Formal analysis of a secure communication channel: Secure core-email protocol

To construct a highly-assured implementation of secure communication channels we must have dear definitions of the security services, the channels, and under what assumptions these channels provide the desired services. We formally define secure channel services and develop a detailed example. The example is a core protocol common to a family of secure email systems. We identify the necessary properties of cryptographic algorithms to ensure that the email protocol is secure, and we verify that the email protocol provides secure services under these assumptions. We carry out the definitions and verifications in higher-order logic using the HOL theorem-prover. All our definitions and theorems are conservative extensions to the logic of HOL.