Key management schemes implemented in tamper-proof secure modules are an essential feature of cryptographic systems applied to networks. Such systems must have sufficient functionality to meet the demands of users, but at the same time they must not be capable of successful manipulation aimed at an attack on the system. This paper describes a PROLOG program which seeks security flaws in models of such schemes, and hence enhances the assurance provided by the designer on the security of the system. The PROLOG program extensively searches for potential attacks in a simple rule-based model of the system; it is suggested that this program is capable of extended operations in other areas when security or safety flaws are to be investigated.