关键词: 测试, Needham-Schroeder-Lowe协议, 函数程序设计

Abstract: It is shown how security protocols can be systematically tested，hence proved in Haskell.That is demonstrated by analyzing NS（Needham-Schroeder） and NSL（Needham-Schroeder-Lowe） protocols：runs of the protocols are formalized as event traces and properties on traces are tested.Complete runs of a protocol with a penetrator can be generated systematically，and properties of the protocol can be tested systematically.Lowe’s attack is easily revealed by testing NS protocol and authentication and secrecy are proved valid for NSL protocol by testing.

Key words: testing, Needham-Schroeder-Lowe（NSL） protocol, functional programming