verification of communication protocols with messages
play

Verification of Communication Protocols with Messages Carrying - PowerPoint PPT Presentation

Jan 05, 2024 •163 likes •563 views

ASYNCHRON 2006 Verification of Communication Protocols with Messages Carrying Values Tristan Le Gall joint work with Bertrand Jeannet and Thierry J eron Vertecs team IRISA/INRIA Rennes page 1 Comunication protocols Communication

  1. ASYNCHRON 2006 Verification of Communication Protocols with Messages Carrying Values Tristan Le Gall joint work with Bertrand Jeannet and Thierry J´ eron Vertecs team IRISA/INRIA Rennes page 1

  2. Comunication protocols • Communication protocols are widely used with the developpement of the internet and other networks. • Formal verification uses models like Messages Sequence Charts(MSCs), Communi- cating Finite-State Machines(CFSMs) • Our goal : the verification of protocols modeled by an extention of CFSM, using the abstract interpretation framework. • This work can be applied to process/components of a systems using queues or large buffers, Kahn networks, etc. page 2

  3. The CFSM model 0 0 close open 1! close 1? close 1! open 1? open disconnect 2? disconnect 2! disconnect 1 1 (a) Client (b) Queues (c) Server 1! o 1? o 0,0 2? d 1! c 1? c 2! d 1,0 0,1 1? c 2? d 1! c 2! d 1,1 1! o 1? o (d) Global CFSM: product of client and server processes page 3

  4. The CFSM model 0 0 close open 1! close 1? close 1! open 1? open disconnect 2? disconnect 2! disconnect 1 1 (a) Client (b) Queues (c) Server 1? o 1! o 0,0 2? d 1! c 1? c 2! d 1,0 0,1 1? c 2? d 1! c 2! d 1,1 1! o 1? o (d) Global CFSM: product of client and server processes C = { ( 0 , 0 ) , ( 1 , 0 ) , ( 0 , 1 ) , ( 1 , 1 ) } page 3

  5. The CFSM model 0 0 close open 1! close 1? close 1! open 1? open disconnect 2? disconnect 2! disconnect 1 1 (a) Client (b) Queues (c) Server 1? o 1! o 0,0 2? d 1! c 1? c 2! d 1,0 0,1 1? c 2? d 1! c 2! d 1,1 1! o 1? o (d) Global CFSM: product of client and server processes Σ = { open , close } ∪ { disconnect } page 3

  6. The CFSM model 0 0 close open 1! close 1? close 1! open 1? open disconnect 2? disconnect 2! disconnect 1 1 (a) Client (b) Queues (c) Server 1? o 1! o 0,0 2? d 1! c 1? c 2! d 1,0 0,1 1? c 2? d 1! c 2! d 1,1 1! o 1? o (d) Global CFSM: product of client and server processes initial location c 0 = ( 0 , 0 ) page 3

  7. The CFSM model 0 0 close open 1! close 1? close 1! open 1? open disconnect 2! disconnect 2? disconnect 1 1 (a) Client (b) Queues (c) Server 1! o 1? o 0,0 2? d 1! c 1? c 2! d 1,0 0,1 1? c 2? d 1! c 2! d 1,1 1? o 1! o (d) Global CFSM: product of client and server processes An input : 1? o page 3

  8. The CFSM model 0 0 close open 1! close 1? close 1! open 1? open disconnect 2! disconnect 2? disconnect 1 1 (a) Client (b) Queues (c) Server 1? o 1! o 0,0 2? d 1! c 1? c 2! d 1,0 0,1 1? c 2? d 1! c 2! d 1,1 1? o 1! o (d) Global CFSM: product of client and server processes An output : 1! o page 3

  9. The CFSM model 0 0 close open 1! close 1? close 1! open 1? open disconnect 2! disconnect 2? disconnect 1 1 (a) Client (b) Queues (c) Server 1! o 1? o 0,0 2? d 1! c 1? c 2! d 1,0 0,1 1? c 2? d 1! c 2! d 1,1 1? o 1! o (d) Global CFSM: product of client and server processes A state of the CFSM : a location + contents of all queues page 3

  10. Problematics • Verification of safety properties • Main issue : reachability analysis • Undecidable in the general case • Our solution : compute an over-approximation of the reachability set page 4

  11. Outline • Introduction : model and problematics • Verification of CFSM • Limitations and new model • Representation of queues with messages carrying values • Application to the verification of symbolic CFSM • Conclusion page 5

  12. CFSM with a single queue • Σ : alphabet of messages • a content of a queue : a word w ∈ Σ ∗ • C → L (Σ ∗ ) • Operational semantics in terms of operations on languages : � c 1 , ! a,c 2 � ( c 1 , L ) − → ( c 2 , L.a ) • Reachability analysis : a fixpoint equation !a ?a a a a • Fixpoint equation L = ε ∪ L.a ∪ L/a • Solution : L = a ∗ page 6

  13. Abstraction • Main idea : work with regular over-approximations of the content of the queue • See the regular languages as an abstract lattice ( Reg (Σ) , ⊆ ) • Compute an over-approximation of the least fix-point with iterations L 0 = ε L i +1 = L i ∪ L i .a ∪ L i /a • Use a widening operator so that the computation terminates page 7

  14. Widening operator for regular languages(1) • Working on the Minimal Deterministic Automaton (MDA) M L • Quotient automaton � M L = M L / ≃ k (fusion of states) a a a a b a b a a a a b • ≃ k : auto-bisimilarity of depth k • ρ k ( L ) : language recognized by this quotient automaton page 8

  15. Widening operator for regular languages(2) △ • Widening operator L 1 ∇ k L 2 = ρ k ( L 1 ∪ L 2 ) • The following computation terminates and gives an over-approximation of the reach- ability set: L 0 = ε L i +1 = L i ∇ k ( L i .a ∪ L i /a ) • Result : L ∞ = a ∗ page 9

  16. Connexion/deconnexion protocol 0 0 close open 1! close 1? close 1! open 1? open disconnect 2? disconnect 2! disconnect 1 1 (a) Client (b) Queues (c) Server • The client can open and close a cession, or be forced to close the session if a disconnect message is received • The serveur can ask for a client to terminate his session page 10

  17. Analysis of the connexion/deconnexion Protocol Analysis with dependance Analysis without dependance Client/ Queue 1 # Queue 2 Client/ Queue 1 Queue 2 Server Server o ∗ + ( o ∗ c ) + ( ε + o + + o + c ) 0 / 0 ( co ) ∗ ( oc ) ∗ # ε + c ( oc ) ∗ # d 0 / 0 d ∗ ( o ∗ c ) ∗ o + 1 / 0 ( co ) ∗ ( oc ) ∗ o # ε + ( co ) ∗ # d 1 / 0 d ∗ o ∗ + ( o ∗ c ) + ( ε + o + + o + c ) 0 / 1 c ( oc ) ∗ # ε 0 / 1 d ∗ o + + o ∗ ( co + ) + 1 / 1 ( co ) ∗ # ε 1 / 1 d ∗ • Analysing the queues alltogether gives the exact result • Analysing each queue independently gives a very bad approximation page 11

  18. Protocol with non-regular reachability set 0 0 1! a 4? d 2? b 4! d 1 2 1 2 2! b 3! c • The reachability set is non-regular • Exact result : L (0 / 0) = a n ♯ε♯c n ♯ε • Relational analysis result : L (0 / 0) = ε♯ε♯ε♯ε + a♯ε♯c♯ε + aaa ∗ ♯ε♯ccc ∗ ♯ε page 12

  19. Outline • Introduction : model and problematics • Verification of CFSM • Limitations and new model • Representation of queues with messages carrying values • Application to the verification of symbolic CFSM • Conclusion page 13

  20. Already finished ? • The analysis terminates and return an over-approximation of the reachability set • The approximations of the queue contents are quite precise • We defined an abstract lattice for regular languages • But the model is not expressive enough page 14

  21. Sliding window protocols Data(S) Sender Receiver Ack(R,list) A S MS R H MR Can we check the (in)equations : – A ≤ R – S ≥ H – MR − R = MS − A page 15

  22. What shall we do ? • Do not care about real protocols • Add variables and parameters to the CFSM model and use a similar method on the new model. page 16

  23. New Model : Symbolic CFSM p=x true !a(p) ?a(p) x := x+1 y := p Each transition has • a guard : predicate on the value of the variables and the parameter • a comunication action with a parameter p : emission ! a ( p ) or reception ? a ( p ) • an affectation : gives the new value of the variables page 17

  24. Example of analysis p=x !a(p) x := x+1 • Toy example : the producer • Non-relational analysis : does not keep relation between the value of x and the values of the messages • Relational analysis : keep relation between the value of x and the values of the messages page 18

  25. Non-relational analysis Computation step Set of reachable states init [0 , 0] × ε step 1 [0 , 1] × a ([0 , 0]) step 2 [0 , 2] × a ([0 , 0]) + a ([0 , 0]) .a ([0 , 1]) step 3 [0 , 3] × a ([0 , 0]) + a ([0 , 0]) .a ([0 , 1]) + a ([0 , 0]) .a ([0 , 1]) .a ([0 , 2]) [0 , + ∞ [ × a ([0 , 1]) + a ([0 , 1]) . ( a ([0 , + ∞ [)) ∗ step4* We lose the relation p ≤ x . page 19

  26. Relational analysis Computation step Set of reachable states init { 0 ≤ x ≤ 0 }∧ ε step 1 { 0 ≤ x ≤ 1 }∧ a ( { 0 ≤ p = x − 1 } ) step 2 { 0 ≤ x ≤ 2 }∧ a ( { 0 ≤ p = x − 1 } ) + a ( { 0 ≤ p = x − 2 } ) .a ( { 0 ≤ p = x − 1 } ) { 0 ≤ x ≤ 3 }∧ a ( { 0 ≤ p = x − 1 } )+ step 3 + a ( { 0 ≤ p = x − 2 } ) .a ( { 0 ≤ p = x − 1 } )+ + a ( { 0 ≤ p = x − 3 } ) .a ( { 0 ≤ p = x − 2 } ) .a ( { 0 ≤ p = x − 1 } ) step 4* { 0 ≤ x } a ( { 0 ≤ p ≤ x − 1 } )+ + a ( { 0 ≤ p ≤ x − 1 } ) . ( a ( { 0 ≤ p ≤ x − 1 } )) ∗ page 20

  27. New abstractions In both cases we need : • Abstractions for the values of the variables : intervals, polyhedra,... • Representation of languages on the infinite alphabet Σ × Ω • Automata “with a lattice feature” page 21

  28. Outline • Introduction : model and problematics • Verification of CFSM • Limitations and new model • Representation of queues with messages carrying values • Application to the verification of symbolic CFSM • Conclusion page 22

  29. Lattice structure • (Ω , ⊑ Ω ) an abstract lattice (abstract values of the parameter) • Σ = { a 1 , . . . , a n } finite alphabet of messages • Λ = Σ × Ω the lattice with ( a 1 , P 1 ) ⊑ ( a 2 , P 2 ) ⇔ a 1 = a 2 ∧ P 1 ⊑ Ω P 2 • Example : lattice : Λ = Σ × I ; value: a ([0 , + ∞ [) page 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
Real-Time Communication slide credits: H. Kopetz, P. Puschner Overview Communication system

Real-Time Communication slide credits: H. Kopetz, P. Puschner Overview Communication system

Real-Time Communication slide credits: H. Kopetz, P. Puschner Overview Communication system requirements Controlling the flow of messages Types of protocols Properties of communication protocols Protocol examples 2 Importance

2.22k views • 87 slides
Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018 Outline 1 Formal Models 2

1.01k views • 81 slides
End-to-End Protocols Limitations of Underlying Best-effort Network (e.g., Internet) UDP

End-to-End Protocols Limitations of Underlying Best-effort Network (e.g., Internet) UDP

End-to-End Protocols End-to-End Protocols Limitations of Underlying Best-effort Network (e.g., Internet) UDP (User Datagram Protocol) drop messages re-orders messages delivers duplicate copies of a given message TCP

184 views • 5 slides
Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI model. 1 Layered Protocols (2) 2-2 A typical message as it appears on the network. Data Link Layer 2-3 Discussion between a receiver and a

577 views • 23 slides
Interprocess Communication (IPC) The characteristics of protocols for communication between

Interprocess Communication (IPC) The characteristics of protocols for communication between

Interprocess Communication (IPC) The characteristics of protocols for communication between processes in a distributed system Exploring the Middleware Layers Applications, services RMI and RPC and Request Reply Protocol Marshalling and

883 views • 64 slides
Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018

1.23k views • 78 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA), CNRS, France Tuesday, September 13th, 2016 Security protocols everywhere ! Cryptographic protocols small programs designed to secure

923 views • 56 slides
Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France joint work with Alexandre Debant and Cyrille Wiedling 1/29 Security protocols everywhere ! Cryptographic protocols small

1.04k views • 56 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique Cortier INRIA project Cassis, Loria CNRS, Nancy, France French/Japanese Symposium on Computer Security - Sept. 6th, 2005 Verification of

605 views • 46 slides
Rewriting in Protocol Verification Stphanie Delaune Univ Rennes, CNRS, IRISA, France Monday,

Rewriting in Protocol Verification Stphanie Delaune Univ Rennes, CNRS, IRISA, France Monday,

Rewriting in Protocol Verification Stphanie Delaune Univ Rennes, CNRS, IRISA, France Monday, June 29th, 2020 1/23 Cryptographic protocols everywhere ! Cryptographic protocols small programs designed to secure communication ( e.g.

900 views • 58 slides
Its not all digital Communication Support Needs Human communication is the effective exchange

Its not all digital Communication Support Needs Human communication is the effective exchange

Its not all digital Communication Support Needs Human communication is the effective exchange of information between two or more people Communication involves two processes: getting messages in: understanding getting messages out:

373 views • 19 slides
Client/Server Computing & link The types of messages exchanged physical The syntax

Client/Server Computing & link The types of messages exchanged physical The syntax

COMP 431 Application-Layer Protocols Internet Services & Protocols Overview application application transport Application-layer protocols define: network Client/Server Computing & link The types of messages exchanged

667 views • 15 slides
Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given

Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given

End-to-End Protocols Underlying best-effort network drop messages Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given message limits messages to some finite size delivers messages after

303 views • 5 slides
CDR Thomas E. Addison Phoenix Indian Medical Center LT Joseph Muroka Haskell Health Center CPE

CDR Thomas E. Addison Phoenix Indian Medical Center LT Joseph Muroka Haskell Health Center CPE

US Public Health Service and U.S. Coast Guard Breakout: Pharmacy II (Evolution of USPHS-Rx for Change: Tobacco Cessation Training for Youth and Young Adults) CDR Thomas E. Addison Phoenix Indian Medical Center LT Joseph Muroka Haskell Health

564 views • 25 slides
2. Federal Courts, Civil Liberties, and Civil Rights 2.1 Structure and Processes of the

2. Federal Courts, Civil Liberties, and Civil Rights 2.1 Structure and Processes of the

2. Federal Courts, Civil Liberties, and Civil Rights 2.1 Structure and Processes of the Judicial System 2.2 The Development of Civil Rights and Civil Liberties by Judicial Implementation 2.3 The Bill of Rights 2.4 Incorporation of the

1.05k views • 69 slides
Case 2:09-cv-00290-NBF Document 772 Filed 01/28/13 Page 1 of 3 IN THE UNITED STATES DISTRICT

Case 2:09-cv-00290-NBF Document 772 Filed 01/28/13 Page 1 of 3 IN THE UNITED STATES DISTRICT

Case 2:09-cv-00290-NBF Document 772 Filed 01/28/13 Page 1 of 3 IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF PENNSYLVANIA CARNEGIE MELLON UNIVERSITY, Plaintiff, v. Civil Action No. 2:09-cv-00290-NBF MARVELL TECHNOLOGY

218 views • 3 slides
user feedback in software evolution Andrew J. Ko with Parmit Chilana based on Ko, A.J. and

user feedback in software evolution Andrew J. Ko with Parmit Chilana based on Ko, A.J. and

user feedback in software evolution Andrew J. Ko with Parmit Chilana based on Ko, A.J. and Chilana, P. (2010). How power users help and hinder open bug reporting. ACM Conference on Human Factors in Computing (CHI). Chilana, P., Ko, A.J.,

964 views • 70 slides
$ BITTORRENT CURRENCY MOVE BUY SUMMER SCHOOL ON REAL-WORLD CRYPTO AND PRIVACY / 9 JUNE 2017

$ BITTORRENT CURRENCY MOVE BUY SUMMER SCHOOL ON REAL-WORLD CRYPTO AND PRIVACY / 9 JUNE 2017

BITMARK OWN Bitmark DISTRIBUTED A universal system for DIGITAL ECONOMY digital property ownership $ BITTORRENT CURRENCY MOVE BUY SUMMER SCHOOL ON REAL-WORLD CRYPTO AND PRIVACY / 9 JUNE 2017 Me My dad Reluctant businessman Estate

543 views • 17 slides
Title of session goes here at the Future of Chemical Regulations for SMEs 14/06/2017 Our

Title of session goes here at the Future of Chemical Regulations for SMEs 14/06/2017 Our

10 Years of REACH Looking Title of session goes here at the Future of Chemical Regulations for SMEs 14/06/2017 Our Speakers Moderator Telmo Vieira Prazeres Malik Duhaut Scientific officer Regulatory Affairs Advisor European Chemical

769 views • 33 slides
Layout and performance of GE1/1 chambers for the CMS muon spectrometer upgrade By Aashaq Shah,

Layout and performance of GE1/1 chambers for the CMS muon spectrometer upgrade By Aashaq Shah,

Layout and performance of GE1/1 chambers for the CMS muon spectrometer upgrade By Aashaq Shah, Ashok Kumar University of Delhi-110007 On behalf of the CMS Muon Group New Perspectives 2019, 10-11 Jun 2019, Fermi National Accelerator Laboratory,

571 views • 11 slides
Saturated fusion systems with parabolic families Silvia Onofrei The Ohio State University AMS

Saturated fusion systems with parabolic families Silvia Onofrei The Ohio State University AMS

Saturated fusion systems with parabolic families Silvia Onofrei The Ohio State University AMS Fall Central Sectional Meeting, Saint Louis, Missouri, 19-21 October 2013 Silvia Onofrei (OSU), Saturated fusion systems with parabolic families

160 views • 12 slides

More recommend