Complexity of Fairness Constraints for the Dolev-Yao Attacker Model
Complexity of Fairness Constraints for the Dolev-Yao Attacker Model, Proc ACM Symp. on Appl. Computing, Taichung, Taiwan, Vol. 26, pp. 1507 - 1514, March, 2011.
Digital Object Identifier:
Download Full text PDF ( 234 KBs)
Liveness properties do, in general, not hold in the Dolev-Yao attacker model, unless we assume that certain communication channels are resilient, i.e. they do not lose messages. The resilient channels assumption can be seen as a fairness constraint for the Dolev-Yao attacker model. Here we study the complexity of expressing such fairness constraints for the most common interpretation of the Dolev-Yao model, in which the attacker is the communication medium. We give reference models which describe how resilient channels behave, with unbounded and bounded communication buffers. Then we show that, for checking liveness security requirements, any fairness constraint that makes this common interpretation of the Dolev-Yao model sound and complete w.r.t. the unbounded (resp. bounded) reference model is not an ω-regular (resp. locally testable) language. These results stem from the complexity of precisely capturing the behavior of resilient channels, and indicate that veriﬁcation of liveness security requirements in this interpretation of the Dolev-Yao model cannot be automated efficiently.