references.bib

%% This BibTeX bibliography file was created using BibDesk.
%% http://bibdesk.sourceforge.net/


%% Created for Robert Kuennemann at 2016-07-26 09:57:27 +0200 


%% Saved with string encoding Unicode (UTF-8) 

@string{sv = {Springer}}

@string{acm = {ACM Press}}

@string{ieee = {IEEE Computer Society Press}}

@string{elsevier = {Elsevier Science Publishers Ltd.}}

@string{commacm = {Communications of the ACM}}

@string{acmccs03 = {Proc.\ 10th ACM CCS}}

@string{acmccs08 = {Proc.\ 15th ACM CCS}}

@string{acmccs09 = {Proc.\ 16th ACM CCS}}

@string{acmccs10 = {Proc.\ 17th ACM CCS}}

@string{acmccs11 = {Proc.\ 18th ACM CCS}}

@string{acmccs12 = {Proc.\ 19th ACM CCS}}

@string{acmccs13 = {Proc.\ 20th ACM CCS}}

@string{acmccs14 = {Proc.\ 21th ACM CCS}}

@string{csf11 = {Proc.\ 24th IEEE CSF}}

@string{csf14 = {Proc.\ 27th IEEE CSF}}

@string{csf15 = {Proc.\ 28th IEEE CSF}}

@string{cav13 = {Proc.\ 25th CAV}}

@string{esop05 = {Proc.\ 14th ESOP}}

@string{fse12 = {Proc.\ 18th ACM FSE}}

@string{fse14 = {Proc.\ 20th ACM FSE}}

@string{lics05 = {Proc.\ 20th IEEE LICS}}

@string{post16 = {Proc.\ 5rd POST}}

@string{post14 = {Proc.\ 3rd POST}}

@string{post13 = {Proc.\ 2nd POST}}

@string{post12 = {Proc.\ 1nd POST}}

@string{sp07 = {Proc.\ 28th IEEE S\&P}}

@string{sp15 = {Proc.\ 36th IEEE S\&}}

@string{spsm14 = {Proc.\ 4th ACM SPSM}}

@string{asiaccs16 = {Proc.\ ACM AsiaCCS}}

@string{tcs = {TCS}}

@string{lncs = {LNCS}}

@article{lamport1977proving,
  title={Proving the correctness of multiprocess programs},
  author={Lamport, Leslie},
  journal={IEEE transactions on software engineering},
  number={2},
  pages={125--143},
  year={1977},
  publisher={IEEE}
}

@inproceedings{AF-popl01,
  Author =	 {Mart\'{i}n Abadi and Cédric Fournet},
  Booktitle =	 {28th ACM Symp. on Principles of Programming
                  Languages (POPL'01)},
  Pages =	 {104-115},
  Publisher =	 {ACM},
  Title =	 {Mobile Values, New Names, and Secure Communication},
  Year =	 2001
}

@inproceedings{ARR-csf11,
  Author =	 {Myrto Arapinis and Eike Ritter and Mark Ryan},
  Booktitle =	 {24th {IEEE} Computer Security Foundations
                  Symposium (CSF'11)},
  Pages =	 {33-47},
  Publisher =	 {{IEEE} Comp. Soc.},
  Title =	 {StatVerif: Verification of Stateful Processes},
  Year =	 2011
}

@InProceedings{ASW97,
  author =	 "N. Asokan and Matthias Schunter and Michael Waidner",
  title =	 "Optimistic Protocols for Fair Exchange",
  pages =	 "8--17",
  booktitle =	 "4th {ACM} Conference on Computer and Communications
                  Security",
  address =	 "Zurich, Switzerland",
  year =	 1997,
  publisher =	 "ACM",
  month =	 apr,
  OPTeditor =	 "Tsutomu Matsumoto",
}

@article{AbadiCortierTCS06,
  Author =	 {Mart{\'\i}n Abadi and V\'eronique Cortier},
  Journal =	 {Theoretical Computer Science},
  Number =	 {1-2},
  Pages =	 {2-32},
  Title =	 {Deciding knowledge in security protocols under
                  equational theories},
  Volume =	 387,
  Year =	 2006
}

@inproceedings{Asokan1998a,
  Author =	 {Asokan, N. and Shoup, Victor and Waidner,
                  Michael},
  Booktitle =	 {IEEE Symposium on Security and Privacy (S\&P'98)},
  Pages =	 {86--99},
  Title =	 {Asynchronous protocols for optimistic fair exchange},
  Year =	 1998,
  Publisher =	 {{IEEE} Comp. Soc.},
}

@inproceedings{BCFS-ccs10,
  Author =	 {Bortolozzo, Matteo and Centenaro, Matteo and
                  Focardi, Riccardo and Steel, Graham},
  Booktitle =	 {17th {ACM} {C}onference on {C}omputer and
                  {C}ommunications {S}ecurity ({CCS}'10)},
  Pages =	 {260-269},
  Publisher =	 {ACM},
  Title =	 {Attacking and Fixing {PKCS}\#11 Security Tokens},
  Year =	 2010
}

@article{BCLM-jcs05,
  Author =	 {Stefano Bistarelli and Iliano Cervesato and Gabriele
                  Lenzini and Fabio Martinelli},
  Journal =	 {Journal of Computer Security},
  Number =	 1,
  Pages =	 {3-47},
  Title =	 {Relating multiset rewriting and process algebras for
                  security protocol analysis},
  Volume =	 13,
  Year =	 2005
}

@inproceedings{BDS-ccs15,
  author =	 {David A. Basin and Jannik Dreier and Ralf Sasse},
  title =	 {Automated Symbolic Proofs of Observational
                  Equivalence},
  booktitle =	 {22nd Conference on Computer and Communications
                  Security (CCS'15)},
  pages =	 {1144--1155},
  year =	 2015,
  publisher =	 {{ACM}},
}

@Article{BenOrcontract,
  author =	 "Michael Ben-Or and Oded Goldreich and Silvio Micali
                  and Ronald L. Rivest",
  title =	 "A Fair Protocol for Signing Contracts",
  journal =	 "IEEE Transaction on Information Theory",
  number =	 1,
  pages =	 "40--46",
  volume =	 36,
  year =	 1990,
  month =	 jan,
}

@INPROCEEDINGS{BlanchetAbadiFournetLICS05,
  AUTHOR =	 {Bruno Blanchet and Martín Abadi and C{\'e}dric
                  Fournet},
  TITLE =	 {Automated {V}erification of {S}elected
                  {E}quivalences for {S}ecurity {P}rotocols},
  BOOKTITLE =	 {Symposium on Logic in Computer Science (LICS'05)},
  PAGES =	 {331-340},
  YEAR =	 2005,
  ADDRESS =	 {Chicago, IL},
  MONTH =	 JUN,
  PUBLISHER =	 {{IEEE} Comp. Soc.}
}

@inproceedings{BreakingGoogle-FMSE2008,
  Author =	 {Alessandro Armando and Roberto Carbone and Luca
                  Compagna and Jorge Cuellar and Llanos Tobarra Abad},
  Booktitle =	 {6th ACM Workshop on Formal Methods in
                  Security Engineering (FMSE'08)},
  Pages =	 {1--10},
  Title =	 {Formal Analysis of SAML 2.0 Web Browser Single
                  Sign-On: Breaking the SAML-based Single Sign-On for
                  Google Apps},
  Year =	 2008
}

@Article{CCCK16,
  author =	 {Chadha, Rohit and Cheval, Vincent and
                  Ciob{\^a}c{\u{a}}, {\c{S}}tefan and Kremer, Steve},
  title =	 {Automated verification of equivalence properties of
                  cryptographic protocols},
  journal =	 {ACM Transactions on Computational Logic},
  year =	 2016,
  url =		 {https://hal.inria.fr/hal-01306561/document},
  note =	 {To appear}
}

@InProceedings{CCS2012-Cyrille,
  author =	 {V\'eronique Cortier and Graham Steel and Cyrille
                  Wiedling},
  title =	 {Revoke and Let Live: A Secure Key Revocation API for
                  Cryptographic Devices},
  booktitle =	 {19th ACM Conference on Computer and Communications
                  Security (CCS'12)},
  year =	 2012,
  address =	 {Raleigh, USA},
  month =	 {October},
  pages =	 {918-928},
  doi =		 {10.1145/2382196.2382293},
  publisher =	 {ACM},
}

@inproceedings{CD-fmse06,
  author =	 {Jan Cederquist and Muhammad Torabi Dashti},
  title =	 {An intruder model for verifying liveness in security
                  protocols},
  booktitle =	 {{ACM} Workshop on Formal methods in security
                  engineering, ({FMSE}'06)},
  pages =	 {23--32},
  year =	 2006,
  doi =		 {10.1145/1180337.1180340},
}

@article{CKS-jar2005,
  author =	 {Chadha, Rohit and Kremer, Steve and Scedrov, Andre},
  DOI =		 {10.1007/s10817-005-9019-5},
  journal =	 {Journal of Automated Reasoning},
  month =	 jan,
  number =	 {1-2},
  pages =	 {39-83},
  publisher =	 {Springer},
  title =	 {Formal Analysis of Multi-Party Contract Signing},
  volume =	 36,
  year =	 2006,
  nmonth =	 1,
}


@InProceedings{CMSS2003,
  Author =	 {Rohit Chadha and John C. Mitchell and Andre Scedrov
                  and Vitaly Shmatikov},
  Title =	 {Contract signing, optimism, and advantage},
  BookTitle =	 {CONCUR 2003 --- Concurrency Theory},
  pages =	 {366--382},
  Volume =	 2761,
  OPTeditor =	 {R. Amadio and D. Lugiez},
  Series =	 lncs,
  Publisher =	 {Springer-Verlag},
  month =	 sep,
  year =	 2003,
  address =	 {Marseille, France},
}

@InProceedings{ChadhaKanovichScedrov2001,
  author =	 "Rohit Chadha and Max Kanovich and Andre Scedrov",
  title =	 "Inductive methods and contract-signing protocols",
  pages =	 "176--185",
  booktitle =	 "8th {ACM} Conference on Computer and Communications
                  Security",
  year =	 2001,
  OPTeditor =	 "Pierangela Samarati",
  month =	 nov,
  publisher =	 "ACM",
  address =	 "Philadelphia, PA, USA",
}

@proceedings{DBLP:conf/csfw/1998,
  Bibsource =	 {dblp computer science bibliography, http://dblp.org},
  Biburl =	 {http://dblp.uni-trier.de/rec/bib/conf/csfw/1998},
  Isbn =	 {0-8186-8488-7},
  Publisher =	 {{IEEE} Comp. Soc.},
  Timestamp =	 {Fri, 13 May 2016 11:52:53 +0200},
  Title =	 {Proceedings of the 11th {IEEE} Computer Security
                  Foundations Workshop, Rockport, Massachusetts, USA,
                  June 9-11, 1998},
  Url =
                  {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=5606},
  Year =	 1998,
  Bdsk-Url-1 =
                  {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=5606}
}

@inproceedings{DBLP:conf/csfw/Schneider98,
  Author =	 {Steve Schneider},
  Bibsource =	 {dblp computer science bibliography, http://dblp.org},
  Biburl =
                  {http://dblp.uni-trier.de/rec/bib/conf/csfw/Schneider98},
  Booktitle =	 {11th {IEEE} Computer Security
                  Foundations Workshop (CSFW'98)},
  Doi =		 {10.1109/CSFW.1998.683155},
  Pages =	 {54--65},
  Title =	 {Formal Analysis of a Non-Repudiation Protocol},
  Year =	 1998,
}

@inproceedings{DKRS-csf11,
  Acronym =	 {{CSF}'11},
  Author =	 {Delaune, St{\'e}phanie and Kremer, Steve and Ryan,
                  Mark D. and Steel, Graham},
  Booktitle =	 {24th {IEEE} {C}omputer {S}ecurity
                  {F}oundations {S}ymposium ({CSF}'11)},
  Pages =	 {66-82},
  Publisher =	 {{IEEE} Comp. Soc.},
  Title =	 {Formal analysis of protocols based on {TPM} state
                  registers},
  Year =	 2011
}

@article{DKS-jcs09,
  Author =	 {Delaune, St{\'e}phanie and Kremer, Steve and Steel,
                  Graham},
  Doi =		 {10.3233/JCS-2009-0394},
  Journal =	 {Journal of Computer Security},
  Month =	 nov,
  Number =	 6,
  Pages =	 {1211-1245},
  Publisher =	 {{IOS}},
  Title =	 {Formal Analysis of {PKCS\#11} and Proprietary
                  Extensions},
  Url =
                  {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DKS-jcs09.pdf},
  Volume =	 18,
  Year =	 2010,
  Bdsk-Url-1 =
                  {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DKS-jcs09.pdf},
  Bdsk-Url-2 =	 {http://dx.doi.org/10.3233/JCS-2009-0394}
}

@incollection{Delaune2011A-Formal-Analys,
  Author =	 {Delaune, St{\'e}phanie and Kremer, Steve and Ryan,
                  MarkD. and Steel, Graham},
  Booktitle =	 {Formal Aspects of Security and Trust},
  Date-Added =	 {2013-05-07 15:37:08 +0000},
  Date-Modified ={2013-05-07 15:37:15 +0000},
  Doi =		 {10.1007/978-3-642-19751-2_8},
  OPTEditor =	 {Degano, Pierpaolo and Etalle, Sandro and Guttman,
                  Joshua},
  Isbn =	 {978-3-642-19750-5},
  Pages =	 {111-125},
  Publisher =	 {Springer Berlin Heidelberg},
  Series =	 {Lecture Notes in Computer Science},
  Title =	 {A Formal Analysis of Authentication in the TPM},
  Url =		 {http://dx.doi.org/10.1007/978-3-642-19751-2_8},
  Volume =	 6561,
  Year =	 2011,
  Bdsk-Url-1 =	 {http://dx.doi.org/10.1007/978-3-642-19751-2_8}
}

@Article{Even1985,
  author =	 "Shimon Even and Oded Goldreich and Abraham Lempel",
  title =	 "A randomized protocol for signing contracts",
  journal =	 "Communications of the ACM",
  volume =	 28,
  number =	 6,
  pages =	 "637--647",
  month =	 jun,
  year =	 1985,
}

@TechReport{EvenYacobi1980,
  author =	 {Shimon Even and Yacov Yacobi},
  title =	 {Relations among Public Key Signature Systems},
  institution =	 {Technion},
  year =	 1980,
  number =	 175,
  address =	 {Haifa, Israel},
  month =	 mar,
}

@inproceedings{Froschle2010Reasoning-with-,
  Author =	 {Sibylle B. Fr{\"o}schle and Nils Sommer},
  Booktitle =	 {7th International Workshop on Formal Aspects
                  in Security and Trust (FAST'10)},
  Date-Added =	 {2013-05-07 13:32:00 +0000},
  Date-Modified ={2013-05-07 13:32:00 +0000},
  Pages =	 {96-110},
  Series =	 {LNCS},
  Title =	 {Reasoning with Past to Prove {PKCS}\#11 Keys Secure},
  Volume =	 6561,
  Year =	 2010
}

@inproceedings{GJM99,
  Author =	 {Juan A. Garay and Markus Jakobsson and Philip
                  D. MacKenzie},
  Booktitle =	 {Advances in Cryptology---{Crypto'99}},
  Pages =	 {449--466},
  Publisher =	 {Springer},
  Series =	 lncs,
  Title =	 {Abuse-Free Optimistic Contract Signing},
  Volume =	 1666,
  Year =	 1999
}

@article{GR-fac05,
  author =	 {Sigrid G{\"{u}}rgens and Carsten Rudolph},
  title =	 {Security analysis of efficient (Un-)fair
                  non-repudiation protocols},
  journal =	 {Formal Asp. Comput.},
  volume =	 17,
  number =	 3,
  pages =	 {260--276},
  year =	 2005,
  url =		 {http://dx.doi.org/10.1007/s00165-004-0055-4},
  doi =		 {10.1007/s00165-004-0055-4},
}

@article{Guttman-jar12,
  Author =	 {Joshua D. Guttman},
  Journal =	 {J. Autom. Reasoning},
  Number =	 2,
  Pages =	 {159-195},
  Title =	 {State and Progress in Strand Spaces: Proving Fair
                  Exchange},
  Volume =	 48,
  Year =	 2012
}

@manual{IBMCCAGuide,
  Key =		 {{CCA} {B}asic {S}ervices {R}eference and {G}uide},
  Month =	 Oct,
  Note =	 {Available online},
  Title =	 {{CCA} {B}asic {S}ervices {R}eference and {G}uide},
  Year =	 2006
}

@inproceedings{K-post2015,
  Author =	 {K{\"u}nnemann, Robert},
  Booktitle =	 {4th {C}onference on {P}rinciples of
                  {S}ecurity and {T}rust (POST'15)},
  Pages =	 {219-238},
  Publisher =	 {Springer},
  Series =	 lncs,
  Title =	 {Automated backward analysis of {PKCS}\#11 v2.20},
  Volume =	 9036,
  Year =	 2015
}

@inproceedings{KK-sp2014,
  Author =	 {Kremer, Steve and K{\"u}nnemann, Robert},
  Booktitle =	 {35th IEEE Symposium on Security and Privacy
                  (S\&P'14)},
  Doi =		 {10.1109/SP.2014.18},
  Pages =	 {163--178},
  Publisher =	 {{IEEE} Comp. Soc.},
  Title =	 {Automated Analysis of Security Protocols with Global
                  State},
  Year =	 2014,
  Bdsk-Url-1 =	 {http://dx.doi.org/10.1109/SP.2014.18}
}

@inproceedings{KS-stm12,
  Author =	 {K{\"u}nnemann, Robert and Steel, Graham},
  Booktitle =	 {{P}roc. 8th {W}orkshop on {S}ecurity and {T}rust
                  {M}anagement ({STM}'12)},
  Pages =	 {257-272},
  Series =	 lncs,
  Title =	 {{Y}ubi{S}ecure? {F}ormal Security Analysis Results
                  for the {Y}ubikey and {Y}ubi{HSM}},
  Volume =	 7783,
  Year =	 2012
}

@article{KremerKunnemann-jcs16,
  author =	 {Kremer, Steve and K{\"u}nnemann, Robert},
  DOI =		 {10.3233/JCS-2009-0394},
  journal =	 {Journal of Computer Security},
  publisher =	 {{IOS}},
  title =	 {Automated analysis of security protocols with global
                  state},
  year =	 2016,
  note =	 {To appear},
}

@article{KremerMarkowitchZhou2002,
  Abstract =	 {With the phenomenal growth of the Internet and open
                  networks in general, security services, such as
                  non-repudiation, become crucial to many
                  applications.  Non-repudiation services must ensure
                  that when Alice sends some information to Bob over a
                  network, neither Alice nor Bob can deny having
                  participated in a part or the whole of this
                  communication. Therefore a non-repudiation protocol
                  has to generate non-repudiation of origin evidences
                  intended to Bob, and non-repudiation of receipt
                  evidences destined to Alice. In this paper, we
                  clearly define the properties a non-repudiation
                  protocol must respect, and give a survey of the most
                  important non-repudiation protocols. We describe
                  protocols without and with trusted third party
                  (TTP). For the later ones we discuss the evolution
                  of the TTP's involvement and, between others,
                  describe the most recent protocol using a
                  transparent TTP. We also discuss some ad-hoc
                  problems related to the management of
                  non-repudiation evidences and shortly overview
                  several efforts to formally verify these protocols.},
  Author =	 {Kremer, Steve and Markowitch, Olivier and Zhou,
                  Jianying},
  Journal =	 {Computer Communications},
  Month =	 nov,
  Nmonth =	 11,
  Number =	 17,
  Pages =	 {1606-1621},
  Publisher =	 {Elsevier Science Publishers},
  Title =	 {An Intensive Survey of Fair Non-repudiation
                  Protocols},
  Url =
                  {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/comcom02.pdf},
  Volume =	 25,
  Year =	 2002,
  Bdsk-Url-1 =
                  {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/comcom02.pdf}
}

@inproceedings{KremerRaskin2002,
  abstract =	 {In this paper we report on the verification of two
                  contract signing protocols. Our verification method
                  is based on the idea of modeling those protocols as
                  games, and reasoning about their properties as
                  strategies for players. We use the formal model of
                  alternating transition systems to represent the
                  protocols and alternating-time temporal logic to
                  specify properties. The paper focuses on the
                  verification of abuse-freeness, relates this
                  property to the balance property, previously studied
                  using two other formalisms, shows some ambugities in
                  the definition of abuse-freeness and proposes a new,
                  stronger definition. Formal methods are not only
                  useful here to verify automatically the protocols
                  but also to better understand their requirements
                  (balance and abuse-freeness are quite complicated
                  and subtle properties).},
  address =	 {Cape Breton, Nova Scotia, Canada},
  author =	 {Kremer, Steve and Raskin, Jean-Fran{\c{c}}ois},
  booktitle =	 {{P}roceedings of the 15th {IEEE} {C}omputer
                  {S}ecurity {F}oundations {W}orkshop ({CSFW}'02)},
  month =	 jun,
  pages =	 {206-220},
  publisher =	 {{IEEE} Comp. Soc.},
  title =	 {Game Analysis of Abuse-Free Contract Signing},
  year =	 2002,
  acronym =	 {{CSFW}'02},
  nmonth =	 6,
  url =
                  {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/Kremer-csfw15.ps},
}

@article{KremerRaskin2003,
  abstract =	 {In this paper, we report on a recent work for the
                  verification of non-repudiation protocols. We
                  propose a verification method based on the idea that
                  non-repudiation protocols are best modeled as games.
                  To formalize this idea, we use alternating
                  transition systems, a game based model, to model
                  protocols and alternating temporal logic, a game
                  based logic, to express requirements that the
                  protocols must ensure.  This method is automated by
                  using the model-checker {\scshape Mocha}, a
                  model-checker that supports the alternating
                  transition systems and the alternating temporal
                  logic. Several optimistic protocols are analyzed
                  using {\scshape Mocha}.},
  author =	 {Kremer, Steve and Raskin, Jean-Fran{\c{c}}ois},
  journal =	 {Journal of Computer Security},
  number =	 3,
  pages =	 {399-429},
  publisher =	 {{IOS}},
  title =	 {A Game-Based Verification of Non-Repudiation and
                  Fair Exchange Protocols},
  volume =	 11,
  year =	 2003,
  url =
                  {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/Kremer-gameNRextended.ps},
}

@inproceedings{Lowe1996,
  Author =	 {Gavin Lowe},
  Booktitle =	 {2nd International Workshop on Tools and
                  Algorithms for Construction and Analysis of Systems
                  ({TACAS}'96)},
  Pages =	 {147-166},
  Publisher =	 {Springer},
  Series =	 lncs,
  Title =	 {Breaking and fixing the {N}eedham-{S}chroeder
                  public-key protocol using {FDR}},
  Volume =	 1055,
  Year =	 1996
}

@phdthesis{Meier2013a,
  Author =	 {Meier, Simon},
  Date-Added =	 {2016-07-27 07:16:06 +0000},
  Date-Modified ={2016-07-27 07:16:09 +0000},
  School =	 {Diss., Eidgen{\"o}ssische Technische Hochschule ETH
                  Z{\"u}rich, Nr. 20742},
  Title =	 {Advancing automated security protocol verification},
  Year =	 2013
}

@inproceedings{Modersheim-ccs10,
  Author =	 {Sebastian M{\"o}dersheim},
  Booktitle =	 {17th ACM Conference on Computer and
                  Communications Security (CCS'10)},
  Pages =	 {351-360},
  Publisher =	 {ACM},
  Title =	 {Abstraction by set-membership: verifying security
                  protocols and web services with databases},
  Year =	 2010
}

@manual{PKCS11,
  Address =	 {v2.20},
  Month =	 {June},
  Organization = {RSA Security Inc.},
  Title =	 {{PKCS} \#11: Cryptographic Token Interface
                  Standard.},
  Year =	 2004
}

@inproceedings{RDGR-ifm14,
  Author =	 {John D. Ramsdell and Daniel J. Dougherty and Joshua
                  D. Guttman and Paul D. Rowe},
  Booktitle =	 {11th International Conference on Integrated
                  Formal Methods ({IFM}'14)},
  Doi =		 {10.1007/978-3-319-10181-1},
  Pages =	 {272--287},
  Publisher =	 {Springer},
  Series =	 lncs,
  Title =	 {A Hybrid Analysis for Security Protocols with State},
  Volume =	 8739,
  Year =	 2014,
  Bdsk-Url-1 =	 {http://dx.doi.org/10.1007/978-3-319-10181-1}
}

@inproceedings{SMCB-cav13,
  Author =	 {Benedikt Schmidt and Simon Meier and Cas Cremers and
                  David Basin},
  Booktitle =	 {25th International Conference on Computer
                  Aided Verification (CAV'13)},
  Pages =	 {696-701},
  Publisher =	 {Springer},
  Series =	 LNCS,
  Title =	 {The TAMARIN Prover for the Symbolic Analysis of
                  Security Protocols},
  Volume =	 8044,
  Year =	 2013
}

@inproceedings{SMCB-csf12,
  Author =	 {Benedikt Schmidt and Simon Meier and Cas Cremers and
                  David Basin},
  Booktitle =	 {25th {IEEE} Computer Security Foundations
                  Symposium (CSF'12)},
  Pages =	 {78-94},
  Publisher =	 {{IEEE} Comp. Soc.},
  Title =	 {Automated Analysis of {Diffie-Hellman} Protocols and
                  Advanced Security Properties},
  Year =	 2012
}

@inproceedings{SQFW-asiaccs15,
  Author =	 {Jianxiong Shao and Yu Qin and Dengguo Feng and
                  Weijin Wang},
  Booktitle =	 {10th {ACM} Symposium on Information, Computer
                  and Communications Security ({ASIA} {CCS} '15)},
  Pages =	 {273--284},
  Publisher =	 {{ACM}},
  Title =	 {Formal Analysis of Enhanced Authorization in the
                  {TPM} 2.0},
  Year =	 2015
}

@inproceedings{SSCB-sp2014,
  Author =	 {Benedikt Schmidt and Ralf Sasse and Cas Cremers and
                  David A. Basin},
  Booktitle =	 {35th IEEE Symposium on Security and Privacy
                  (S\&P'14)},
  Doi =		 {10.1109/SP.2014.19},
  Pages =	 {179--194},
  Publisher =	 {{IEEE} Comp. Soc.},
  Title =	 {Automated Verification of Group Key Agreement
                  Protocols},
  Year =	 2014,
  Bdsk-Url-1 =	 {http://dx.doi.org/10.1109/SP.2014.19}
}

@inbook{Shmatikov2001,
  Address =	 {Berlin, Heidelberg},
  Author =	 {Shmatikov, Vitaly and Mitchell, John C.},
  Booktitle =	 {Financial Cryptography: 4th International
                  Conference, FC 2000 Anguilla, British West Indies,
                  February 20--24, 2000 Proceedings},
  Doi =		 {10.1007/3-540-45472-1_13},
  OPTEditor =	 {Frankel, Yair},
  Isbn =	 {978-3-540-45472-4},
  Pages =	 {174--191},
  Publisher =	 {Springer Berlin Heidelberg},
  Title =	 {Analysis of Abuse-Free Contract Signing},
  Url =		 {http://dx.doi.org/10.1007/3-540-45472-1_13},
  Year =	 2001,
  Bdsk-Url-1 =	 {http://dx.doi.org/10.1007/3-540-45472-1_13}
}

@misc{TCG,
  Author =	 {{T}rusted {C}omputing {G}roup},
  Key =		 {TCG},
  Note =	 {Available at
                  \url{http://www.trustedcomputinggroup.org/resources/tpm_main_specification}},
  Title =	 {{TPM Specification version 1.2. Parts 1--3, revision
                  103}},
  Year =	 2007
}

@article{THG-jcs99,
  Author =	 {F. Javier {Thayer Fabrega} and Jonathan C. Herzog
                  and Joshua D. Guttman},
  Journal =	 {Journal of Computer Security},
  Number =	 {2/3},
  Pages =	 {191--230},
  Title =	 {Strand Spaces: Proving Security Protocols Correct},
  Volume =	 7,
  Year =	 1999
}

@InProceedings{Tedrickfair,
  Author =	 "Tom Tedrick",
  Title =	 "Fair Exchange of Secrets",
  BookTitle =	 "Advances in Cryptology---{Crypto 1984}",
  OPTEditor =	 "G. R. Blakley and D. C. Chaum",
  Volume =	 196,
  Series =	 lncs,
  Pages =	 "434--438",
  Publisher =	 "Springer-Verlag",
  year =	 1985,
}

@misc{Yubicos-custome,
  Author =	 {{Yubico AB}},
  Note =	 {Accessed: Do 13 Nov 2014 08:33:34 CET},
  Title =	 {Yubico customer list},
  Url =		 { https://www.yubico.com/about/reference-customers/},
  Year =	 2014,
  Bdsk-Url-1 =
                  {%09https://www.yubico.com/about/reference-customers/}
}

@inproceedings{armando05AVISPA,
  Author =	 {Alessandro Armando and David A. Basin and Yohan
                  Boichut and Yannick Chevalier and Luca Compagna and
                  Jorge Cu{\'e}llar and Paul Hankes Drielsma and
                  Pierre-Cyrille H{\'e}am and Olga Kouchnarenko and
                  Jacopo Mantovani and Sebastian M{\"o}dersheim and
                  David von Oheimb and Micha{\"e}l Rusinowitch and
                  Judson Santiago and Mathieu Turuani and Luca
                  Vigan{\`o} and Laurent Vigneron},
  Booktitle =	 {17th International Conference on Computer
                  Aided Verification (CAV'05)},
  Pages =	 {281-285},
  Publisher =	 {Springer},
  Series =	 LNCS,
  Title =	 {The {AVISPA} Tool for the Automated Validation of
                  Internet Security Protocols and Applications.},
  Year =	 2005
}

@phdthesis{benschmi-thesis,
  Author =	 {Benedikt Schmidt},
  Month =	 {November},
  School =	 {ETH Z\"{u}rich},
  Title =	 {Formal Analysis of Key-Exchange Protocols and
                  Physical Protocols},
  Year =	 2012
}

@inproceedings{blanchetcsfw01,
  Author =	 {Bruno Blanchet},
  Booktitle =	 {14th Computer Security Foundations Workshop
                  (CSFW'01)},
  Pages =	 {82--96},
  Publisher =	 {{IEEE} Comp. Soc.},
  Title =	 {An {E}fficient {C}ryptographic {P}rotocol {V}erifier
                  {B}ased on {P}rolog {R}ules},
  Year =	 2001
}

@INPROCEEDINGS{BlanchetSAS02,
  AUTHOR = {Bruno Blanchet},
  TITLE = {From {S}ecrecy to {A}uthenticity in {S}ecurity {P}rotocols},
  BOOKTITLE = {9th International Static Analysis Symposium (SAS'02)},
  PAGES = {342--359},
  YEAR = 2002,
  EDITOR = {Manuel Hermenegildo and Germ{\'a}n Puebla},
  VOLUME = 2477,
  SERIES = {Lecture Notes in Computer Science},
  ADDRESS = {Madrid, Spain},
  MONTH = SEP,
  PUBLISHER = {Springer}
}


@article{bond01api,
  Author =	 {M. Bond and R. Anderson},
  Journal =	 {IEEE Computer Magazine},
  Month =	 {October},
  Pages =	 {67-75},
  Title =	 {{API} level attacks on embedded systems},
  Year =	 2001
}

@inproceedings{enhanced-authorization,
  Author =	 {tbd.},
  Booktitle =	 {10th ACM Symposium on Information, Computer
                  and Communications Security (ASIACCS'15)},
  Note =	 {to appear.},
  Publisher =	 {ACM},
  Title =	 {Formal Analysis of Enhanced Authorization in the TPM
                  2.0},
  Year =	 2015
}

@article{herzog06applying,
  Author =	 {Herzog, Jonathan},
  Journal =	 {IEEE Security \& Privacy Magazine},
  Month =	 {July-Aug},
  Number =	 4,
  Pages =	 {84--87},
  Title =	 {Applying protocol analysis to security device
                  interfaces},
  Volume =	 4,
  Year =	 2006
}

@article{journals/tcs/ShmatikovM02,
  Author =	 {Shmatikov, Vitaly and Mitchell, John C.},
  Journal =	 {Theor. Comput. Sci.},
  Number =	 2,
  Pages =	 {419-450},
  Title =	 {Finite-state analysis of two contract signing
                  protocols.},
  Volume =	 283,
  Year =	 2002,
}

@article{longley92automatic,
  Author =	 {Dennis Longley and Simon Rigby},
  Journal =	 {Computers and Security},
  Month =	 {March},
  Number =	 1,
  Pages =	 {75--89},
  Publisher =	 {Elsevier},
  Title =	 {An Automatic Search for Security Flaws in Key
                  Management Schemes},
  Volume =	 11,
  Year =	 1992
}

@Misc{micalicertifiedmail,
  Author =	 "Silvio Micali",
  Title =	 "Certified {E}-Mail with Invisible Post Offices",
  HowPublished = "Available from author; an invited presentation at
                  the RSA 1997 conference",
  year =	 1997,
}

@inproceedings{moedersheim-revisit2004,
  Abstract =	 {We revisit the analysis of the ASW contract signing
                  protocol and use a unified view of the protocol as a
                  whole as a basis to reason about the protocol and
                  its objectives.  This line of reasoning yields a
                  simpler and clearer model of agents and protocol
                  objectives which is within the scope of standard
                  security analysis methods, as it does not require
                  fairness constraints and uses only standard
                  authentication and secrecy properties. We also
                  analyse this model for finitely and infinitely many
                  sessions of the protocol using the automated
                  analysis tools OFMC and its extension OFMC-FP.},
  Author =	 {Paul Hankes Drielsma and Sebastian M{\"o}dersheim},
  Booktitle =	 {Automated Reasoning for Security Protocol Analysis
                  (ARSPA)},
  Month =	 {July},
  Pages =	 {141--156},
  Pdf =		 {papers/2004/1_arspa2004.pdf},
  Ps =		 {papers/2004/1_arspa2004.ps.gz},
  Publisher =	 {ENTCS},
  Title =	 {The ASW Protocol Revisited: A Unified View},
  Year =	 2004,
}

@manual{opcuasc,
  Address =	 {16101 N. 82nd Street, Suite 3B, Scottsdale, AZ
                  85260-1868 USA},
  Month =	 {August},
  Organization = {{OPC Foundation}},
  Title =	 {OPC Unified Architecture Specification, Part 6:
                  Mappings, Release 1.02},
  Year =	 2012
}

@manual{proverif,
  Author =	 {Bruno Blanchet and Ben Smyth and Vincent Cheval},
  Key =		 {ProVerif},
  Title =	 {ProVerif 1.88: Automatic Cryptographic Protocol
                  Verifier, User Manual and Tutorial},
  Year =	 2013
}

@misc{sapicstar,
  Author =	 {Itsaka Rakotonirina},
  Howpublished = {Intership report},
  Month =	 sep,
  Title =	 {V{\'e}rification automatique de protocoles de
                  s{\'e}curit{\'e} avec m{\'e}moire globale et
                  boucles},
  Url =
                  {http://www.dptinfo.ens-cachan.fr/~irakoton/stagel3/rapportl3.pdf},
  Year =	 2014,
  Bdsk-Url-1 =
                  {http://www.dptinfo.ens-cachan.fr/~irakoton/stagel3/rapportl3.pdf}
}

@manual{yubikey,
  Address =	 {Kungsgatan 37, 111 56 Stockholm Sweden},
  Date-Added =	 {2013-05-07 10:36:54 +0000},
  Date-Modified ={2013-05-07 10:37:02 +0000},
  Month =	 {June},
  Organization = {{Yubico AB}},
  Title =	 {The {YubiKey} Manual - Usage, configuration and
                  introduction of basic concepts (Version 2.2),
                  available at:
                  \url{http://www.yubico.com/documentation}},
  Year =	 2010
}

@InProceedings{MaudeNPA09,
  author =	 {Santiago Escobar and Catherine Meadows and Jos\'e Meseguer},
  title =	 {Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties},
  booktitle =	 {Foundations of Security Analysis and Design V},
  pages =	 {1-50},
  year =	 2009,
  volume =	 5705,
  series =	 LNCS,
  publisher =	 {Springer},
}

@inproceedings{Cr2008Scyther,
  author =	 {Cremers, Cas J.F.},
  title =	 {The {S}cyther {T}ool: Verification, Falsification,
                  and Analysis of Security Protocols},
  year =	 2008,
  booktitle =	 {20th {C}onference on {C}omputer {A}ided
                  {V}erification ({CAV}'08)},
  publisher =	 {Springer},
  series =	 LNCS,
  pages =	 {414--418},
  volume =	 5123,
}

@book{pearl-book,
 author = {Pearl, Judea},
 title = {Causality: Models, Reasoning, and Inference},
 year = {2000},
 isbn = {0-521-77362-8},
 publisher = {Cambridge University Press},
 address = {New York, NY, USA},
} 



@article{DBLP:journals/corr/abs-1301-2275,
  author    = {Joseph Y. Halpern and
               Judea Pearl},
  title     = {Causes and Explanations: {A} Structural-Model Approach --- Part 1:
               Causes},
  journal   = {CoRR},
  volume    = {abs/1301.2275},
  year      = {2013},
  url       = {http://arxiv.org/abs/1301.2275},
  timestamp = {Fri, 01 Feb 2013 13:30:47 +0100},
  biburl    = {http://dblp.uni-trier.de/rec/bib/journals/corr/abs-1301-2275},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@inproceedings{DBLP:conf/ijcai/Halpern15,
  author    = {Joseph Y. Halpern},
  title     = {A Modification of the Halpern-Pearl Definition of Causality},
  booktitle = {Proceedings of the Twenty-Fourth International Joint Conference on
               Artificial Intelligence, {IJCAI} 2015, Buenos Aires, Argentina, July
               25-31, 2015},
  pages     = {3022--3033},
  year      = {2015},
  crossref  = {DBLP:conf/ijcai/2015},
  url       = {http://ijcai.org/Abstract/15/427},
  timestamp = {Wed, 20 Jul 2016 15:18:06 +0200},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/ijcai/Halpern15},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@proceedings{DBLP:conf/ijcai/2015,
  editor    = {Qiang Yang and
               Michael Wooldridge},
  title     = {Proceedings of the Twenty-Fourth International Joint Conference on
               Artificial Intelligence, {IJCAI} 2015, Buenos Aires, Argentina, July
               25-31, 2015},
  publisher = {{AAAI} Press},
  year      = {2015},
  url       = {http://ijcai.org/proceedings/2015},
  isbn      = {978-1-57735-738-4},
  timestamp = {Wed, 20 Jul 2016 15:18:06 +0200},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/ijcai/2015},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}


@inproceedings{BaDrKr-2016-liveness,
title = {A Novel Approach for Reasoning about Liveness in Cryptographic Protocols and its Application to Fair Exchange},
author = {Michael Backes and Jannik Dreier and Steve Kremer and Robert Künnemann},
year  = {2017},
booktitle = {Proceedings of the 2nd IEEE European Symposium on Security and Privacy (Euro S\&P '17)},
publisher = {IEEE Computer Society},
abstract = {In this paper, we provide the first methodology for reasoning about liveness properties of cryptographic protocols in a machine-assisted manner without imposing any artificial, finite bounds on the protocols and execution models. To this end, we design an extension of the SAPiC process calculus so that it supports key concepts for stating and reasoning about liveness properties, along with a corresponding translation into the formalism of multiset rewriting that the state-of-the-art theorem prover Tamarin relies upon. We prove that this translation is sound and complete and can thereby automatically generate sound Tamarin specifications and automate the protocol analysis. Second, we applied our methodology to two widely investigated fair exchange protocols -- ASW and GJM -- and to the Secure Conversation Protocol standard for industrial control systems, deployed by major players such as Siemens, SAP and ABB. For the fair exchange protocols, we not only re-discovered known attacks, but also uncovered novel attacks that previous analyses based on finite models and restricted number of sessions did not detect. We suggest fixed versions of these protocols for which we prove both fairness and timeliness, yielding the first automated proofs for fair exchange protocols that rely on a general model without restricting the number of sessions and message size. For the Secure Conversation Protocol, we prove several strong security properties that are vital for the safety of industrial systems, in particular that all messages (e.g., commands) are eventually delivered in order.},
note = {accepted for submission.},
}
@article{KK-jcs16,
title = {Automated analysis of security protocols with global state},
author = {Steve Kremer and Robert Künnemann},
editor = {Pierangela Samarati  and Andrew Myers},
year  = {2016},
date = {2016-12-12},
journal = {Journal of Computer Security},
abstract = {  Security APIs, key servers and protocols that need to keep the
  status of transactions, require to maintain a global, non-monotonic
  state, e.g., in the form of a database or register. However, most
  existing automated verification tools do not support the analysis of
  such stateful security protocols -- sometimes because of fundamental
  reasons, such as the encoding of the protocol as Horn clauses, which
  are inherently monotonic.  A notable exception is the recent tamarin
  prover which allows specifying protocols as multiset rewrite (msr)
  rules, a formalism expressive enough to encode state. As multiset
  rewriting is a ``low-level\'\' specification language with no direct
  support for concurrent message passing, encoding protocols correctly
  is a difficult and error-prone process.

  We propose a process calculus which is a variant of the applied pi
  calculus with constructs for manipulation of a global state by
  processes running in parallel. We show that this language can be
  translated to msr rules whilst preserving all security properties
  expressible in a dedicated first-order logic for security
  properties. The translation has been implemented in a prototype tool
  which uses the tamarin prover as a backend. We apply the tool to
  several case studies among which a simplified fragment of PKCS\\#11,
  the Yubikey security token, and an optimistic contract signing
  protocol.},
note = {accepted for publication},
}

@inproceedings{Kusters:2010,
	Acmid = {1866366},
	Address = {New York, NY, USA},
	Author = {K\"{u}sters, Ralf and Truderung, Tomasz and Vogt, Andreas},
	Booktitle = {Proceedings of the 17th ACM Conference on Computer and Communications Security},
	Date-Modified = {2016-06-08 07:56:16 +0000},
	Doi = {10.1145/1866307.1866366},
	Isbn = {978-1-4503-0245-6},
	Location = {Chicago, Illinois, USA},
	Numpages = {10},
	Pages = {526--535},
	Publisher = {ACM},
	Series = {CCS '10},
	Title = {Accountability: Definition and Relationship to Verifiability},
	Url = {http://doi.acm.org/10.1145/1866307.1866366},
	Year = {2010},
	Bdsk-File-1 = {YnBsaXN0MDDUAQIDBAUGJCVYJHZlcnNpb25YJG9iamVjdHNZJGFyY2hpdmVyVCR0b3ASAAGGoKgHCBMUFRYaIVUkbnVsbNMJCgsMDxJXTlMua2V5c1pOUy5vYmplY3RzViRjbGFzc6INDoACgAOiEBGABIAFgAdccmVsYXRpdmVQYXRoWWFsaWFzRGF0YV8QKHJlZmVyZW5jZXMvS3VzdGVyczIwMTBBY2NvdW50YWJpbGl0eS5wZGbSFwsYGVdOUy5kYXRhTxEB+AAAAAAB+AACAAAMTWFjaW50b3NoIEhEAAAAAAAAAAAAAAAAAAAA0rzi3UgrAAAARK7WHUt1c3RlcnMyMDEwQWNjb3VudGFiaWxpdHkucGRmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABErtzTkyNKAAAAAAAAAAAAAQADAAAJIAAAAAAAAAAAAAAAAAAAAApyZWZlcmVuY2VzABAACAAA0rzUzQAAABEACAAA05MHKgAAAAEAFABErtYARK68ABEssQAJYkcABiyjAAIAX01hY2ludG9zaCBIRDpVc2VyczoAcm9iZXJ0OgByZXNlYXJjaDoAYWNjb3VudGFiaWxpdHk6AHJlZmVyZW5jZXM6AEt1c3RlcnMyMDEwQWNjb3VudGFiaWxpdHkucGRmAAAOADwAHQBLAHUAcwB0AGUAcgBzADIAMAAxADAAQQBjAGMAbwB1AG4AdABhAGIAaQBsAGkAdAB5AC4AcABkAGYADwAaAAwATQBhAGMAaQBuAHQAbwBzAGgAIABIAEQAEgBNVXNlcnMvcm9iZXJ0L3Jlc2VhcmNoL2FjY291bnRhYmlsaXR5L3JlZmVyZW5jZXMvS3VzdGVyczIwMTBBY2NvdW50YWJpbGl0eS5wZGYAABMAAS8AABUAAgAN//8AAIAG0hscHR5aJGNsYXNzbmFtZVgkY2xhc3Nlc11OU011dGFibGVEYXRhox0fIFZOU0RhdGFYTlNPYmplY3TSGxwiI1xOU0RpY3Rpb25hcnmiIiBfEA9OU0tleWVkQXJjaGl2ZXLRJidUcm9vdIABAAgAEQAaACMALQAyADcAQABGAE0AVQBgAGcAagBsAG4AcQBzAHUAdwCEAI4AuQC+AMYCwgLEAskC1ALdAusC7wL2Av8DBAMRAxQDJgMpAy4AAAAAAAACAQAAAAAAAAAoAAAAAAAAAAAAAAAAAAADMA==},
	Bdsk-Url-1 = {http://doi.acm.org/10.1145/1866307.1866366},
	Bdsk-Url-2 = {http://dx.doi.org/10.1145/1866307.1866366}}

@inproceedings{Datta2015a,
	Author = {Datta, Anupam and Garg, Deepak and Kaynar, Dilsun and Sharma, Divya and Sinha, Arunesh},
	Booktitle = {2015 IEEE 28th Computer Security Foundations Symposium},
	Date-Added = {2016-07-19 14:07:06 +0000},
	Date-Modified = {2016-07-19 14:07:09 +0000},
	Organization = {IEEE},
	Pages = {261--275},
	Title = {Program actions as actual causes: A building block for accountability},
	Year = {2015}}

@Article{ DolevY83,
	author = "Danny Dolev and Andrew Chi-Chih Yao",
	title = "On the security of public key protocols",
	journal = "IEEE Transactions on Information Theory",
	volume = "29",
	number = "2",
	year = "1983",
	pages = "198--207",
	bibsource = "DBLP, http://dblp.uni-trier.de"
}

@inproceedings{BaHoUn-09-cosp,
	Author = {Backes, Michael and Hofheinz, Dennis and Unruh, Dominique},
	Booktitle = acmccs09,
	Pages = {66--78},
	Title = {{CoSP: A General Framework for Computational Soundness Proofs}},
	Year = {2009}
}

@inproceedings{BaMoRu-14-equivalence,
	Author = {Michael Backes and Esfandiar Mohammadi and Tim Ruffing},
	Booktitle = post14,
	Pages = {42--62},
	Title = {{Computational Soundness Results for ProVerif}},
	Year = {2014}
}

@inproceedings{CoCo-08-observational-equivalence,
	Author = {Hubert Comon-Lundh and Vé{\'{e}}ronique Cortier},
	Booktitle = acmccs08,
	Pages = {109--118},
	Publisher = acm,
	Title = {{Computational Soundness of Observational Equivalence}},
	Year = {2008}
}

@inproceedings{CoCoSc-12,
	Author = {Hubert Comon-Lundh and V{\'{e}}ronique Cortier and Guillaume Scerri},
	Booktitle = post12,
	Pages = {149--168},
	Publisher = sv,
	Title = {{Security Proof with Dishonest Keys}},
	Year = {2012}
}

@inproceedings{ShQiFe-16-stateful-pi,
  author     = {Shao, Jianxiong and Qin, Yu and Feng, Dengguo},
  title      = {{Computational Soundness Results for Stateful Applied Pi Calculus}},
  booktitle  = post16,
  year       = {2016},
  pages      = {254--275},
}

@inproceedings{BaMaUn-10-rcf,
  Author    = {Backes, Michael and Maffei, Matteo and Unruh, Dominique},
  Booktitle = acmccs10,
  Pages     = {387--398},
  Title     = {{Computationally Sound Verification of Source Code}},
  Year      = {2010}
}

@inproceedings{AiGoJu-11-extracting-c,
  title     = {{Extracting and verifying cryptographic models from C protocol code by symbolic execution}},
  author    = {Mihhail Aizatulin and Andrew D. Gordon and Jan J{\"u}rjens},
  booktitle = acmccs11,
  year      = {2011},
  pages     = {331--340},
 }

@inproceedings{AiGoJu-12-embedding-c,
 author = {Aizatulin, Mihhail and Gordon, Andrew D. and J\"{u}rjens, Jan},
 title = {{Computational Verification of C Protocol Implementations by Symbolic Execution}},
 booktitle = acmccs12,
 year = {2012},
 pages = {712--723},
} 


@inproceedings{papanikolaou2011cross,
  title={A Cross-Disciplinary Review of the Concept of Accountability},
  author={Papanikolaou, Nick and Pearson, Siani},
  booktitle={Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC)(May 2013)},
  year={2011}
}

@book{shaver2012attribution,
  title={The attribution of blame: Causality, responsibility, and blameworthiness},
  author={Shaver, Kelly},
  year={2012},
  publisher={Springer Science \& Business Media}
}

@article{alicke2000culpable,
  title={Culpable control and the psychology of blame.},
  author={Alicke, Mark D},
  journal={Psychological bulletin},
  volume={126},
  number={4},
  pages={556},
  year={2000},
  publisher={American Psychological Association}
}

@article{DBLP:journals/ai/Lin01,
  author    = {Fangzhen Lin},
  title     = {On strongest necessary and weakest sufficient conditions},
  journal   = {Artif. Intell.},
  volume    = {128},
  number    = {1-2},
  pages     = {143--159},
  year      = {2001},
  url       = {http://dx.doi.org/10.1016/S0004-3702(01)00070-4},
  doi       = {10.1016/S0004-3702(01)00070-4},
  timestamp = {Wed, 19 Nov 2003 16:01:14 +0100},
  biburl    = {http://dblp2.uni-trier.de/rec/bib/journals/ai/Lin01},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@article{DBLP:journals/cacm/Lamport78,
  author    = {Leslie Lamport},
  title     = {Time, Clocks, and the Ordering of Events in a Distributed System},
  journal   = {Commun. {ACM}},
  volume    = {21},
  number    = {7},
  pages     = {558--565},
  year      = {1978},
  url       = {http://doi.acm.org/10.1145/359545.359563},
  doi       = {10.1145/359545.359563},
  timestamp = {Tue, 07 Jun 2011 16:51:14 +0200},
  biburl    = {http://dblp.uni-trier.de/rec/bib/journals/cacm/Lamport78},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@inproceedings{gossler:hal-00924048,
  TITLE = {{A General Trace-Based Framework of Logical Causality}},
  AUTHOR = {G{\"o}ssler, Gregor and Le M{\'e}tayer, Daniel},
  URL = {https://hal.inria.fr/hal-00924048},
  BOOKTITLE = {{FACS - 10th International Symposium on Formal Aspects of Component Software - 2013}},
  ADDRESS = {Nanchang, China},
  YEAR = {2013},
  PDF = {https://hal.inria.fr/hal-00924048/file/facs2013.pdf},
  HAL_ID = {hal-00924048},
  HAL_VERSION = {v1},
}

@TechReport{tracing-causes,
author =       "Anupam Datta and Deepak Garg and Dilsun Kaynar and Divya Sharma ",
title =        "Tracing Actual Causes (CMU-CyLab-16-004)",
institution =  "Carnegie Mellon University",
year =         "2016",
month = aug,
day = 8,
}

@article{alpern1985defining,
  title={Defining liveness},
  author={Alpern, Bowen and Schneider, Fred B},
  journal={Information processing letters},
  volume={21},
  number={4},
  pages={181--185},
  year={1985},
  publisher={Elsevier}
}

@PhdThesis{sharma-thesis,
  author =       "Divya Sharma",
  title =        "Interaction-aware Actual Causation: A Building Block for Accountability in Security Protocols",
  school =       "CyLab, Carnegie Mellon University",
  year =         "2015",
}

@article{Hitchcock2007-HITPPA,
	publisher = {Duke University Press},
	author = {Christopher Hitchcock},
	title = {Prevention, Preemption, and the Principle of Sufficient Reason},
	number = {4},
	pages = {495--532},
	volume = {116},
	year = {2007},
	journal = {Philosophical Review}
}

@article{DBLP:journals/corr/HalpernH13,
  author    = {Joseph Y. Halpern and
               Christopher Hitchcock},
  title     = {Graded Causation and Defaults},
  journal   = {CoRR},
  volume    = {abs/1309.1226},
  year      = {2013},
  url       = {http://arxiv.org/abs/1309.1226},
  timestamp = {Wed, 16 Oct 2013 01:00:00 +0200},
  biburl    = {http://dblp.uni-trier.de/rec/bib/journals/corr/HalpernH13},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}
@articl{DBLP:journals/corr/abs-1106-2652,
  author    = {Joseph Y. Halpern and
               Christopher Hitchcock},
  title     = {Actual causation and the art of modeling},
  journal   = {CoRR},
  volume    = {abs/1106.2652},
  year      = {2011},
  url       = {http://arxiv.org/abs/1106.2652},
  timestamp = {Wed, 07 Jun 2017 14:41:09 +0200},
  biburl    = {http://dblp.uni-trier.de/rec/bib/journals/corr/abs-1106-2652},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}


@TechReport{cosp-causes-full,
author =       "Anonymized",
title =        "Capturing causality in security protocols",
OPTinstitution =  "Saarland University",
year =         "2016",
url = {not yet.}
}

@article{Lewis1973-LEWC,
	journal = {Journal of Philosophy},
	year = {1973},
	title = {Causation},
	author = {David Lewis},
	publisher = {Oxford Up},
	volume = {70},
	pages = {556--567},
	number = {17}
}

@article{causal-powers,
title = "Causal powers",
author = "Eric Hiddleston",
year = "2005",
month = "3",
doi = "10.1093/phisci/axi102",
volume = "56",
pages = "27--59",
journal = "British Journal for the Philosophy of Science",
issn = "0007-0882",
publisher = "Oxford University Press",
number = "1",
}

@inproceedings{Blanchard2014CauseWD,
  title={Cause without Default},
  author={Thomas Blanchard and Jonathan Schaffer},
  year={2014},
  booktitle={Making a Difference}
}

@article{Hitchcock2001-HITTIO,
	volume = {98},
	number = {6},
	author = {Christopher Hitchcock},
	title = {The Intransitivity of Causation Revealed in Equations and Graphs},
	year = {2001},
	publisher = {Journal of Philosophy Inc},
	journal = {Journal of Philosophy},
	pages = {273--299}
}

@PhdThesis{krollphd,
  author =       "Joshua A. Kroll",
  title =        "Accountable Algorithms",
  school =       "Princeton University",
  year =         "2015",
}

@incollection{Jagadeesan2009a,
	Author = {Jagadeesan, Radha and Jeffrey, Alan and Pitcher, Corin and Riely, James},
	Booktitle = {Computer Security--ESORICS 2009},
	Date-Added = {2016-06-09 07:48:07 +0000},
	Date-Modified = {2016-07-19 11:25:25 +0000},
	Pages = {152--167},
	Publisher = {Springer},
	Title = {Towards a theory of accountability and audit},
	Year = {2009}}



@inproceedings{DBLP:conf/wpes/BackesCS05,
  author    = {Michael Backes and
               Jan Camenisch and
               Dieter Sommer},
  title     = {Anonymous yet accountable access control},
  booktitle = {Proceedings of the 2005 {ACM} Workshop on Privacy in the Electronic
               Society, {WPES} 2005, Alexandria, VA, USA, November 7, 2005},
  pages     = {40--46},
  year      = {2005},
  crossref  = {DBLP:conf/wpes/2005},
  url       = {http://doi.acm.org/10.1145/1102199.1102208},
  doi       = {10.1145/1102199.1102208},
  timestamp = {Fri, 02 Jan 2015 14:47:11 +0100},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/wpes/BackesCS05},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@proceedings{DBLP:conf/wpes/2005,
  editor    = {Vijay Atluri and
               Sabrina De Capitani di Vimercati and
               Roger Dingledine},
  title     = {Proceedings of the 2005 {ACM} Workshop on Privacy in the Electronic
               Society, {WPES} 2005, Alexandria, VA, USA, November 7, 2005},
  publisher = {{ACM}},
  year      = {2005},
  isbn      = {1-59593-228-3},
  timestamp = {Thu, 09 Mar 2006 14:46:46 +0100},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/wpes/2005},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@inproceedings{DBLP:conf/esorics/BackesFM13,
  author    = {Michael Backes and
               Dario Fiore and
               Esfandiar Mohammadi},
  title     = {Privacy-Preserving Accountable Computation},
  booktitle = {Computer Security - {ESORICS} 2013 - 18th European Symposium on Research
               in Computer Security, Egham, UK, September 9-13, 2013. Proceedings},
  pages     = {38--56},
  year      = {2013},
  crossref  = {DBLP:conf/esorics/2013},
  url       = {http://dx.doi.org/10.1007/978-3-642-40203-6_3},
  doi       = {10.1007/978-3-642-40203-6_3},
  timestamp = {Fri, 02 Jan 2015 14:47:12 +0100},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/esorics/BackesFM13},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@proceedings{DBLP:conf/esorics/2013,
  editor    = {Jason Crampton and
               Sushil Jajodia and
               Keith Mayes},
  title     = {Computer Security - {ESORICS} 2013 - 18th European Symposium on Research
               in Computer Security, Egham, UK, September 9-13, 2013. Proceedings},
  series    = {Lecture Notes in Computer Science},
  volume    = {8134},
  publisher = {Springer},
  year      = {2013},
  url       = {http://dx.doi.org/10.1007/978-3-642-40203-6},
  doi       = {10.1007/978-3-642-40203-6},
  isbn      = {978-3-642-40202-9},
  timestamp = {Wed, 21 Aug 2013 14:13:49 +0200},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/esorics/2013},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}


@TechReport{accountability-full,
author =       "Michael Backes and Deepak Garg and Robert Künnemann",
title =        "Accountability in security protocols",
institution =  "Saarland University",
year =         "2017",
url = {not yet.}
}

@inproceedings{Kusters:2010,
	Acmid = {1866366},
	Address = {New York, NY, USA},
	Author = {K\"{u}sters, Ralf and Truderung, Tomasz and Vogt, Andreas},
	Booktitle = {Proceedings of the 17th ACM Conference on Computer and Communications Security},
	Date-Modified = {2016-06-08 07:56:16 +0000},
	Doi = {10.1145/1866307.1866366},
	Isbn = {978-1-4503-0245-6},
	Keywords = {accountability, auction, contract-signing, e-voting, verifiability},
	Location = {Chicago, Illinois, USA},
	Numpages = {10},
	Pages = {526--535},
	Publisher = {ACM},
	Series = {CCS '10},
	Title = {Accountability: Definition and Relationship to Verifiability},
	Url = {http://doi.acm.org/10.1145/1866307.1866366},
	Year = {2010},
	Bdsk-File-1 = {YnBsaXN0MDDUAQIDBAUGJCVYJHZlcnNpb25YJG9iamVjdHNZJGFyY2hpdmVyVCR0b3ASAAGGoKgHCBMUFRYaIVUkbnVsbNMJCgsMDxJXTlMua2V5c1pOUy5vYmplY3RzViRjbGFzc6INDoACgAOiEBGABIAFgAdccmVsYXRpdmVQYXRoWWFsaWFzRGF0YV8QKHJlZmVyZW5jZXMvS3VzdGVyczIwMTBBY2NvdW50YWJpbGl0eS5wZGbSFwsYGVdOUy5kYXRhTxEB+AAAAAAB+AACAAAMTWFjaW50b3NoIEhEAAAAAAAAAAAAAAAAAAAA0rzi3UgrAAAARK7WHUt1c3RlcnMyMDEwQWNjb3VudGFiaWxpdHkucGRmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABErtzTkyNKAAAAAAAAAAAAAQADAAAJIAAAAAAAAAAAAAAAAAAAAApyZWZlcmVuY2VzABAACAAA0rzUzQAAABEACAAA05MHKgAAAAEAFABErtYARK68ABEssQAJYkcABiyjAAIAX01hY2ludG9zaCBIRDpVc2VyczoAcm9iZXJ0OgByZXNlYXJjaDoAYWNjb3VudGFiaWxpdHk6AHJlZmVyZW5jZXM6AEt1c3RlcnMyMDEwQWNjb3VudGFiaWxpdHkucGRmAAAOADwAHQBLAHUAcwB0AGUAcgBzADIAMAAxADAAQQBjAGMAbwB1AG4AdABhAGIAaQBsAGkAdAB5AC4AcABkAGYADwAaAAwATQBhAGMAaQBuAHQAbwBzAGgAIABIAEQAEgBNVXNlcnMvcm9iZXJ0L3Jlc2VhcmNoL2FjY291bnRhYmlsaXR5L3JlZmVyZW5jZXMvS3VzdGVyczIwMTBBY2NvdW50YWJpbGl0eS5wZGYAABMAAS8AABUAAgAN//8AAIAG0hscHR5aJGNsYXNzbmFtZVgkY2xhc3Nlc11OU011dGFibGVEYXRhox0fIFZOU0RhdGFYTlNPYmplY3TSGxwiI1xOU0RpY3Rpb25hcnmiIiBfEA9OU0tleWVkQXJjaGl2ZXLRJidUcm9vdIABAAgAEQAaACMALQAyADcAQABGAE0AVQBgAGcAagBsAG4AcQBzAHUAdwCEAI4AuQC+AMYCwgLEAskC1ALdAusC7wL2Av8DBAMRAxQDJgMpAy4AAAAAAAACAQAAAAAAAAAoAAAAAAAAAAAAAAAAAAADMA==},
	Bdsk-Url-1 = {http://doi.acm.org/10.1145/1866307.1866366},
	Bdsk-Url-2 = {http://dx.doi.org/10.1145/1866307.1866366}}

@Book{Hume1748,
  title = 	{An Enquiry concerning Human Understanding},
  location = 	{Oxford and New York},
  editor = 	{Millican, P.},
  author = 	{Hume, David},
  origdate = 	{1748},
  date = 	{2007},
  origtitle = 	{An Enquiry concerning Human Understanding},
}

@article{Bella:2006:APF:1151414.1151416,
 author = {Bella, Giampaolo and Paulson, Lawrence C.},
 title = {Accountability Protocols: Formalized and Verified},
 journal = {ACM Trans. Inf. Syst. Secur.},
 issue_date = {May 2006},
 volume = {9},
 number = {2},
 month = may,
 year = {2006},
 issn = {1094-9224},
 pages = {138--161},
 numpages = {24},
 url = {http://doi.acm.org/10.1145/1151414.1151416},
 doi = {10.1145/1151414.1151416},
 acmid = {1151416},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {Isabelle, Nonrepudiation, certified email, inductive method, proof tools},
} 

@article{stapleton2001legal,
  title={Legal Cause: Cause-in-Fact and the Scope of Liability for Consequences},
  author={Stapleton, Jane},
  journal={Vand. L. Rev.},
  volume={54},
  pages={941},
  year={2001},
  publisher={HeinOnline}
}

@article{wright1987allocating,
  title={Allocating Liability Among Multiple Responsible Causes: A Principled Defense of Joint and Several Liability for Actual Harm and Risk Exposure},
  author={Wright, Richard W},
  journal={UC Davis L. Rev.},
  volume={21},
  pages={1141},
  year={1987},
  publisher={HeinOnline}
}

@book{hart1985causation,
  title={Causation in the Law},
  author={Hart, H.L.A. and Honor{\'e}, T.},
  isbn={9780198254744},
  lccn={lc83026836},
  url={https://books.google.de/books?id=4BRiVCxE3OoC},
  year={1985},
  publisher={Clarendon Press}
}

@incollection{Hall2004-HALTCO-4,
	author = {Ned Hall},
	year = {2004},
	publisher = {MIT Press},
	booktitle = {Causation and Counterfactuals},
	editor = {John Collins and Ned Hall and Laurie Paul},
	title = {Two Concepts of Causation},
	pages = {225--276}
}


@inproceedings{DBLP:conf/kr/Halpern08a,
  author    = {Joseph Y. Halpern},
  title     = {Defaults and Normality in Causal Structures},
  booktitle = {Principles of Knowledge Representation and Reasoning: Proceedings
               of the Eleventh International Conference, {KR} 2008, Sydney, Australia,
               September 16-19, 2008},
  pages     = {198--208},
  year      = {2008},
  crossref  = {DBLP:conf/kr/2008},
  url       = {http://www.aaai.org/Library/KR/2008/kr08-020.php},
  timestamp = {Thu, 13 Dec 2012 12:01:46 +0100},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/kr/Halpern08a},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@proceedings{DBLP:conf/kr/2008,
  editor    = {Gerhard Brewka and
               J{\'{e}}r{\^{o}}me Lang},
  title     = {Principles of Knowledge Representation and Reasoning: Proceedings
               of the Eleventh International Conference, {KR} 2008, Sydney, Australia,
               September 16-19, 2008},
  publisher = {{AAAI} Press},
  year      = {2008},
  isbn      = {978-1-57735-384-3},
  timestamp = {Fri, 21 Nov 2008 12:14:41 +0100},
  biburl    = {http://dblp.uni-trier.de/rec/bib/conf/kr/2008},
  bibsource = {dblp computer science bibliography, http://dblp.org}
}

@article{Mackie1965-MACCAC-4,
	pages = {245--264},
	publisher = {University of Illinois Press},
	number = {4},
	year = {1965},
	journal = {American Philosophical Quarterly},
	author = {J. L. Mackie},
	volume = {2},
	title = {Causes and Conditions}
}

@article{wright1987causation,
  title={Causation, responsibility, risk, probability, naked statistics, and proof: Pruning the bramble bush by clarifying the concepts},
  author={Wright, Richard W},
  journal={Iowa L. Rev.},
  volume={73},
  pages={1001},
  year={1987},
  publisher={HeinOnline}
}

@book{Halpern:2016:AC:3003155,
 author = {Halpern, Joseph Y.},
 title = {Actual Causality},
 year = {2016},
 isbn = {0262035022, 9780262035026},
 publisher = {The MIT Press},
} 

@phdthesis{545701,
  author = "Beckers, Sander",
  title = "Actual {C}ausation: {D}efinitions and {P}rinciples",
  school = "Informatics Section, Department of Computer Science, Faculty of Engineering Science",
  month = Oct,
  year = "2016",
  note = "Blockeel, Hendrik (supervisor), Vennekens, Joost (cosupervisor)",
  url = "https://lirias.kuleuven.be/handle/123456789/545701",
}

@inproceedings{hopkins2003clarifying,
  title={Clarifying the usage of structural models for commonsense causal reasoning},
  author={Hopkins, Mark and Pearl, Judea},
  booktitle={Proceedings of the AAAI Spring Symposium on Logical Formalizations of Commonsense Reasoning},
  pages={83--89},
  year={2003},
  organization={AAAI Press Menlo Park, CA}
}

@article{weslake2015partial,
  title={A partial theory of actual causation},
  author={Weslake, Brad},
  year={2015}
}

@article{Hall2000-HALCAT-7,
	author = {Ned Hall},
	year = {2000},
	journal = {Journal of Philosophy},
	title = {Causation and the Price of Transitivity},
	number = {4},
	volume = {97},
	pages = {198}
}

@article{giunchiglia2004nonmonotonic,
  title={Nonmonotonic causal theories},
  author={Giunchiglia, Enrico and Lee, Joohyung and Lifschitz, Vladimir and McCain, Norman and Turner, Hudson},
  journal={Artificial Intelligence},
  volume={153},
  number={1-2},
  pages={49--104},
  year={2004},
  publisher={Elsevier}
}

@article{turner1999logic,
  title={A logic of universal causation},
  author={Turner, Hudson},
  journal={Artificial Intelligence},
  volume={113},
  number={1-2},
  pages={87--123},
  year={1999},
  publisher={Elsevier}
}

@article{halpern2016appropriate,
  title={Appropriate causal models and the stability of causation},
  author={Halpern, Joseph Y},
  journal={The Review of Symbolic Logic},
  volume={9},
  number={1},
  pages={76--102},
  year={2016},
  publisher={Cambridge University Press}
}