A reduced semantics for deciding trace equivalence using constraint systems
This work addresses a practical bottleneck in automated verification of privacy properties for security protocols, though it is incremental as it builds on existing techniques.
The paper tackles the combinatorial explosion problem in deciding trace equivalence for security protocols by generalizing and adapting partial order reduction techniques from reachability to equivalence checking, resulting in a reduced symbolic semantics that eliminates redundant interleavings.
Many privacy-type properties of security protocols can be modelled using trace equivalence properties in suitable process algebras. It has been shown that such properties can be decided for interesting classes of finite processes (i.e., without replication) by means of symbolic execution and constraint solving. However, this does not suffice to obtain practical tools. Current prototypes suffer from a classical combinatorial explosion problem caused by the exploration of many interleavings in the behaviour of processes. Mödersheim et al. have tackled this problem for reachability properties using partial order reduction techniques. We revisit their work, generalize it and adapt it for equivalence checking. We obtain an optimization in the form of a reduced symbolic semantics that eliminates redundant interleavings on the fly.