Lecture 5
12
Theorem proving
nBased
on a set of inference rules that model a satisfiability relation S sat P
nExample: parallel rule
Forall i. (Si sat (R precedes T))
(|||i Si ) sat (R precedes T)
nProperties of the
inference system:
nSemiautomatic (invariant needed for recursive
definitions)
nSound and relatively complete
nAll the properties
of the Yahalom protocol seen in previous lecture
can be easily verified using this system (see proofs in the book of Ryan and Schneider)
