dynamic observers for the synthesis of opaque systems
play

Dynamic Observers for the Synthesis of Opaque Systems Franck Cassez - PowerPoint PPT Presentation

Feb 28, 2024 •214 likes •1.03k views

Dynamic Observers for the Synthesis of Opaque Systems Franck Cassez 1 , Jrmy Dubreil 2 and Herv Marchand 2 1 NICTA & CNRS 2 INRIA/IRISA Sydney Rennes Bretagne Atlantique France Australia ATVA09, Macau SAR October 1316, 2009

  1. Dynamic Observers for the Synthesis of Opaque Systems Franck Cassez 1 , Jérémy Dubreil 2 and Hervé Marchand 2 1 NICTA & CNRS 2 INRIA/IRISA Sydney Rennes Bretagne Atlantique France Australia ATVA’09, Macau SAR October 13–16, 2009

  2. Context Need for Security in Transactional Systems Web-services: e-banking, online transactions Id documents: biometric passport, Medicare Card E-voting systems Different Types of Security Integrity: illegal actions cannot be performed by an unauthorized user Bank account management cannot be managed by a third party Availability: some actions must be available Withdrawing money from your bank account Privacy: information should remain hidden from some users PIN code Opacity was introduced in [Mazaré, 2004, Bryans et al., 2008] F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 2 / 27

  3. Context Need for Security in Transactional Systems Web-services: e-banking, online transactions Id documents: biometric passport, Medicare Card E-voting systems Different Types of Security Integrity: illegal actions cannot be performed by an unauthorized user Bank account management cannot be managed by a third party Availability: some actions must be available Withdrawing money from your bank account Privacy: information should remain hidden from some users PIN code In this paper we consider opacity (privacy) Opacity was introduced in [Mazaré, 2004, Bryans et al., 2008] F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 2 / 27

  4. Outline of the Talk Opacity for Finite State Systems 1 What is Opacity? Opacity for Non-Deterministic Automata Algorithms for Checking Opacity Minimization Problem with Static Filters 2 Minimization Problem with Dynamic Filters 3 Opacity with Dynamic Filters Checking Opacity with Dynamic Filters Cost of a Dynamic Filter Computing the Cost of a Given Filter Minimization Problem Computation of the Most Permissive Filter Computing an Optimal Dynamic Filter Summary & Future Work 4 F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 3 / 27

  5. Outline Opacity for Finite State Systems 1 What is Opacity? Opacity for Non-Deterministic Automata Algorithms for Checking Opacity Minimization Problem with Static Filters 2 Minimization Problem with Dynamic Filters 3 Opacity with Dynamic Filters Checking Opacity with Dynamic Filters Cost of a Dynamic Filter Computing the Cost of a Given Filter Minimization Problem Computation of the Most Permissive Filter Computing an Optimal Dynamic Filter Summary & Future Work 4 F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 4 / 27

  6. What is Opacity? System S Secret F Secret = set of states b a Events in Σ o ⊆ Σ are observable Example: Σ o = { b } c b Σ = { a, b, c } F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 5 / 27

  7. What is Opacity? System S Secret F Secret = set of states b a Events in Σ o ⊆ Σ are observable Example: Σ o = { b } c b Σ = { a, b, c } Opacity: an external observer should never know F -states F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 5 / 27

  8. What is Opacity? System S Secret F Secret = set of states b a Events in Σ o ⊆ Σ are observable Example: Σ o = { b } c Secret F is opaque b Σ = { a, b, c } Opacity: an external observer should never know F -states F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 5 / 27

  9. What is Opacity? System S Secret F Secret = set of states b a Events in Σ o ⊆ Σ are observable Example: Σ o = { a, b } c Secret F is not opaque b Σ = { a, b, c } Opacity: an external observer should never know F -states F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 5 / 27

  10. What is Opacity? System S Secret F Secret = set of states b a Events in Σ o ⊆ Σ are observable Example: Σ o = { b } c Secret F is not opaque b Σ = { a, b, c } Opacity: an external observer should never know F -states F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 5 / 27

  11. What is Opacity? System S Secret F Secret = set of states b a Events in Σ o ⊆ Σ are observable Example: Σ o = { b } c b Σ = { a, b, c } Opacity Verification Problem: Is F opaque w.r.t. ( S, Σ o ) ? F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 5 / 27

  12. What is Opacity? System S Secret F Secret = set of states b a Events in Σ o ⊆ Σ are observable Example: Σ o = { b } c b Σ = { a, b, c } Opacity Verification Problem: Is F opaque w.r.t. ( S, Σ o ) ? To check opacity: use your favorite Formal Method: Model-checking Theorem proving Tools to support automatic analysis of systems F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 5 / 27

  13. Opacity for Non-Deterministic Automata A = ( Q, q 0 , Σ, δ, F ) a NDA F set of secret states Σ o ⊆ Σ set of observable events v = P ( u ) ∈ Σ ∗ u ∈ Σ ∗ o Projection P NDA A Attacker U Assumptions Attacker knows A and the projection P /alphabet Σ o K Σ o ( v ): knowledge set (of states) of the attacker after observing v Definition (Opacity) F is opaque w.r.t. ( A, Σ o ) if ∀ v ∈ P ( Tr ( A )) , K Σ o ( v ) �⊆ F ( K Σ o ( v ) ∩ ( Q \ F ) ≠ ∅ ). Opacity Problem Input: A NDA A , F secret set of states, Σ o set of observable events. Problem: Is F opaque w.r.t. ( A, Σ o ) ? F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 6 / 27

  14. Opacity for Non-Deterministic Automata A = ( Q, q 0 , Σ, δ, F ) a NDA F set of secret states Σ o ⊆ Σ set of observable events v = P ( u ) ∈ Σ ∗ u ∈ Σ ∗ o Projection P NDA A Attacker U Assumptions Attacker knows A and the projection P /alphabet Σ o K Σ o ( v ): knowledge set (of states) of the attacker after observing v Definition (Opacity) F is opaque w.r.t. ( A, Σ o ) if ∀ v ∈ P ( Tr ( A )) , K Σ o ( v ) �⊆ F ( K Σ o ( v ) ∩ ( Q \ F ) ≠ ∅ ). Opacity Problem Input: A NDA A , F secret set of states, Σ o set of observable events. Problem: Is F opaque w.r.t. ( A, Σ o ) ? F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 6 / 27

  15. Opacity for Non-Deterministic Automata A = ( Q, q 0 , Σ, δ, F ) a NDA F set of secret states Σ o ⊆ Σ set of observable events v = P ( u ) ∈ Σ ∗ u ∈ Σ ∗ o Projection P NDA A Attacker U Assumptions Attacker knows A and the projection P /alphabet Σ o K Σ o ( v ): knowledge set (of states) of the attacker after observing v Definition (Opacity) F is opaque w.r.t. ( A, Σ o ) if ∀ v ∈ P ( Tr ( A )) , K Σ o ( v ) �⊆ F ( K Σ o ( v ) ∩ ( Q \ F ) ≠ ∅ ). Opacity Problem Input: A NDA A , F secret set of states, Σ o set of observable events. Problem: Is F opaque w.r.t. ( A, Σ o ) ? F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 6 / 27

  16. Knowledge Set of the Attacker Tr ( A ) = set of words generated by A P is the projection over Σ o ⊆ Σ P – 1 : Σ ∗ P – 1 ( w ) = set of words which project onto w o → 2 Σ ∗ Pre( ε ) = { ε } and Pre( u.λ ) = P – 1 ( u ) .λ ∩ Tr ( A ) Knowledge set of U : K Σ o ( u ) = δ ( q 0 , Pre( u )) Consider knowledge set right after each observation of the attacker F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 7 / 27

  17. Knowledge Set of the Attacker Tr ( A ) = set of words generated by A P is the projection over Σ o ⊆ Σ P – 1 : Σ ∗ P – 1 ( w ) = set of words which project onto w o → 2 Σ ∗ Pre( ε ) = { ε } and Pre( u.λ ) = P – 1 ( u ) .λ ∩ Tr ( A ) Knowledge set of U : K Σ o ( u ) = δ ( q 0 , Pre( u )) Example a Σ o = { b } b q 4 q 5 q 6 a,b P ( b.b.a.b.a ) = b.b.b b P – 1 ( b ) = a ∗ .b.a ∗ b a Pre( b ) = { b, a.b } K Σ o ( b ) = { q 0 , q 5 , q 2 } a b a q 0 q 1 q 2 q 3 a,b F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 7 / 27

  18. Knowledge Set of the Attacker Tr ( A ) = set of words generated by A P is the projection over Σ o ⊆ Σ P – 1 : Σ ∗ P – 1 ( w ) = set of words which project onto w o → 2 Σ ∗ Pre( ε ) = { ε } and Pre( u.λ ) = P – 1 ( u ) .λ ∩ Tr ( A ) Knowledge set of U : K Σ o ( u ) = δ ( q 0 , Pre( u )) Problem 1: Checking opacity with Static Filters Input: a NDA A , F secret set of states, Σ o set of observable events. Problem: Is F opaque w.r.t. ( A, Σ o ) ? Theorem Problem 1 is PSPACE-complete. F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 7 / 27

  19. Algorithms for Checking Opacity Proof. Reduction of universality problem for non-deterministic automaton. Given A over Σ with accepting states F , the universality problem is: decide whether L F ( A ) = Σ ∗ . Assume A is complete i.e. Tr ( A ) = Σ ∗ . Reduction: A is universal iff Q \ F is opaque for ( A, Σ ). Algorithm to Check Opacity Subset construction 1 check whether a subset S ⊆ F is reachable 2 What if the system is NOT opaque ? F. Cassez, J. Dubreil, H. Marchand Dynamic Observers for the Synthesis of Opaque Systems 8 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dynamic Control Of Magnified Image For Low Vision Observers R.B. Goldstein 1 , E.Peli 1 ,

Dynamic Control Of Magnified Image For Low Vision Observers R.B. Goldstein 1 , E.Peli 1 ,

1 Dynamic Control Of Magnified Image For Low Vision Observers R.B. Goldstein 1 , E.Peli 1 , H.Apfelbaum 1 , R.Hier 2 . 1 Schepens Eye Research Institute, Boston, MA; 2 DigiVision, Inc., San Diego, CA. Poster Board Number: B787 Grant Identification:

152 views • 4 slides
Minimum Opaque Covers for Polygonal The Connected Regions Opaque Cover Problem Opaque Covers

Minimum Opaque Covers for Polygonal The Connected Regions Opaque Cover Problem Opaque Covers

Minimum Opaque Covers M. Brazil Preliminaries Minimum Opaque Covers for Polygonal The Connected Regions Opaque Cover Problem Opaque Covers with Multiple Connected Marcus Brazil Components Scott Provan, Doreen Thomas, Jia Weng Some

345 views • 16 slides
Simple interval observers for linear impulsive systems with applications to sampled-data and

Simple interval observers for linear impulsive systems with applications to sampled-data and

Simple interval observers for linear impulsive systems with applications to sampled-data and switched systems Corentin Briat and Mustafa Khammash - D-BSSE - ETH-Z urich 2017 IFAC World Congress, Toulouse, France Contents 1 Introduction 2

432 views • 27 slides
Co-synthesis techniques for embedded systems embedded systems Kelvin Yuk June 5, 2002 EEC282 -

Co-synthesis techniques for embedded systems embedded systems Kelvin Yuk June 5, 2002 EEC282 -

Co-synthesis techniques for embedded systems embedded systems Kelvin Yuk June 5, 2002 EEC282 - Akella Introduction Co-synthesis of high-level systems Approaches to co-synthesis 1. Architectural Co-synthesis Algorithm 2. Process

257 views • 10 slides
Dynamic Systems Using R for Systems Understanding A Dynamic Approach Evolution of systems in

Dynamic Systems Using R for Systems Understanding A Dynamic Approach Evolution of systems in

Introduction Methods Lab model Ecosystem model Outlook Summary Dynamic Systems Using R for Systems Understanding A Dynamic Approach Evolution of systems in time (or / and space) Growth of organisms (and of my children), Thomas Petzoldt

538 views • 7 slides
Computational Design Synthesis of Passive Dynamic Systems Fritz Stckli Prof. Dr. Kristina Shea

Computational Design Synthesis of Passive Dynamic Systems Fritz Stckli Prof. Dr. Kristina Shea

Computational Design Synthesis of Passive Dynamic Systems Fritz Stckli Prof. Dr. Kristina Shea Engineering Design + Computing Laboratory Department of Mechanical and Process Engineering ETH Zrich May 8 2019 Fritz Stckli, Prof. Dr.

466 views • 45 slides
Computing the Coverage of Opaque Forests Alexis Beingessner and Michiel Smid Opaque Forests Given

Computing the Coverage of Opaque Forests Alexis Beingessner and Michiel Smid Opaque Forests Given

Computing the Coverage of Opaque Forests Alexis Beingessner and Michiel Smid Opaque Forests Given some closed and bounded convex polygon R , an opaque forest , or barrier , of R is any set B of closed and bounded line segments such that any line

757 views • 71 slides
Recovering the initial state of dynamical systems using observers Ghislain Haine Institut Sup

Recovering the initial state of dynamical systems using observers Ghislain Haine Institut Sup

Introduction Questions ? Recovering the initial state of dynamical systems using observers Ghislain Haine Institut Sup erieur de lA eronautique et de lEspace (ISAE) Department of Mathematics, Computer Science, Control Toulouse,

557 views • 12 slides
Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth

Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth

Data Assurance in Opaque Computations High Assurance Systems Engineering Guy Haworth guy.haworth@bnc.oxon.org 1 Data Assurance - ACG12, 2009-05-11 Topics Motivation Systems Engineering Cycle Definition: the Problem Domain and the

824 views • 27 slides
WATER BASED INKS Opaque, semi-opaque and transparent KIIAN GROUP VISION KIIAN SCREEN Kiian is

WATER BASED INKS Opaque, semi-opaque and transparent KIIAN GROUP VISION KIIAN SCREEN Kiian is

WATER BASED INKS Opaque, semi-opaque and transparent KIIAN GROUP VISION KIIAN SCREEN Kiian is a leading international supplier of high quality, sustainable specialty products that We are developing the future of textile printing by drawing

591 views • 31 slides
authentication for standardization Hugo Krawczyk IBM Research RWC 2019 01-09-19

authentication for standardization Hugo Krawczyk IBM Research RWC 2019 01-09-19

OPAQUE: Strong client-server password authentication for standardization Hugo Krawczyk IBM Research RWC 2019 01-09-19 bit.ly/OPAQUE-paper: S. Jarecki, H. Krawczyk, J. Xu , Eurocrypt 2018 bit.ly/OPAQUE-draft:

356 views • 23 slides
A Dynamic Memory Allocation Library for High-Level Synthesis Nicholas V. Giamblanco and Jason H.

A Dynamic Memory Allocation Library for High-Level Synthesis Nicholas V. Giamblanco and Jason H.

A Dynamic Memory Allocation Library for High-Level Synthesis Nicholas V. Giamblanco and Jason H. Anderson University of Toronto, Canada Dept. of Electrical and Computer Engineering FPL 2019 Dynamic Memory Allocation in HLS: Current Problems

1.2k views • 13 slides
Input Strictly Local Opaque Maps Chandlee, Heinz, and Jardine (to appear in Phonology ) 1.

Input Strictly Local Opaque Maps Chandlee, Heinz, and Jardine (to appear in Phonology ) 1.

LIN 629 Learnability Presenter: Ji Yea Kim November 28, 2017 Input Strictly Local Opaque Maps Chandlee, Heinz, and Jardine (to appear in Phonology ) 1. Introduction Extension: opaque generalizations provided by Bakovic (2007)

62 views • 5 slides
Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have to worry about types (+ Dynamic) Dependent on input (- Dynamic) Runtime overhead (- Dynamic) Serve as documentation (+ Static)

572 views • 24 slides
Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

DLS, Portland, 2006 10 23 Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole? Ian Piumarta Viewpoints Research Institute ian@squeakland.org dynamic dynamic? data? extending objects

719 views • 42 slides
The Stanford Lightning Report What a new methodological approach for rapid qualitative synthesis

The Stanford Lightning Report What a new methodological approach for rapid qualitative synthesis

The Stanford Lightning Report What a new methodological approach for rapid qualitative synthesis can tell us about prospective evaluation of implementation in dynamic systems Cati Brown-Johnson PhD, Nadia Safaeinili MPH, Dani Zionts MScPH, Laura

347 views • 16 slides
5 STEPS TO EMAIL-MARKETING SUCCESS Ken Shillington | Director, Conversion Optimization &

5 STEPS TO EMAIL-MARKETING SUCCESS Ken Shillington | Director, Conversion Optimization &

5 STEPS TO EMAIL-MARKETING SUCCESS Ken Shillington | Director, Conversion Optimization & Account Management | FulcrumTech, LLC 215-489-9336 | kshillington@fulcrumtech.net SUCCESS POINT #1: MEASURE EVERYTHING List size Active list

688 views • 41 slides
Privilege Escalation via Client Management Software November 21, 2015 November 21, 2015

Privilege Escalation via Client Management Software November 21, 2015 November 21, 2015

Privilege Escalation via Client Management Software November 21, 2015 November 21, 2015 Matthias Deeg | BSidesVienna 0x7DF 1 Who am I? Dipl.-Inf. Matthias Deeg Expert IT Security Consultant CISSP, CISA, OSCP, OSCE especially IT security

749 views • 36 slides
Shared Music Vision An application that allows users to suggest songs to their friends

Shared Music Vision An application that allows users to suggest songs to their friends

Shared Music Vision An application that allows users to suggest songs to their friends Works as an extension to an existing music player Have a temporary playlist that all friends can add to that you can listen to whenever

254 views • 3 slides
Supplemental Stanley Domanski Portfolio Specialist Gregory Balewicz Lord Abbett 90 Hudson

Supplemental Stanley Domanski Portfolio Specialist Gregory Balewicz Lord Abbett 90 Hudson

BAY COUNTY VOLUNTARY EMPLOYEES BENEFICIARY ASSOCIATION Supplemental Stanley Domanski Portfolio Specialist Gregory Balewicz Lord Abbett 90 Hudson Street Director, Institutional Investor Services Jersey City, NJ 07302 INVESTMENT SUMMARY Bay

402 views • 3 slides
How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red Hat, Inc. What is an Identity Management System and why should I care ? In a nutshell: an IdM system is a set of services and rules to manage

586 views • 22 slides
61A Lecture 15 Monday, October 7 Announcements Homework 4 due Tuesday 10/8 @ 11:59pm.

61A Lecture 15 Monday, October 7 Announcements Homework 4 due Tuesday 10/8 @ 11:59pm.

61A Lecture 15 Monday, October 7 Announcements Homework 4 due Tuesday 10/8 @ 11:59pm. Project 2 due Thursday 10/10 @ 11:59pm. Homework 5 due Tuesday 10/15 @ 11:59pm. Extra reader office hours this week in 405 Soda : Tuesday

761 views • 20 slides
61A Lecture 16 Terminology: Python object system: Functions are objects. Wednesday, October 3

61A Lecture 16 Terminology: Python object system: Functions are objects. Wednesday, October 3

Terminology: Attributes, Functions, and Methods All objects have attributes, which are name-value pairs Classes are objects too, so they have attributes Instance attributes: attributes of instance objects Class attributes: attributes of class

522 views • 3 slides
Thank you for joining us today! The webinar will begin momentarily. During the webinar,

Thank you for joining us today! The webinar will begin momentarily. During the webinar,

Thank you for joining us today! The webinar will begin momentarily. During the webinar, participants are encouraged to ask questions by typing in the question box. A follow-up email will be sent to all NP SEDS POCs that will include the link to

630 views • 59 slides

More recommend