Insider threats and auctions: Formalization, mechanized proof, and code generation

Florian Kammüller*, Manfred Kerber, Christian W. Probst

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

26 Downloads (Pure)


This paper applies machine assisted formal methods to explore insider threats for auctions. Auction systems, like eBay, are an important problem domain for formal analysis because they challenge modelling concepts as well as analysis methods. We use machine assisted formal modelling and proof in Isabelle to demonstrate how security and privacy goals of auction protocols can be formally verified. Applying the costly scrutiny of formal methods is justified for auctions since privacy and trust are prominent issues and auctions are sometimes designed for one-off occasions where high bids are at stake. For example, when radio wave frequencies are on sale, auctions are especially created for just one occasion where fair and consistent behaviour is required. Investigating the threats in auctions and insider collusions, we model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. We use the existing example of a fictitious cocaine auction protocol from the literature to develop and illustrate our approach. Combining the Isabelle Insider framework with the inductive approach to verifying security protocols in Isabelle, we formalize the cocaine auction protocol, prove that this formal definition excludes sweetheart deals, and also that collusion attacks cannot generally be excluded. The practical implication of the formalization is demonstrated by code generation. Isabelle allows generating code from constructive specifications into the programming language Scala. We provide constructive test functions for cocaine auction traces, prove within Isabelle that these functions conform to the protocol definition, and apply code generation to produce an implementation of the executable test predicate for cocaine auction traces in Scala.

Original languageEnglish
JournalJournal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Issue number1
Pages (from-to)44-78
Publication statusPublished - 1 Jun 2018


  • Auctions
  • Code generation
  • Formal methods
  • Insider threats


Dive into the research topics of 'Insider threats and auctions: Formalization, mechanized proof, and code generation'. Together they form a unique fingerprint.

Cite this