formal verification and security group
play

Formal Verification and Security Group Research Interests Natasha - PowerPoint PPT Presentation

Feb 03, 2023 •48 likes •578 views

Formal Verification and Security Group Research Interests Natasha Sharygina www.verify.inf.usi.ch Universit` a della Svizzera Italiana (USI) October 30, 2009 FVS Group (USI) Research Interests October 30, 2009 1 / 21 Outline FVS group

  1. Formal Verification and Security Group Research Interests Natasha Sharygina www.verify.inf.usi.ch Universit` a della Svizzera Italiana (USI) October 30, 2009 FVS Group (USI) Research Interests October 30, 2009 1 / 21

  2. Outline • FVS group at USI • Group projects • Synergy of precise and fast abstraction • SMT-based decision procedures • Loop summarization FVS Group (USI) Research Interests October 30, 2009 2 / 21

  3. Formal Verification and Security Group at USI Universit` a della Svizzera Italiana (USI or University of Lugano) is located in the southernmost (and sunniest) part of Switzerland. Members: • Prof. Natasha Sharygina • Postdoc: Roberto Bruttomesso • PhD Students: Aliaksei Tsitovich, Simone Rollini FVS Group (USI) Research Interests October 30, 2009 3 / 21

  4. Formal Verification and Security Group at USI FVS Group (USI) Research Interests October 30, 2009 3 / 21

  5. Synergy of precise and fast abstraction FVS Group (USI) Research Interests October 30, 2009 4 / 21

  6. Project motivation: existing approaches to abstraction in CEGAR loop are not perfect Precise abstraction • Minimal number of abstract transitions (no spurious transitions) FVS Group (USI) Research Interests October 30, 2009 5 / 21

  7. Project motivation: existing approaches to abstraction in CEGAR loop are not perfect Precise abstraction • Minimal number of abstract transitions (no spurious transitions) • Adding new predicates is enough to refine spurious path FVS Group (USI) Research Interests October 30, 2009 5 / 21

  8. Project motivation: existing approaches to abstraction in CEGAR loop are not perfect Precise abstraction • Minimal number of abstract transitions (no spurious transitions) • Adding new predicates is enough to refine spurious path • But... Very slow computation (exponential in the number of predicates). FVS Group (USI) Research Interests October 30, 2009 5 / 21

  9. Project motivation: existing approaches to abstraction in CEGAR loop are not perfect Fast abstraction Precise abstraction • Many ways to approximate the • Minimal number of abstract abstraction (Cartesian transitions (no spurious abstraction, predicate transitions) partitioning etc.) • Adding new predicates is enough to refine spurious path • But... Very slow computation (exponential in the number of predicates). FVS Group (USI) Research Interests October 30, 2009 5 / 21

  10. Project motivation: existing approaches to abstraction in CEGAR loop are not perfect Fast abstraction Precise abstraction • Many ways to approximate the • Minimal number of abstract abstraction (Cartesian transitions (no spurious abstraction, predicate transitions) partitioning etc.) • Adding new predicates is enough • Usually very fast computation to refine spurious path • But... Very slow computation (exponential in the number of predicates). FVS Group (USI) Research Interests October 30, 2009 5 / 21

  11. Project motivation: existing approaches to abstraction in CEGAR loop are not perfect Fast abstraction Precise abstraction • Many ways to approximate the • Minimal number of abstract abstraction (Cartesian transitions (no spurious abstraction, predicate transitions) partitioning etc.) • Adding new predicates is enough • Usually very fast computation to refine spurious path • But... • But... Very slow computation • Introduces spurious transitions (exponential in the number of (abstraction contains both predicates). spurious transitions and spurious paths) • Requires many refinement iterations to remove numerous spurious transitions. FVS Group (USI) Research Interests October 30, 2009 5 / 21

  12. Our solution: combine fast and precise predicate abstraction in CEGAR loop Start with fast abstraction Program Model Checking Abstraction No violations Counterexample π Real bug Refinement Simulation Spurious Refine as precise as possible FVS Group (USI) Research Interests October 30, 2009 6 / 21

  13. Components of our algorithm • FastAbstraction : given a set of predicates Π and a concrete transition relation T computes program over-approximation for ˆ T Π . • PreciseAbstraction : given a set of predicates Π and a concrete transition relation T computes the minimal abstraction for ˆ T Π . • SpuriousTransition ( π ): given a path π , maps every transition t in = ˆ π to a set of predicates P , s.t. P ⊆ Π and t �| T P . • SpuriousPath ( π ): given a path π , maps every transition t in π to a = ˆ set of predicates P , s.t. π �| T σ SP ( t ) . Note that Π ⊆ P , i.e., SpuriousPath introduces new predicates. FVS Group (USI) Research Interests October 30, 2009 7 / 21

  14. The “synergy” algorithm MixCegarLoop( TransitionSystem M, Property F ) begin Let’s proceed stepwise Π = InitialPredicates( F,T ) ; α = FastAbstraction( T, Π ) ; while not TIMEOUT do π = ModelCheck( α ,F ) ; if π = ∅ then return CORRECT; else σ ST = SpuriousTransition( π ) ; if σ ST � = ∅ then foreach t ∈ π do C = PreciseAbstraction( T, σ ST ( t ) ) ; α = α ∧ C ; else σ SP = SpuriousPath( π ) ; if σ SP � = ∅ then return INCORRECT; else foreach t ∈ π do Π = Π ∪ σ SP ( t ); C = PreciseAbstraction( T, σ SP ( t ) ) ; α = α ∧ C ; end FVS Group (USI) Research Interests October 30, 2009 8 / 21

  15. The “synergy” algorithm Choose initial predi- MixCegarLoop( TransitionSystem M, Property F ) begin cates Π and use them Π = InitialPredicates( F,T ) ; α = FastAbstraction( T, Π ) ; for fast abstraction while not TIMEOUT do π = ModelCheck( α ,F ) ; if π = ∅ then return CORRECT; else σ ST = SpuriousTransition( π ) ; if σ ST � = ∅ then foreach t ∈ π do C = PreciseAbstraction( T, σ ST ( t ) ) ; α = α ∧ C ; else σ SP = SpuriousPath( π ) ; if σ SP � = ∅ then return INCORRECT; else foreach t ∈ π do Π = Π ∪ σ SP ( t ); C = PreciseAbstraction( T, σ SP ( t ) ) ; α = α ∧ C ; end FVS Group (USI) Research Interests October 30, 2009 8 / 21

  16. The “synergy” algorithm Perform Model Check- MixCegarLoop( TransitionSystem M, Property F ) begin ing and obtain coun- Π = InitialPredicates( F,T ) ; α = FastAbstraction( T, Π ) ; terexample π (if it ex- while not TIMEOUT do π = ModelCheck( α ,F ) ; ists) if π = ∅ then return CORRECT; else σ ST = SpuriousTransition( π ) ; if σ ST � = ∅ then foreach t ∈ π do C = PreciseAbstraction( T, σ ST ( t ) ) ; α = α ∧ C ; else σ SP = SpuriousPath( π ) ; if σ SP � = ∅ then return INCORRECT; else foreach t ∈ π do Π = Π ∪ σ SP ( t ); C = PreciseAbstraction( T, σ SP ( t ) ) ; α = α ∧ C ; end FVS Group (USI) Research Interests October 30, 2009 8 / 21

  17. The “synergy” algorithm MixCegarLoop( TransitionSystem M, Property F ) Compute spurious tran- begin Π = InitialPredicates( F,T ) ; sitions ( σ ST : ∀ t ∈ π → α = FastAbstraction( T, Π ) ; while not TIMEOUT do = ˆ P ⊆ Π ∧ t �| T P ) π = ModelCheck( α ,F ) ; if π = ∅ then return CORRECT; else σ ST = SpuriousTransition( π ) ; if σ ST � = ∅ then foreach t ∈ π do C = PreciseAbstraction( T, σ ST ( t ) ) ; α = α ∧ C ; else σ SP = SpuriousPath( π ) ; if σ SP � = ∅ then return INCORRECT; else foreach t ∈ π do Π = Π ∪ σ SP ( t ); C = PreciseAbstraction( T, σ SP ( t ) ) ; α = α ∧ C ; end FVS Group (USI) Research Interests October 30, 2009 8 / 21

  18. The “synergy” algorithm 1 Perform Precise- MixCegarLoop( TransitionSystem M, Property F ) Abstraction for begin Π = InitialPredicates( F,T ) ; predicates P α = FastAbstraction( T, Π ) ; while not TIMEOUT do related to spurious π = ModelCheck( α ,F ) ; if π = ∅ then return CORRECT; transitions ∀ t ∈ π . else σ ST = SpuriousTransition( π ) ; if σ ST � = ∅ then 2 Remove detected foreach t ∈ π do spurious C = PreciseAbstraction( T, σ ST ( t ) ) ; α = α ∧ C ; transitions by else σ SP = SpuriousPath( π ) ; refining original if σ SP � = ∅ then return INCORRECT; abstraction else foreach t ∈ π do Π = Π ∪ σ SP ( t ); C = PreciseAbstraction( T, σ SP ( t ) ) ; Note, all spurious transitions related α = α ∧ C ; to detected predicates are removed end at once! FVS Group (USI) Research Interests October 30, 2009 8 / 21

  19. The “synergy” algorithm Otherwise check if π MixCegarLoop( TransitionSystem M, Property F ) begin has any spurious path Π = InitialPredicates( F,T ) ; α = FastAbstraction( T, Π ) ; ( σ SP : t ∈ π → Π ⊆ while not TIMEOUT do π = ModelCheck( α ,F ) ; = ˆ P ∧ π �| T σ SP ( t ) ) if π = ∅ then return CORRECT; else σ ST = SpuriousTransition( π ) ; if σ ST � = ∅ then foreach t ∈ π do C = PreciseAbstraction( T, σ ST ( t ) ) ; α = α ∧ C ; else σ SP = SpuriousPath( π ) ; if σ SP � = ∅ then return INCORRECT; else foreach t ∈ π do Π = Π ∪ σ SP ( t ); C = PreciseAbstraction( T, σ SP ( t ) ) ; α = α ∧ C ; end FVS Group (USI) Research Interests October 30, 2009 8 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

911 views • 63 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science, University of Bristol Finse Winter School, 7 May 2015 Security protocols: roles and goals Roles: P 1 , . . . , P n (e.g. clients, servers, devices,

1.43k views • 127 slides
Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz

Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz

Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz ramosblc@gmail.com Black Hat Europe 2009 Overview Give a brief overview of the emulation- based security testing Introduction to VEX Formalism

376 views • 26 slides
Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Introduction Formal Definitions Case Studies Conclusion Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Universit Grenoble 1, CNRS, VERIMAG firstname.lastname@imag.fr Principles of Security and

806 views • 68 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language for Java Used for the

620 views • 41 slides
Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1

Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1

Introduction on security protocols Formal models Unbounded number of sessions Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1 LORIA, CNRS 1/65 V eronique Cortier Verification of Security

1.29k views • 111 slides
Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Roberto Guanciale Estonian Winter School Day 01 Formal verification of low-level execution platforms Roberto Guanciale Assistant professor Computer Security Department of Theoretical Computer Science @KTH Research interest in Formal

895 views • 71 slides
OpenLoops 2 M. F. Zoller in collaboration with F. Buccioni, J.-N. Lang, J. Lindert, P.

OpenLoops 2 M. F. Zoller in collaboration with F. Buccioni, J.-N. Lang, J. Lindert, P.

OpenLoops 2 M. F. Zoller in collaboration with F. Buccioni, J.-N. Lang, J. Lindert, P. Maierhfer, S. Pozzorini and H. Zhang [arxiv:1907.13071] LoopFest XVIII Fermilab 08/14/2019 OpenLoops OpenLoops is a fully automated numerical tool

658 views • 45 slides
In Increasing Soundness and Precision of Static Analyzers Anders Mller Aarhus University

In Increasing Soundness and Precision of Static Analyzers Anders Mller Aarhus University

Systematic Approaches for In Increasing Soundness and Precision of Static Analyzers Anders Mller Aarhus University Joint work with Esben Sparre Andreasen and Benjamin Barslev Nielsen C ENTER FOR A DVANCED S OFTWARE A NALYSIS

530 views • 17 slides
Anthony J. Damico Analyzing European social survey data with R Kaunas University of Technology

Anthony J. Damico Analyzing European social survey data with R Kaunas University of Technology

Anthony J. Damico Analyzing European social survey data with R Kaunas University of Technology 2014 09 15 Why use R? R is a language and environment for statistical computing and graphics More than just another statistical analysis

491 views • 26 slides
Two-Way Alternating Automata and Finite Models Tedious proofs of irrelevant results Mikolaj

Two-Way Alternating Automata and Finite Models Tedious proofs of irrelevant results Mikolaj

Two-Way Alternating Automata and Finite Models Tedious proofs of irrelevant results Mikolaj Bojanczyk Warsaw University Two-Way Alternating Automata and Finite Models p.1/18 Intuition on the automaton A two-way alternating automaton

799 views • 57 slides
Data Linking: Capturing and Utilising Implicit Schema-Level Relations Andriy Nikolov Victoria

Data Linking: Capturing and Utilising Implicit Schema-Level Relations Andriy Nikolov Victoria

Data Linking: Capturing and Utilising Implicit Schema-Level Relations Andriy Nikolov Victoria Uren Enrico Motta Data linking: current state Automatic instance matching algorithms SILK, ODDLinker, KnoFuss, Pairwise matching

263 views • 12 slides
Holographic Techni-dilaton Maurizio Piai Swansea University D. Elander, MP, arXiv: 1212.2600 D.

Holographic Techni-dilaton Maurizio Piai Swansea University D. Elander, MP, arXiv: 1212.2600 D.

Holographic Techni-dilaton Maurizio Piai Swansea University D. Elander, MP, arXiv: 1212.2600 D. Elander, MP arXiv: 1112.2915 - NPB R. Lawrance, MP arXiv: 1207.0427 D. Elander, MP arXiv: 1208.0546 - NPB C. Nunez, I. Papadimitriou, MP

683 views • 29 slides
Making the Electroweak Phase Transition (Theoretically) Strong Welcome and Theory Overview April

Making the Electroweak Phase Transition (Theoretically) Strong Welcome and Theory Overview April

Making the Electroweak Phase Transition (Theoretically) Strong Welcome and Theory Overview April 6, 2017 ACFI Workshop Hiren Patel hhpatel@umass.edu Workshop Goals 1. How can we get more accurate estimates of physical quantities

389 views • 25 slides
Energy calibration of electrons and photons in ATLAS and impact on precision measurements of the

Energy calibration of electrons and photons in ATLAS and impact on precision measurements of the

Energy calibration of electrons and photons in ATLAS and impact on precision measurements of the Higgs boson properties in the diphoton channel Saskia Falke Journ ees de Rencontre de Jeunes Chercheurs December 2017 Outline Introduction:

111 views • 8 slides

More recommend