methods and tools for design time and runtime formal
play

Methods and tools for design time and runtime formal analysis of - PowerPoint PPT Presentation

May 17, 2023 •96 likes •731 views

Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015

  1. Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015 M.Rocchetto PhD Thesis Verona, May 8, 2015 1

  2. Introduction 1 Design time security verification 2 History Security Protocol interpolation Method (SPiM) Example The SPiM tool Runtime security verification 3 M.Rocchetto PhD Thesis Verona, May 8, 2015 2

  3. Outline Introduction 1 Design time security verification 2 History Security Protocol interpolation Method (SPiM) Example The SPiM tool Runtime security verification 3 M.Rocchetto PhD Thesis Verona, May 8, 2015 3

  4. Introduction - What What Formal techniques for the verification of: security protocols web applications Design time: SPiM , protocol verification using Craig interpolation as a speed-up technique Runtime: Formalization of web applications (major EU bank) searching for CSRF M.Rocchetto PhD Thesis Verona, May 8, 2015 4

  5. Introduction - Why Verification protocol/webapp verification: difficult & error-prone state space explosion (DY) Interpolation good results in sw verification: can we use interpolation with protocols? can we use interpolation with DY? Web applications good results with formal verification of protocols: can we use it with web applications? can we use the DY or a specific web intruder? how can we model a webapp? M.Rocchetto PhD Thesis Verona, May 8, 2015 5

  6. Outline Introduction 1 Design time security verification 2 History Security Protocol interpolation Method (SPiM) Example The SPiM tool Runtime security verification 3 M.Rocchetto PhD Thesis Verona, May 8, 2015 6

  7. Outline Introduction 1 Design time security verification 2 History Security Protocol interpolation Method (SPiM) Example The SPiM tool Runtime security verification 3 M.Rocchetto PhD Thesis Verona, May 8, 2015 7

  8. Interpolation, once upon a time William Craig , “ Three Uses of the Herbrand- Gentzen Theorem in Relating Model Theory and Proof Theory ”, The Journal of Symbolic Logic, 1957 William Craig, UC Berkeley Logic Group picnic 1977. Craig interpolation M.Rocchetto PhD Thesis Verona, May 8, 2015 8

  9. Interpolation, once upon a time William Craig , “ Three Uses of the Herbrand- Gentzen Theorem in Relating Model Theory and Proof Theory ”, The Journal of Symbolic Logic, 1957 William Craig, UC Berkeley Logic Group picnic 1977. Craig interpolation M.Rocchetto PhD Thesis Verona, May 8, 2015 8

  10. Interpolation, once upon a time William Craig , “ Three Uses of the Herbrand- Gentzen Theorem in Relating Model Theory and Proof Theory ”, The Journal of Symbolic Logic, 1957 William Craig, UC Berkeley Logic Group picnic 1977. Craig interpolation In FOL, if α ∧ β is inconsistent, then there exists ˆ ı s.t. α implies ˆ ı ˆ ı implies ¬ β L (ˆ ı) ∈ L ( α ) ∩ L ( β ) M.Rocchetto PhD Thesis Verona, May 8, 2015 8

  11. Interpolation, 53 years later Kenneth L. McMillan , “ Lazy Annotation for Program Testing and Verification ”, Computer Aided Verification, 2010 Kenneth McMillan, somewhere in Japan IntraLA - for sequential programs M.Rocchetto PhD Thesis Verona, May 8, 2015 9

  12. Interpolation, 53 years later Kenneth L. McMillan , “ Lazy Annotation for Program Testing and Verification ”, Computer Aided Verification, 2010 Kenneth McMillan, somewhere in Japan IntraLA - for sequential programs Init - initialize the graph Decide - performs symbolic execution Learn - calculates interpolants Conjoin - backward if DFS is not leading to a goal M.Rocchetto PhD Thesis Verona, May 8, 2015 9

  13. Interpolation, 53 years later Kenneth L. McMillan , “ Lazy Annotation for Program Testing and Verification ”, Computer Aided Verification, 2010 Kenneth McMillan, somewhere in Japan IntraLA - for sequential programs Successfully applied in formal methods for model checking and test-case generation for sequential programs Unsuitable to the direct application for security protocols: sequential programs only no intruder logic M.Rocchetto PhD Thesis Verona, May 8, 2015 9

  14. Outline Introduction 1 Design time security verification 2 History Security Protocol interpolation Method (SPiM) Example The SPiM tool Runtime security verification 3 M.Rocchetto PhD Thesis Verona, May 8, 2015 10

  15. SPiM tool structure ASLan++2Sil Tools DY entity A{ Theories Z3 ... EUF } input Translator iZ3 entity B{ ∀ X ... } Verdict ASLan++ output SPiA quantifier A A elimination Java X 1 Java G … --SiL-- X n VE Source code and case studies available at http://regis.di.univr.it/spim.php M.Rocchetto PhD Thesis Verona, May 8, 2015 11

  16. Running Example Needham-Schroeder Public Key (NSPK) protocol A → B : { N A , A } pk ( B ) B → A : { N A , N B } pk ( A ) A → B : { N B } pk ( B ) Man-in-the-middle attack A → i : { N A , A } pk ( i ) i ( A ) → B : { N A , A } pk ( B ) B → i ( A ) : { N A , N B } pk ( A ) i → A : { N A , N B } pk ( A ) A → i : { N B } pk ( i ) i ( A ) → B : { N B } pk ( B ) M.Rocchetto PhD Thesis Verona, May 8, 2015 12

  17. Running Example Needham-Schroeder with Lowe’s fix (NSL) protocol A → B : { N A , A } pk ( B ) B → A : { N A , N B , B } pk ( A ) A → B : { N B } pk ( B ) M.Rocchetto PhD Thesis Verona, May 8, 2015 13

  18. Input ASLan++2Sil T DY o o l entity A{ s Theories Z3 ... EUF } input Translator iZ3 entity B{ ∀ X ... } Verdict ASLan++ output SPiA quantifier A A elimination Java X 1 Java G … --SiL-- X n VE Why ASLan++? strong background (AVANTSSAR) high level language (similar to Java) made for protocol analysis, one can specify: entities as parallel processes communication between entities M.Rocchetto PhD Thesis Verona, May 8, 2015 14

  19. Input ASLan++2Sil T DY o o l entity A{ s Theories Z3 ... EUF } input Translator iZ3 entity B{ ... ∀ X } Verdict ASLan++ output SPiA quantifier A A elimination Java X 1 Java G … --SiL-- X n VE ASLan++ NSL Code example Alice(Actor,B:agent){ Bob(Actor,A:agent){ Goal: Bob authenticates Alice Na:=fresh(); ?->Actor:{?Na.?A}_pk(Actor); ------------------------------- Actor->B:{Na.Actor}_pk(B); Nb:=fresh(); Instantiation: B->Actor:{Na.?Nb.B}_pk(Actor); Actor->A:{Na.Nb.B}_pk(A); Actor->B:{Nb}_pk(B); A->Actor:{Nb}_pk(Actor); Alice Bob (1) a i } } (2) i b M.Rocchetto PhD Thesis Verona, May 8, 2015 14

  20. Control Flow Graph and Intruder Actions ASLan++2Sil DY Tools entity A{ Theories Z3 ... EUF } input iZ3 entity B{ Translator ∀ X ... } ASLan++ Verdict output SPiA quantifier A A elimination Java X 1 Java G … --SiL-- X n VE IntraLA algorithm designed for sequential programs (K. McMillan. Lazy annotation for program testing and verification . CAV’10) To apply (a modified version of) IntraLA to security protocols, we define a translation of a specification of a protocol P for a given scenario into a sequential non-deterministic program M.Rocchetto PhD Thesis Verona, May 8, 2015 15

  21. From parallel to sequential Alice := a , Bob := i Alice(Actor,B:agent){ 1.1) Alice.Actor := a; Na:=fresh(); 1.2) Alice.B := Y_1; Actor->B:{Na.Actor}_pk(B); 1.3) IK := { a,b,i,pk_a,pk_b,pk_i,pk_i^-1 } ; B->Actor:{Na.?Nb.B}_pk(Actor); 1.4) Actor->B:{Nb}_pk(B); 1.5) Alice.Na := c_1; 1.6) IK := IK + { Alice.Na,Alice.Actor } _pk(Alice.B); } 1.7) 1.8) if (IK |- { Alice.Na,?Alice.Nb,Alice.B } _pk(Alice.Actor)) Bob(Actor,A:agent){ 1.9) then 1.10) Alice.Nb = Y_2; ?->Actor:{?Na.?A}_pk(Actor); 1.11) else Nb:=fresh(); 1.12) end Actor->A:{Na.Nb.B}_pk(A); 1.13) A->Actor:{Nb}_pk(Actor); 1.14) IK := IK + { Alice.Nb } _pk(Alice.B); } M.Rocchetto PhD Thesis Verona, May 8, 2015 16

  22. From parallel to sequential Alice := i , Bob := b 2.1) Bob.Actor := b; Alice(Actor,B:agent){ 2.2) IK := { a,b,i,pk_a,pk_b,pk_i,pk_i^-1 } ; 2.3) Na:=fresh(); if (IK |- { ?Bob.Na,?Bob.A } _pk(Bob.Actor)) 2.4) Actor->B:{Na.Actor}_pk(B); 2.5) then B->Actor:{Na.?Nb.B}_pk(Actor); 2.6) Bob.Na = Y_1; Actor->B:{Nb}_pk(B); 2.7) Bob.A = Y_2; 2.8) else } 2.9) end 2.10) Bob(Actor,A:agent){ 2.11) Bob.Nb := c_1; 2.12) IK := IK + { Bob.Na,Bob.Nb,Bob.Actor } _pk(Bob.A); ?->Actor:{?Na.?A}_pk(Actor); 2.13) Nb:=fresh(); 2.14) if (IK |- { Bob.Nb } _pk(Bob.Actor)) Actor->A:{Na.Nb.B}_pk(A); 2.15) then A->Actor:{Nb}_pk(Actor); 2.16) do nothing 2.17) else } 2.18) end M.Rocchetto PhD Thesis Verona, May 8, 2015 17

  23. Control Flow Graph - NSL l 0 [X i = k] Combining sessions 1.1-3 stands for the 2.1-2 Intruder's choice l 1 Input variables X i to switch 1.5-6 between sessions l 2 [X 1 =1] [X 1 =2] l 3 l 7 1.1) Alice.Actor := a; 1.8-14 2.4-12 1.2) Alice.B := Y_1; 1.3) IK := { a,b,i,pk_a,pk_b,pk_i,pk_i^-1 } ; l 4 l 8 1.4) [X 2 =1] [X 2 =2] 1.5) Alice.Na := c_1; 2.4-12 1.6) IK := IK + { Alice.Na,Alice.Actor } _pk(Alice.B); 1.7) l 9 l 5 l 10 1.8) if (IK |- 1.8-14 2.14-18 { Alice.Na,?Alice.Nb,Alice.B } _pk(Alice.Actor)) 2.14-18 1.9) then l 11 1.10) Alice.Nb = Y_2; l 6 1.11) else 1.8-14 1.12) end if (Bob.A != i) 1.13) l 12 1.14) IK := IK + { Alice.Nb } _pk(Alice.B); if (Bob.A != i) g M.Rocchetto PhD Thesis Verona, May 8, 2015 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

F F F Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T M&&T June 27, 03 Formal Methods && Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
Formal System Design Process with UML Use a formal process & tools to facilitate and

Formal System Design Process with UML Use a formal process & tools to facilitate and

Formal System Design Process with UML Use a formal process & tools to facilitate and automate design steps: Requirements Specification System architecture Coding/chip design Testing Text: Chapter 1.4 Other resources on course web

584 views • 41 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI

Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI

Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI November 2013 Abstract Looking at the past decades of interactive (and automated) theorem proving, and tools that integrate both for program

461 views • 34 slides
Tools and and Methods Methods for for the Design the Design Tools of Multi Multi- -Device

Tools and and Methods Methods for for the Design the Design Tools of Multi Multi- -Device

Tools and and Methods Methods for for the Design the Design Tools of Multi Multi- -Device Device User User Interfaces Interfaces of Fabio Patern fabio.paterno@isti.cnr.it http://giove.isti.cnr.it/~ fabio/ ISTI-C.N.R. Pisa, Italy

939 views • 58 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
formal methods & tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman

formal methods & tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman

UNIVERSITY OF TWENTE. formal methods & tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman Joint with Freark van der Berg Sept 17, 2012 Imperial College, London, UK ... ... Spin Model Checker Process Meta-Language (

1.23k views • 39 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang University of Washington Goal: formally verified (e)BPF JITs in the

267 views • 22 slides
Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU Expensive in power, area No protection from design errors Does not survive permanent faults Last time we saw an approach that leveraged

246 views • 7 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods Research at SICS and KTH - An Overview - Mads Dam SICS and KTH/IMIT FMICS'03

Formal Methods Research at SICS and KTH - An Overview - Mads Dam SICS and KTH/IMIT FMICS'03

FORMAL DESIGN TECHNIQUES Formal Methods Research at SICS and KTH - An Overview - Mads Dam SICS and KTH/IMIT FMICS'03 Rros,Norway, June 2003 1 FORMAL DESIGN TECHNIQUES Executive Summary Group of researchers from SICS and IMIT, KTH

401 views • 9 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft

Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft

Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft http://research.microsoft.com/~tball Outline 20 Years at Microsoft (1999-present) The great work of others at Microsoft 20 Years at Microsoft From EULA to SLA

888 views • 72 slides
Thesis Defense: Developing Real-Time Collaborative Editing Using Formal Methods Lars Tveito

Thesis Defense: Developing Real-Time Collaborative Editing Using Formal Methods Lars Tveito

Thesis Defense: Developing Real-Time Collaborative Editing Using Formal Methods Lars Tveito September 9th, 2016 Department of Informatics, University of Oslo Outline Introduction Formal Semantics of Editing Operations Related Work

1.21k views • 101 slides
Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI ICS, SAL, and Stateflow: 1 Introduction Weve distributed the PVS Verification

978 views • 45 slides
Topics Old bus standards disappear (ISA), or are slowly fading away (USB 1, parallel

Topics Old bus standards disappear (ISA), or are slowly fading away (USB 1, parallel

What we Need to Make I/O Work? Lecture 7: I/O and Exceptions A way to connect many types of Devices to the Proc-Mem Topics Old bus standards disappear (ISA), or are slowly fading away (USB 1, parallel printer, AGP) , while new are

263 views • 5 slides
CSCI-2500: Computer Organization Chapter 2: Instructions: Lanaguage of the Computer

CSCI-2500: Computer Organization Chapter 2: Instructions: Lanaguage of the Computer

CSCI-2500: Computer Organization Chapter 2: Instructions: Lanaguage of the Computer Stored Program Computer n Recall that computers read instructions from memory (memory is a big array of bits). n Each instruction is represented by a

1.65k views • 143 slides
.include "defines.h" .data hello: ta8 .string "hello

.include "defines.h" .data hello: ta8 .string "hello

System call example .include "defines.h" .data hello: ta8 .string "hello world\n" .text .globl _start _start: movl $SYS_write,%eax // SYS_write = 4 Spring 200 6 movl $STDOUT,%ebx // fd =

84 views • 4 slides
Code Generation We can emit stack-machine-style code for expressions via recursion (We will use

Code Generation We can emit stack-machine-style code for expressions via recursion (We will use

The Main Idea of Todays Lecture Code Generation We can emit stack-machine-style code for expressions via recursion (We will use MIPS assembly as our target language) 2 Compiler Design I (2011) Lecture Outline Stack Machines What are

319 views • 10 slides
Design of intelligent surveillance systems: a game theoretic case Nicola Basilico Department of

Design of intelligent surveillance systems: a game theoretic case Nicola Basilico Department of

Design of intelligent surveillance systems: a game theoretic case Nicola Basilico Department of Computer Science University of Milan Outline Introduction to Game Theory and solution concepts Game definition Solution concepts:

1.12k views • 60 slides
ECE232: Hardware Organization and Design Lecture 5: MIPs Decision-Making Instructions Adapted from

ECE232: Hardware Organization and Design Lecture 5: MIPs Decision-Making Instructions Adapted from

ECE232: Hardware Organization and Design Lecture 5: MIPs Decision-Making Instructions Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Overview Computers need to make decisions Microprocessors support

602 views • 17 slides
Compiler Design and Construction Code Generation Pop Quiz/Review What options do we have for

Compiler Design and Construction Code Generation Pop Quiz/Review What options do we have for

Compiler Design and Construction Code Generation Pop Quiz/Review What options do we have for generating code? If we choose IR, what options do we have for IR? 2 Code Generation April, 2011 Intermediate Code Generation A OR B AND NOT C

532 views • 50 slides
Code Generation The Main Idea of Todays Lecture We can emit stack-machine-style code for

Code Generation The Main Idea of Todays Lecture We can emit stack-machine-style code for

Code Generation The Main Idea of Todays Lecture We can emit stack-machine-style code for expressions via recursion (We will use MIPS assembly as our target language) 2 Lecture Outline What are stack machines? The MIPS assembly

596 views • 40 slides

More recommend