[1]	 Y. Kim, A. Perrig and G. Tsudik, “Tree-Based Group Key Agreement,” ACM Transactions on Information and Systems Security, Vol. 7, No. 1, 2004, pp. 60-96. doi:10.1145/984334.984337
[2]	 J. Abrial, “Modelling in Event-B: System and Software Engineering,” Cambridge University Press, Cambridge, 2009.
[3]	 J. Abrial, “The B-Book: Assigning Programs to Meanings,” Cambbridge University Press, Cambridge, 1996. doi:10.1017/CBO9780511624162
[4]	 C. Metayer, J. Abrial and L. Voisin, “RODIN Deliverable 3.2: Event-B Language,” Technical Report Project IST-511599, School of Computing Science, University of Newcastle, Newcastle, 2005.
[5]	 A. Gawanmeh, L. J. B. Ayed and S. Tahar, “Event-B Based Invariant Checking of Secrecy in Group Key Protocols,” Local Computer Networks, IEEE Computer Society Press, New York, 2008, pp. 950-957.
[6]	 M. Steiner, G. Tsudik and M. Waidner, “Diffie-Hellman Key Distribution Extended to Group Communication,” Conference on Computer and Communications Security, ACM Press, London, 1996, pp. 31-37.
[7]	 J. Abrial, M. Butler, S. Hallerstede and L. Voisin, “An Open Extensible Tool Environment for Event-B,” International Conference on Formal Methods and Software Engineering, Lecture Notes in Computer Science, Springer-Verlag, Berlin, Vol. 4789, 2006, pp. 588-605.
[8]	 “Rodin Platform,” 2011. http://www.event-b.org
[9]	 F. F′abrega, “Strand Spaces: Proving Security Protocols Correct,” IOS Journal of Computer Security, Vol. 7, No. 2-3, 1999, pp. 191-230.
[10]	 L. Paulson, “The Inductive Approach to Verifying Cryptographic Protocols,” IOS Journal of Computer Security, Vol. 6, No. 1-2, 1998, pp. 85-128.
[11]	 F. Crazzolara and G. Winskel, “Events in Security Protocols,” ACM Conference on Computer and Communications Security, ACM Press, London, 2001 pp. 96-105.
[12]	 C. Cremers and S. Mauw, “Operational Semantics of Security Protocols,” Scenarios: Models, Transformations and Tools, LNCS, Springer-Verlag, Berlin, Vol. 3466, 2005, pp. 66-89. doi:10.1007/11495628_4
[13]	 A. Gawanmeh, A. Bouhoula and S. Tahar, “Rank Functions Based Inference System for Group Key Management Protocols Verification,” International Journal of Network Security, Vol. 8, No. 2, 2009, pp. 207-218.
[14]	 N. Stouls and M. Potet, “Security Policy Enforcement through Refinement Process,” Formal Specification and Development in B, LNCS, Springer-Verlag, Berlin, Vol. 4355, 2007, pp. 216-231. doi:10.1007/11955757_18
[15]	 N. Benaissa, D. Cansell and D. Mery, “Integration of Security Policy into System Modeling,” Formal Specification and Development in B, LNCS, Springer-Verlag, Berlin, Vol. 4355, 2007, pp. 232-247. doi:10.1007/11955757_19
[16]	 A. Abou El Kalam, R. E. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miege, C. Saurel and G. Trouessin, “Organization Based Access Control,” International Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, New York, 2003, pp. 120-131.
[17]	 D. Bert, M. Potet and N. Stouls, “GeneSyst: A Tool to Reason about Behavioral Aspects of B Event Specifications. Application to Security Properties,” Formal Specification and Development in Z and B, LNCS, Springer-Verlag, Berlin, Vol. 3455, 2005, pp. 299-318. doi:10.1007/11415787_18
[18]	 M. Butler, “On the Use of Data Refinement in the Development of Secure Communications Systems,” Formal Aspects of Computing, Vol. 14, No. 1, 2002, pp. 2-34. doi:10.1007/s001650200025
[19]	 N. Chridi, M. Turuani and M. Rusinowitch, “Decidable analysis for a Class of Cryptographic Group Protocols with Unbounded Lists,” Computer Security Foundations Symposium, IEEE Computer Society Press, New York, 2009, pp. 277-289.
[20]	 N. Dalal, J. Shah, K. Hisaria and D. Jinwala, “A Comparative Analysis of Tools for Verification of Security Protocols,” International Journal of Communications, Network and System Sciences, Vol. 3, No. 10, 2010, pp. 779-787. doi:10.4236/ijcns.2010.310104
[21]	 Y. Li and J. Pang, “Extending the Strand Space Method with Timestamps: Part I the Theory,” International Journal of Communications, Network and System Sciences, Vol. 1, No. 2, 2010, pp. 45-55.
[22]	 J. Abrial, “Extending B without Changing It (for Developing Distributed Systems),” 1st Conference on the B method, Putting into Practice Methods and Tools for Information System Design, Institut de Recherche en Informatique de Nantes, 1996, pp. 169-190.
[23]	 T. Hoang and J. Abrial, “Reasoning about Liveness Properties in Event-B,” International Conference on Formal Engineering Methods, Lecture Notes in Computer Science, Springer-Verlag, Berlin, Vol. 6991, 2011, pp. 456-471.