstract. In this paper we investigate the design space of access control logics. Specifically, we consider several possible axioms for the common operator says. Some of the axioms come from modal...
Code-Carrying Authorization (2009)
Sergio Maffeis, Martín Abadi, Cédric Fournet, Andrew D. Gordon
Abstract. In authorization, there is often a wish to shift the burden of proof to those making requests, since they may have more resources and more specific knowledge to construct the required...
Concurrent Programming—Parallel programming (2009)
We develop a model of concurrent imperative programming with threads. We focus on a small imperative language with cooperative threads which execute without interruption until they terminate or...
A Model of Dynamic Separation for Transactional Memory (2009)
Martín Abadi, Tim Harris, Katherine F. Moore
Abstract. Dynamic separation is a new programming discipline for systems with transactional memory. We study it formally in the setting of a small calculus with transactions. We provide a precise...
Automatic Mutual Exclusion and Atomicity Checks (2009)
Abstract. This paper provides an introduction to the Automatic Mutual Exclusion (AME) programming model and to its formal study, through the AME calculus. AME resembles cooperative multithreading; in...
Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from...
An Overview of the Singularity Project 1 (2008)
Galen Hunt, James Larus, Martín Abadi, Mark Aiken, Paul Barham, Manuel Fähndrich, ...
Abstract. Singularity is a research project in Microsoft Research that started with the question: what would a software platform look like if it was designed from scratch with the primary goal of...
A Modal Deconstruction of Access Control Logics (2008)
Abstract. We present a translation from a logic of access control with a “says ” operator to the classical modal logic S4. We prove that the translation is sound and complete. We also show that...
Copyright c○2005 by Springer-Verlag. BCiC: A System for Code Authentication and Verification (2008)
Nathan Whitehead, Martín Abadi
Abstract. We present BCiC, a system for verifying and authenticating code that combines language-based proof methods with public-key digital signatures. BCiC aims to augment the rigor of formal...
Abstract A Core Calculus of Dependency (2008)
Martín Abadi, Anindya Banerjee
partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings that can be captured within a single calculus, the Dependency...
A Modal Deconstruction of Access Control Logics (2008)
Abstract. We present a translation from a logic of access control with a “says ” operator to the classical modal logic S4. We prove that the translation is sound and complete. We also show that...
An Overview of the Singularity Project 1 (2008)
Galen Hunt, James Larus, Martín Abadi, Mark Aiken, Paul Barham, Manuel Fähndrich, ...
Abstract. Singularity is a research project in Microsoft Research that started with the question: what would a software platform look like if it was designed from scratch with the primary goal of...
GDP Festschrift ENTCS, to appear Abstract Access Control in a Core Calculus of Dependency (2008)
The Dependency Core Calculus (DCC) is an extension of the computational lambda calculus that was designed in order to capture the notion of dependency that arises in information-flow control, partial...
Abstract A Core Calculus of Dependency (2008)
Martín Abadi, Anindya Banerjee
partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings that can be captured within a single calculus, the Dependency...
A Modal Deconstruction of Access Control Logics (2008)
Abstract. We present a translation from a logic of access control with a “says ” operator to the classical modal logic S4. We prove that the translation is sound and complete. We also show that...
Abstract Authentication primitives and their compilation (2008)
Martín Abadi, Cédric Fournet, Georges Gonthier, Inria Rocquencourt
Adopting a programming-language perspective, we study the problem of implementing authentication in a distributed system. We define a process calculus with constructs for authentication and show how...
Abstract Mobile Values, New Names, and Secure Communication (2008)
We study the interaction of the “new ” construct with a rich but common form of (first-order) communication. This interaction is crucial in security protocols, which are the main motivating...
Abstract Private Authentication (2008)
Frequently, communication between two principals reveals their identities and presence to third parties. These privacy breaches can occur even if security protocols are in use; indeed, they may even...
Appears in ECOOP’94 Proceedings. Methods as Assertions (2008)
John Lamping, Martin Abadi, John Lamping, Martín Abadi
the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data...
of channel abstractions. In LICS '98 [75], pages 105 116. (2008)
Martín Abadi, Cédric Fournet, Martín Abadi, Martín Abadi, Martín Abadi
in the spi calculus. In Mazurkiewicz and Winkowski [93], pages 59 73. [6] ACM. Conference record of the 22th ACM SIGPLAN-SIGACT Symposium on
Security Protocols: Principles and Calculi Tutorial Notes (2008)
Abstract. This paper is a basic introduction to some of the main themes in the design and analysis of security protocols. It includes a brief explanation of the principles of protocol design and of a...
Abstract Private Authentication (2008)
Frequently, communication between two principals reveals their identities and presence to third parties. These privacy breaches can occur even if security protocols are in use; indeed, they may even...
We study and further develop two language-based techniques for analyzing security protocols. One is based on a typed process calculus; the other, on untyped logic programs. Both focus on secrecy...
Martín Abadi, Bruno Blanchet, Cédric Fournet
JFK is a recent, attractive protocol for fast key establishment as part of securing IP communication. In this paper, we analyze it formally in the applied pi calculus (partly in terms of...
Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from...
ABSTRACT Control-Flow Integrity (2008)
Martín Abadi, Computer Science Dept
Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from...
Abstract A Core Calculus of Dependency (2008)
Martín Abadi, Anindya Banerjee
partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings that can be captured within a single calculus, the Dependency...
Decomposing specifications of concurrent systems (2008)
We introduce a simple method for specifying individual components of a concurrent system. The specification of the system is the conjunction of its components ’ specifications. We show how to prove...
Semantics of transactional memory and automatic mutual exclusion (2008)
Martín Abadi, Andrew Birrell, Tim Harris, Michael Isard
Software Transactional Memory (STM) is an attractive basis for the development of language features for concurrent programming. However, the semantics of these features can be delicate and...
A Theory of Primitive Objects (2007)
Untyped And First-Order, Martín Abadi, Luca Cardelli
We introduce simple object calculi that support method override and object subsumption. We give an untyped calculus, typing rules, and equational rules. We illustrate the expressiveness of our...
Roger Needham, Roger Needham, Martín Abadi, Ross Anderson, Jean Bacon, Andrew Birrell, ...
comprising in this compilation are copyright of the respective authors. All rights are reserved. This publication may not be copied, reproduced, published or distributed in whole or in part in any...
This paper presents a new protocol for certified email. The protocol aims to combine security, scalability, easy implementation, and viable deployment. The protocol relies on a light on-line trusted...
Preserving Liveness: Comments on “Safety and Liveness from a Methodological Point of View” (2007)
Martín Abadi, Bowen Alpern, Krzysztof R. Apt, Nissim Francez, Shmuel Katz, Leslie Lamport, ...
Dederichs and Weber [4] define what it means for a property to be a liveness property with respect to a safety property. They argue that specifications should be written in the form P ∩ Q, whereQ...
Policies and proofs for code auditing (2007)
Nathan Whitehead, Jordan Johnson, Martín Abadi
Abstract. Both proofs and trust relations play a role in security decisions, in particular in determining whether to execute a piece of code. We have developed a language, called BCIC, for policies...
Policies and proofs for code auditing (2007)
Nathan Whitehead, Jordan Johnson, Martín Abadi
Abstract. Both proofs and trust relations play a role in security decisions, in particular in determining whether to execute a piece of code. We have developed a language, called BCIC, for policies...
Towards a declarative language and system for secure networking (2007)
In this paper, we present a declarative language and system for describing and implementing secure networks. Our proposed language, SeNDlog, is an attempt at unifying Binder, a logic-based language...
Towards a declarative language and system for secure networking (2007)
In this paper, we present a declarative language and system for describing and implementing secure networks. Our proposed language, SeNDlog, is an attempt at unifying Binder, a logic-based language...
Guessing attacks and the computational soundness of static equivalence (2006)
Martín Abadi, Mathieu Baudet, Bogdan Warinschi
Abstract. The indistinguishability of two pieces of data (or two lists of pieces of data) can be represented formally in terms of a relation called static equivalence. Static equivalence depends on...
Formal analysis of dynamic, distributed file-system access controls (2006)
Abstract. We model networked storage systems with distributed, cryptographically enforced file-access control in an applied pi calculus. The calculus contains cryptographic primitives and supports...
Computational secrecy by typing for the pi-calculus (2006)
Martín Abadi, Ricardo Corin, Cédric Fournet
Abstract. We define and study a distributed cryptographic implementation for an asynchronous pi calculus. At the source level, we adapt simple type systems designed for establishing formal secrecy...
Architectural support for software-based protection (2006)
Mihai Budiu, Úlfar Erlingsson, Martín Abadi
Control-Flow Integrity (CFI) is a property that guarantees program control flow cannot be subverted by a malicious adversary, even if the adversary has complete control of data memory. We have shown...
Guessing attacks and the computational soundness of static equivalence (2006)
Martín Abadi, Mathieu Baudet, Bogdan Warinschi
Abstract. The indistinguishability of two pieces of data (or two lists of pieces of data) can be represented formally in terms of a relation called static equivalence. Static equivalence depends on...
Formal analysis of dynamic, distributed file-system access controls (2006)
Abstract. We model networked storage systems with distributed, cryptographically enforced file-access control in an applied pi calculus. The calculus contains cryptographic primitives and supports...
A theory of secure control flow (2005)
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti, Martín Abadi, Mihai Budiu, ...
Abstract. Control-Flow Integrity (CFI) means that the execution of a program dynamically follows only certain paths, in accordance with a static policy. CFI can prevent attacks that, by exploiting...
Access control in a world of software diversity (2005)
Martín Abadi, Andrew Birrell, Ted Wobber
We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the...
Security analysis of cryptographically controlled access to XML documents (2005)
Some promising recent schemes for XML access control employ encryption for implementing security policies on published data, avoiding data duplication. In this paper we study one such scheme, due to...
Security analysis of cryptographically controlled access to XML documents (2005)
Some promising recent schemes for XML access control employ encryption for implementing security policies on published data, avoiding data duplication. In this paper we study one such scheme, due to...
Automated verification of selected equivalences for security protocols (2005)
Bruno Blanchet, Martín Abadi, Cédric Fournet
In the analysis of security protocols, methods and tools for reasoning about protocol behaviors have been quite effective. We aim to expand the scope of those methods and tools. We focus on proving...
Security analysis of cryptographically controlled access to XML documents (2005)
Some promising recent schemes for XML access control employ encryption for implementing security policies on published data, avoiding data duplication. In this paper we study one such scheme, due to...
Password-based encryption analyzed (2005)
Martín Abadi, Bogdan Warinschi
Abstract. The use of passwords in security protocols is particularly delicate because of the possibility of off-line guessing attacks. We study password-based protocols in the context of a recent...
Password-based encryption analyzed (2005)
Martín Abadi, Bogdan Warinschi
Abstract. The use of passwords in security protocols is particularly delicate because of the possibility of off-line guessing attacks. We study password-based protocols in the context of a recent...
BCiC: A system for code authentication and verification (2005)
Nathan Whitehead, Martín Abadi
Abstract. We present BCiC, a system for verifying and authenticating code that combines language-based proof methods with public-key digital signatures. BCiC aims to augment the rigor of formal...
Abstract Control-Flow Integrity Principles, Implementations, and Applications (2005)
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti, Martín Abadi, Mihai Budiu, ...
Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from...
A theory of secure control flow (2005)
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti
Abstract. Control-Flow Integrity (CFI) means that the execution of a program dynamically follows only certain paths, in accordance with a static policy. CFI can prevent attacks that, by exploiting...
Transition predicate abstraction and fair termination (2005)
Podelski, Andreas, Rybalchenko, Andrey, Palsberg, Jens, Abadi, Martín
Access control in a world of software diversity (2005)
Martín Abadi, Andrew Birrell, Ted Wobber
We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the...
Just fast keying in the pi calculus (2004)
Martín Abadi, Bruno Blanchet, Cédric Fournet
Abstract. JFK is a recent, attractive protocol for fast key establishment as part of securing IP communication. In this paper, we analyze it formally in the applied pi calculus (partly in terms of...
Just fast keying in the pi calculus (2004)
Martín Abadi, Bruno Blanchet, Cédric Fournet
Abstract. JFK is a recent, attractive protocol for fast key establishment as part of securing IP communication. In this paper, we analyze it formally in the applied pi calculus (partly in terms of...
Choice in dynamic linking (2004)
Martín Abadi, Georges Gonthier, Benjamin Werner
Abstract. We introduce a computational interpretation for Hilbert’s choice operator (ε). This interpretation yields a typed foundation for dynamic linking in software systems. The use of choice...
On Access Control, Data Integration, (2004)
And Their Languages, Martín Abadi
This paper considers the goals and features of recent languages for access control in distributed systems. In particular, it relates those languages to data integration
Language-based enforcement of privacy policies (2004)
Abstract. We develop a language-based approach for modeling and verifying aspects of privacy policies. Our approach relies on information-flow control. Concretely, we use the programming language...
Deciding knowledge in security protocols under equational theories (2004)
Martín Abadi, Véronique Cortier
Abstract. The analysis of security protocols requires precise formulations of the knowledge of protocol participants and attackers. In formal approaches, this knowledge is often treated in terms of...
Trusted computing, trusted third parties, and verified communications (2004)
Trusted Computing gives rise to a new supply of trusted third parties on which distributed systems can potentially rely. They are the secure system components (hardware and software) built into nodes...
Deciding knowledge in security protocols under equational theories (2004)
Martín Abadi, Véronique Cortier
In the analysis of security protocols, the knowledge of attackers is often described in terms of message deducibility and indistinguishability relations. In this paper, we pursue the study of these...
A logical account of NGSCB (2004)
Abstract. As its name indicates, NGSCB aims to be the “Next-Generation Secure Computing Base”. As envisioned in the context of Trusted Computing initiatives, NGSCB provides protection against...
Deciding knowledge in security protocols under equational theories (2004)
Martín Abadi, Véronique Cortier
theories
Moderately Hard, Memory-bound Functions (2003)
A resource may be abused if its users incur little or no cost. For example, e-mail abuse is rampant because sending an e-mail has negligible cost for the sender. It has been suggested that such abuse...
Hiding names: Private authentication in the applied pi calculus (2003)
Abstract. We present the analysis of a protocol for private authentication in the applied pi calculus. We treat authenticity and secrecy properties of the protocol. Although such properties are...
Access control based on execution history (2003)
Security is a major, frequent concern in extensible software systems such as Java Virtual Machines and the Common Language Runtime. These systems aim to enable simple, classic applets and also, for...
Hiding names: Private authentication in the applied pi calculus (2003)
Abstract. We present the analysis of a protocol for private authentication in the applied pi calculus. We treat authenticity and secrecy properties of the protocol. Although such properties are...
Moderately Hard, Memory-bound Functions (2003)
A resource may be abused if its users incur little or no cost. For example, e-mail abuse is rampant because sending an e-mail has negligible cost for the sender. It has been suggested that such abuse...
Computer-assisted verification of a protocol for certified email (2003)
Abstract. We present the formalization and verification of a recent cryptographic protocol for certified email. Relying on a tool for automatic protocol analysis, we establish the key security...
Logic in Access Control (2003)
Access control is central to security in computer systems. Over the years, there have been many efforts to explain and to improve access control, sometimes with logical ideas and tools. This paper is...
Computer-Assisted Verification of a Protocol for Certified Email (2003)
We present the formalization and verification of a recent cryptographic protocol for certified email. Relying on a tool for automatic protocol analysis, we establish the key security properties of...
Access control based on execution history (2003)
Security is a major, frequent concern in extensible software systems such as Java Virtual Machines and the Common Language Runtime. These systems aim to enable simple, classic applets and also, for...
Built-in Object Security (2003)
Modern programming languages and systems provide much support for security. Through strong typing, they can substantially reduce the opportunities for low-level coding errors that could result in...
Bankable Postage for Network Services (2003)
Martín Abadi, Andrew Birrell, Mike Burrows, Frank Dabek, Ted Wobber
Abstract. We describe a new network service, the “ticket server”. This service provides “tickets ” that a client can attach to a request for a network service (such as sending email or asking...
Computer-assisted verification of a protocol for certified email (2003)
We present the formalization and verification of a recent cryptographic protocol for certified email. Relying on a tool for automatic protocol analysis, we establish the key security properties of...
Bankable Postage for Network Services (2003)
Martín Abadi, Andrew Birrell, Mike Burrows, Frank Dabek, Ted Wobber
Abstract. We describe a new network service, the “ticket server”. This service provides “tickets ” that a client can attach to a request for a network service (such as sending email or asking...
Certified Email with a Light On-line Trusted Third Party: (2002)
Design And Implementation, Martín Abadi, Neal Glew
This paper presents a new protocol for certified email. The protocol aims to combine security, scalability, easy implementation, and viable deployment. The protocol relies on a light on-line trusted...
Two distinct, rigorous views of cryptography have developed over the years, in two mostly separate communities. One of the views relies on a simple but effective formal approach; the other, on a...
Security Protocols and their Properties (2000)
Specifications for security protocols range from informal narrations of message flows to formal assertions of protocol properties. This paper discusses those specifications, emphasizing authenticity...
While there is a great deal of sophistication in modern cryptology, simple (and simplistic) explanations of cryptography remain useful and perhaps necessary. Many of the explanations are informal;...
Two distinct, rigorous views of cryptography have developed over the years, in two mostly separate communities. One of the views relies on a simple but effective formal approach; the other, on a...
Authentication Primitives and Their Compilation (2000)
Martín Abadi, Cédric Fournet, Georges Gonthier, Inria Rocquencourt
Adopting a programming-language perspective, we study the problem of implementing authentication in a distributed system. We define a process calculus with constructs for authentication and show how...
Reasoning About Secrecy for Active Networks (2000)
Pankajj Kakkar, Carl A. Gunter, Martín Abadi
In this paper we develop a language of mobile agents called uPLAN for describing the capabilities of active (programmable) networks. We use a formal semantics for uPLAN to demonstrate how...
www.pa.bell-labs.com/~abadi Abstract. While there is a great deal of sophistication in modern cryptology, simple (and simplistic) explanations of cryptography remain useful and perhaps necessary....
Abstract. A race condition is a situation where two threads manipulate a data structure simultaneously, without synchronization. Race conditions are common errors in multithreaded programming. They...
A Core Calculus of Dependency (1999)
Martín Abadi, Anindya Banerjee, Nevin Heintze, Jon G. Riecke
Notions of program dependency arise in many settings: security, partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings...
A Top-Down Look at a Secure Message (1999)
Martín Abadi, Cédric Fournet, Georges Gonthier, Inria Rocquencourt
In ongoing work, we are investigating the design of secure distributed implementations of high-level process calculi (in particular, of the join-calculus). We formulate implementations as...
A race condition is a situation where two threads manipulate a data structure simultaneously, without synchronization. Race conditions are common errors in multithreaded programming. They often lead...
Object Types against Races (1999)
. This paper investigates an approach for statically preventing race conditions in an object-oriented language. The setting of this work is a variant of Gordon and Hankin's concurrent object...
Object Types against Races (1999)
. This paper investigates an approach for statically preventing race conditions in an object-oriented language. The setting of this work is a variant of Gordon and Hankin's concurrent object...
Security Protocols and Specifications (1999)
Specifications for security protocols range from informal narrations of message flows to formal assertions of protocol properties. This paper (intended to accompany a lecture at ETAPS '99)...
Reasoning About Secrecy for Active Networks (1999)
Carl A. Gunter, Pankaj Kakkar, Martín Abadi
In this paper we develop a language of mobile agents called uPLAN for describing the capabilities of active (programmable) networks. We use a formal semantics for uPLAN to demonstrate how various...
A calculus for cryptographic protocols: The spi calculus (1999)
Martín Abadi, Martín Abadi, Andrew D. Gordon, Andrew D. Gordon
The charter of SRC is to advance both the state of knowledge and the state of the art in computer systems. From our establishment in 1984, we have performed basic and applied research to support...
Object types against races (1999)
Abstract. This paper investigates an approach for statically preventing race conditions in an object-oriented language. The setting of this work is a variant of Gordon and Hankin’s concurrent...
On SDSI's Linked Local Name Spaces (1998)
Rivest and Lampson have recently introduced SDSI, a Simple Distributed Security Infrastructure. One of the important innovations of SDSI is the use of linked local name spaces. This paper suggests a...
Secure Communications Processing for Distributed Languages (1998)
Martín Abadi, Cédric Fournet, Georges Gonthier
Communications processing is an important part of distributed language systems with facilities such as RPC (remote procedure call) and RMI (remote method invocation). For security, messages may...
Two Facets of Authentication (1998)
Authentication can serve both for assigning responsibility and for giving credit. Some authentication protocols are adequate for one purpose but not the other. This paper explains the distinction...
Secrecy by Typing in Security Protocols (1998)
We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle...
Protection in Programming-Language Translations (1998)
We discuss abstractions for protection and the correctness of their implementations. Relying on the concept of full abstraction, we consider two examples: (1) the translation of Java classes to an...
A Bisimulation Method for Cryptographic Protocols (1998)
Martín Abadi, Andrew D. Gordon
We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts....
A Calculus for Cryptographic Protocols - The Spi Calculus (1998)
Martín Abadi, Andrew D. Gordon
We introduce the spi calculus, an extension of the pi calculus designed for describing and analyzing cryptographic protocols. We show how to use the spi calculus, particularly for studying...
Bibliography of related work for project Composability for Secure Systems (1998)
Charles Payne, Martín Abadi, Leslie Lamport
Bibliography
A Bisimulation Method for Cryptographic Protocols (1998)
Martín Abadi, Andrew D. Gordon
. We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts....
A Type System for Java Bytecode Subroutines (1998)
Java is typically compiled into an intermediate language, JVML, that is interpreted by the Java Virtual Machine. Because mobile JVML code is not always trusted, a bytecode verifier enforces static...
A type system for Java bytecode subroutines (1998)
Raymie Stata, Raymie Stata, Martín Abadi, Martín Abadi
The charter of SRC is to advance both the state of knowledge and the state of the art in computer systems. From our establishment in 1984, we have performed basic and applied research to support...
Martín Abadi, K. Rustan, M. Leino, Martín Abadi, K. Rustan, M. Leino
A logic of object-oriented programs d i g i t a l
A type system for Java bytecode subroutines (1998)
Raymie Stata, Raymie Stata, Martín Abadi, Martín Abadi
The charter of SRC is to advance both the state of knowledge and the state of the art in computer systems. From our establishment in 1984, we have performed basic and applied research to support...
Protection in programming-language translations (1998)
The charter of SRC is to advance both the state of knowledge and the state of the art in computer systems. From our establishment in 1984, we have performed basic and applied research to support...
Two facets of authentication (1998)
Authentication can serve both for assigning responsibility and for giving credit. Some authentication protocols are adequate for one purpose but not the other. This paper explains the distinction...
Strengthening Passwords (1997)
Martín Abadi, Martn Abadi, T. Mark, T. Mark, A. Lomas, ...
Despite their notorious vulnerability, traditional passwords remain important for security. In this paper we describe a method for strengthening passwords. Our method does not require users to...
Formal, Informal, and Null Methods (1997)
be desirable to break the verifier into two parts: (1) a part that guesses or constructs an invariant candidate, by whatever means; (2) a part that checks that this candidate is in fact an invariant....
Secrecy by Typing in Security Protocols (1997)
. We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle...
Reasoning about Cryptographic Protocols in the Spi Calculus (1997)
Martín Abadi, Andrew D. Gordon
. The spi calculus is an extension of the pi calculus with constructs for encryption and decryption. This paper develops the theory of the spi calculus, focusing on techniques for establishing...
On SDSI's Linked Local Name Spaces (1997)
Rivest and Lampson have recently introduced SDSI, a Simple Distributed Security Infrastructure. One of the important innovations of SDSI is the use of linked local name spaces. This paper suggests a...
A Logic of Object-Oriented Programs (1997)
Martín Abadi, K. Rustan, M. Leino
. We develop a logic for reasoning about object-oriented programs. The logic is for a language with an imperative semantics and aliasing, and accounts for self-reference in objects. It is much like a...
Strengthening passwords (1997)
Martín Abadi, Martín Abadi, Roger Needham, Roger Needham, T. Mark, T. Mark, ...
(with minor revisions on December 16, 1997) Despite their notorious vulnerability, traditional passwords remain important for security. In this paper we describe a method for strengthening passwords....
Strengthening passwords (1997)
Martín Abadi, Martín Abadi, Roger Needham, Roger Needham, T. Mark, T. Mark, ...
(with minor revisions on December 16, 1997) Despite their notorious vulnerability, traditional passwords remain important for security. In this paper we describe a method for strengthening passwords....
An Imperative Object Calculus (1996)
. We develop an imperative calculus of objects. Its main type constructor is the one for object types, which incorporate variance annotations and Self types. A subtyping relation between object types...
On Subtyping and Matching (1996)
. A relation between recursive object types, called matching, has been proposed as a generalization of subtyping. Unlike subtyping, matching does not support subsumption, but it does support...
Syntactic Considerations on Recursive Types (1996)
Martín Abadi, Marcelo P. Fiore
We study recursive types from a syntactic perspective. In particular, we compare the formulations of recursive types that are used in programming languages and formal systems. Our main tool is a new...
Leendert Van Doorn, Martín Abadi, Mike Burrows, Edward Wobber
We describe the design and implementation of secure network objects. Secure network objects provide security for object-oriented network communication. Our design supports both access control lists...
Leendert Van Doorn, Martín Abadi, Mike Burrows, Edward Wobber
We describe the design and implementation of secure network objects, which provide security for objectoriented network communication. The design takes advantage of objects and subtyping to present a...
An Interpretation of Objects and Object Types (1996)
Martín Abadi, Luca Cardelli, Ramesh Viswanathan
We present an interpretation of typed object-oriented concepts in terms of well-understood, purely procedural concepts. More precisely, we give a compositional subtypepreserving translation of a...
An Imperative Object Calculus - Basic Typing and Soundness (1995)
We develop an imperative calculus of objects that is both tiny and expressive. Our calculus provides a minimal setting in which to study the operational semantics and the typing rules of...
An Imperative Object Calculus - Basic Typing and Soundness (1995)
We develop an imperative calculus of objects that is both tiny and expressive. Our calculus provides a minimal setting in which to study the operational semantics and the typing rules of...
Prudent Engineering Practice for Cryptographic Protocols (1995)
We present principles for designing cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have...
Conjoining Specifications (1995)
Contents 1 Introduction 507 2 An Informal Overview 508 2.1 Decomposing Complete Systems : : : : : : : : : : : : : : : : : : : : 508 2.2 Composing Open Systems : : : : : : : : : : : : : : : : : : : :...
A Semantics of Object Types (1994)
: We give a semantics for a typed object calculus, an extension of System F with object subsumption and method override. We interpret the calculus in a per model, proving the soundness of both typing...
We describe a method for writing assumption/guarantee specifications of concurrent systems. We also provide a proof rule for reasoning about the composition of these systems. Specifications are...
A Theory of Primitive Objects - Untyped and First-Order Systems (1994)
We introduce simple object calculi that support method override and object subsumption. We give an untyped calculus, typing rules, and equational rules. We illustrate the expressiveness of our...
Authentication in the Taos Operating System (1994)
Edward Wobber, Martín Abadi, Michael Burrows, Butler Lampson
this paper we do not describe any formal notations or rules for propositional connectives. Instead, we use English keywords, like "if" and "then", and informal reasoning. 4 \Delta...
A Semantics for Static Type Inference in a Nondeterministic Language (1994)
Plotkin used the models of reduction in order to obtain a semantic characterization of static type inference in the pure -calculus. Here we apply these models to the study of a nondeterministic...
Dynamic Typing in Polymorphic Languages (1994)
Martín Abadi, Luca Cardelli, Benjamin Pierce, Didier Rémy, Robert W. Taylor
There are situations in programmingwhere some dynamic typing is needed, even in the presence of advanced static type systems. We investigate the interplay of dynamic types with other advanced type...
A logic for parametric polymorphism (1993)
Martín Abadi, Luca Cardelli, Pierre-louis Curien
A polymorphic function is parametric if its behavior does not depend on the type at which it is instantiated. Starting with Reynolds's work, the study of parametricity is typically semantic. In...
A logic for parametric polymorphism (1993)
Martín Abadi, Luca Cardelli, Pierre-louis Curien
A polymorphic function is parametric if its behavior does not depend on the type at which it is instantiated. Starting with Reynolds's work, the study of parametricity is typically semantic. In...
A logic for parametric polymorphism (1993)
Martín Abadi, Luca Cardelli, Pierre-louis Curien
A polymorphic function is parametric if its behavior does not depend on the type at which it is instantiated. Starting with Reynolds's work, the study of parametricity is typically semantic. In...
Authentication in the Taos Operating System (1993)
Edward Wobber, Martín Abadi, Mike Burrows, Butler Lampson, Robert W. Taylor
We describe a design for security in a distributed system and its implementation. In our design, applications gain access to security services through a narrow interface. This interface provides a...
An Axiomatization of Lamport's Temporal Logic of Actions (1993)
Lamport recently invented a temporal logic of actions suitable for expressing concurrent programs and for reasoning about their computations. In this logic, actions have syntactic representations,...
Conjoining Specifications (1993)
Martín Abadi, Leslie Lamport, Robert W. Taylor
We show how to specify components of concurrent systems. The specification of a system is the conjunction of its components' specifications. Properties of the system are proved by reasoning...
A Logic for Parametric Polymorphism (1993)
In this paper we introduce a logic for parametric polymorphism. Just as LCF is a logic for the simply-typed -calculus with recursion and arithmetic, our logic is a logic for System F. The logic...
An Old-Fashioned Recipe for Real Time (1993)
Contents 1 Introduction 1543 2 Closed Systems 1545 2.1 The Lossy-Queue Example : : : : : : : : : : : : : : : : : : : : : : : 1545 2.2 The Semantics of TLA : : : : : : : : : : : : : : : : : : : : : :...
Baby Modula-3 and a theory of objects (1993)
Martín Abadi, Robert W. Taylor
Baby Modula-3 is a small, functional, object-oriented programming language. It is intended as a vehicle for explaining the core of Modula-3, from a biased perspective: Baby Modula-3 includes the main...
Subtyping and Parametricity (1993)
Gordon Plotkin, Martín Abadi, Luca Cardelli
In this paper we study the interaction of subtyping and parametricity. We describe a logic for a programming language with parametric polymorphism and subtyping. The logic supports the formal...
A logic for parametric polymorphism (1993)
In this paper we introduce a logic for parametric polymorphism. Just as LCF is a logic for the simply-typed λ-calculus with recursion and arithmetic, our logic is a logic for System F. The logic...
A logical view of composition (1993)
Martín Abadi, Gordon D. Plotkin
We define two logics of safety specifications for reactive systems. The logics provide a setting for the study of composition rules. The two logics arise naturally from extant specification...
A calculus for access control in distributed systems (1993)
Martín Abadi, Michael Burrows, Butler Lampson, Gordon Plotkin
We study some of the concepts, protocols, and algorithms for access control in distributed systems, from a logical perspective. We account for how a principal may come to believe that another...
Composing Specifications (1993)
Digital Equipment Corporation A rigorous modular specification method requires a proof rule asserting that if each component behaves correctly in isolation, then it behaves correctly in concert with...
We describe a method for writing assumption/guarantee specifications of concurrent systems. We also provide a proof rule for reasoning about the composition of these systems. Specifications are...
This body of this paper appeared in ACM Transactions on Programming
A logic for parametric polymorphism (1993)
Martín Abadi, Luca Cardelli, Pierre-louis Curien
A polymorphic function is parametric if its behavior does not depend on the type at which it is instantiated. Starting with Reynolds's work, the study of parametricity is typically semantic. In...
Authentication in distributed systems: Theory and practice (1992)
Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber
Authentication in distributed systems: Theory and practice (1992)
Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber
Digital Equipment Corporation We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a ‘speaks for ’ relation between...
Linear Logic Without Boxes (1992)
Georges Gonthier, Martín Abadi, Jean-Jacques Lévy
Girard's original definition of proof nets for linear logic involves boxes. The box is the unit for erasing and duplicating fragments of proof nets. It imposes synchronization, limits sharing,...
Authentication in Distributed Systems: Theory and Practice (1992)
Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber
This paper appeared in ACM Trans. Computer Systems 10, 4 (Nov. 1992), pp 265-310. A preliminary version appeared in the Proceedings of the Thirteenth ACM Symposium on Operating Systems Principles.
An Old-Fashioned Recipe for Real Time (1992)
Martín Abadi, Leslie Lamport, Robert W. Taylor
Traditional methods for specifying and reasoning about concurrent systems work for real-time systems. Using TLA (the temporal logic of actions), we illustrate how they work with the examples of a...
The Geometry of Optimal Lambda Reduction (1992)
Georges Gonthier, Martín Abadi, Jean-Jacques Lévy
Lamping discovered an optimal graph-reduction implementation of the -calculus. Simultaneously, Girard invented the geometry of interaction, a mathematical foundation for operational semantics. In...
Dynamic Typing in Polymorphic Languages (1992)
Martín Abadi, Luca Cardelli, Benjamin Pierce, Didier Rémy, Inria Rocquencourt
Types The interaction between the use of Dynamic and abstract data types gives rise to a puzzling design issue: should the type tag of a dynamically typed value containing an element of an abstract...
Composing Specifications (1992)
ness. If is a set of agents, then two behaviors oe and are -equivalent iff, for all i 0: ---s i (oe) = s i ( ) ---a i+1 (oe) 2 iff a i+1 ( ) 2 . A set P of behaviors is -abstract iff, for any...
Authentication in Distributed Systems: (1992)
Theory And Practice, Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber
This paper appeared in ACM Trans. Computer Systems 10, 4 (Nov. 1992), pp 265-310. A preliminary version appeared in the Proceedings of the Thirteenth ACM Symposium on Operating Systems Principles
Authentication in distributed systems: Theory and practice (1992)
Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber
Digital Equipment Corporation We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a ‘speaks for ’ relation between...
Authentication in distributed systems: Theory and practice (1992)
Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber
Digital Equipment Corporation We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a ‘speaks for ’ relation between...
91 An Old-Fashioned Recipe for Real Time (1992)
Martín Abadi, Leslie Lamport, Martín Abadi, Leslie Lamport
DEC’s business and technology objectives require a strong research program. The Systems Research Center (SRC) and three other research laboratories are committed to filling that need. SRC began...
91 An Old-Fashioned Recipe for Real Time (1992)
Martín Abadi, Leslie Lamport, Martín Abadi, Leslie Lamport
DEC’s business and technology objectives require a strong research program. The Systems Research Center (SRC) and three other research laboratories are committed to filling that need. SRC began...
Faithful Ideal Models for Recursive Polymorphic Types (1991)
Martín Abadi, Benjamin Pierce, Gordon Plotkin
We explore ideal models for a programming language with recursive polymorphic types, variants of the model studied by MacQueen, Plotkin, and Sethi. The use of suitable ideals yields a close fit...
Decidability and Expressiveness for First-Order Logics of Probability (1991)
Martín Abadi, Joseph Y. Halpern
We consider decidability and expressiveness issues for two first-order logics of probability. In one, the probability is on possible worlds, while in the other, it is on the domain. It turns out that...
A Calculus for Access Control in Distributed Systems (1991)
Martín Abadi, Michael Burrows, Butler Lampson, Gordon Plotkin
This paper is a study of some of the concepts, protocols, and algorithms for security in distributed systems, with a focus on access control. Our treatment is fairly formal, as it is based on logics....
Faithful ideal models for recursive polymorphic types (1991)
Martín Abadi, Benjamin Pierce, Gordon Plotkin
We explore ideal models for a programming language with recursive polymorphic types, variants of the model studied by MacQueen, Plotkin, and Sethi. The use of suitable ideals yields a close fit...
A logic of authentication (1990)
Abstract. Frequently, communication between two principals reveals their identities and presence to third parties. These privacy breaches can occur even if security protocols are in use; indeed, they...
A logic of authentication (1990)
Abstract. Frequently, communication between two principals reveals their identities and presence to third parties. These privacy breaches can occur even if security protocols are in use; indeed, they...
Composing Specifications (1990)
Martín Abadi, Leslie Lamport, Robert W. Taylor
A rigorous modular specification method requires a proof rule asserting that if each component behaves correctly in isolation, then it behaves correctly in concert with other components. Such a rule...
Secure circuit evaluation - A protocol based on hiding information from an oracle (1990)
: We present a simple protocol for two-player secure circuit evaluation. The protocol enables players C and D to cooperate in the computation of f(x) while D conceals her data x from C and C conceals...
On Hiding Information from an Oracle (1989)
Martín Abadi, Joan Feigenbaum, Joe Kilian
: We consider the problem of computing with encrypted data. Player A wishes to know the value f(x) for some x but lacks the power to compute it. Player B has the power to compute f and is willing to...
Dynamic Typing in a Statically Typed Language (1989)
Martín Abadi, Luca Cardelli, Benjamin Pierce, Gordon Plotkin
Statically typed programming languages allow earlier error checking, better enforcement of disciplined programming styles, and generation of more efficient object code than languages where all type...
Faithful Ideal Models for Recursive Polymorphic Types (1989)
Martín Abadi, Benjamin Pierce, Gordon Plotkin
We explore ideal models for a programming language with recursive polymorphic types, variants of the model studied by MacQueen, Plotkin, and Sethi. The use of suitable ideals yields a close fit...
The Existence of Refinement Mappings (1988)
Refinement mappings are used to prove that a lower-level specification correctly implements a higher-level one. We consider specifications consisting of a state machine (which may be infinite-state)...
A Theory of Primitive Objects - Second-Order Systems
We describe a second-order calculus of objects. The calculus supports object subsumption, method override, and the type Self. It is constructed as an extension of System F with subtyping, recursion,...
TT-Closed Relations and Admissibility
This paper reformulates and studies Pitts's operational concept of