verification of the session management protocol
play

Verification of the Session Management Protocol A Formal Methods - PowerPoint PPT Presentation

Mar 04, 2023 •372 likes •648 views

Verification of the Session Management Protocol A Formal Methods Case Study Karl Palmskog School of Computer Science and Communication Royal Institute of Technology 2006-11-02 Karl Palmskog Verification of the Session Management Protocol

  1. Verification of the Session Management Protocol A Formal Methods Case Study Karl Palmskog School of Computer Science and Communication Royal Institute of Technology 2006-11-02 Karl Palmskog Verification of the Session Management Protocol

  2. Goals ◮ Examplify formal methods for verification of software ◮ Report on the verification of the Session Management Protocol ◮ Highlight the view of concurrency as interaction Karl Palmskog Verification of the Session Management Protocol

  3. Formal Methods: An Example The mutual exclusion problem for the concurrent processes P 0 and P 1 using shared memory: ◮ Each process wants to access a shared resource, but both processes must not get access simultaneously ◮ A process using the resource is in its “critical section” Karl Palmskog Verification of the Session Management Protocol

  4. Formal Methods: An Example Peterson’s algorithm for mutual exclusion bool b 0 := false ; bool b 1 := false ; int k := 0; P 0 : P 1 : while true do while true do � noncritical section � ; � noncritical section � ; b 0 := true ; b 1 := true ; k := 1; k := 0; await ( ¬ b 1 ∨ k = 1); await ( ¬ b 0 ∨ k = 0); � critical section � ; � critical section � ; b 0 := false ; b 1 := false ; end while end while Karl Palmskog Verification of the Session Management Protocol

  5. Formal Methods: An Example How can we convince ourselves that this algorithm works? ◮ By inspection? ◮ By implementing and testing it? ◮ By proving it correct? Karl Palmskog Verification of the Session Management Protocol

  6. Formal Methods: An Example General formal methods methodology 1. Understand the program 2. Model the program in a suitable formalism 3. Specify the correctness of the program 4. Prove that the model satisfies the specification Karl Palmskog Verification of the Session Management Protocol

  7. Formal Methods: An Example Peterson’s algorithm as a communication protocol ◮ P 0 and P 1 exchange messages with a memory process P m ◮ Variable names are message types ◮ Values are message content ◮ Writing a variable means sending a message to P m ◮ Reading a variable means receiving a message from P m Karl Palmskog Verification of the Session Management Protocol

  8. Formal Methods: An Example Promela model mtype = { b0,b1,k } ; bool proc0InCrit = false ; bool proc1InCrit = false ; chan mem0 = [0] of { mtype , bit } ; chan mem1 = [0] of { mtype , bit } ; run Memory(mem0, mem1, false , false , 0); run Process0(mem0); run Process1(mem1); Karl Palmskog Verification of the Session Management Protocol

  9. Formal Methods: An Example proctype Process0( chan mem) { proctype Process1( chan mem) { BEGIN: BEGIN: mem!b0, true ; mem!k,1; mem!b1, true ; mem!k,0; do do :: mem?b1, false ; break ; :: mem?b0, false ; break ; :: mem?b1, true ; :: mem?b0, true ; :: mem?k,0; break ; :: mem?k,0; :: mem?k,1; :: mem?k,1; break ; od ; od ; proc0InCrit = true ; proc1InCrit = true ; proc0InCrit = false ; proc1InCrit = false ; mem!b0, false ; mem!b1, false ; goto BEGIN; goto BEGIN; } } Karl Palmskog Verification of the Session Management Protocol

  10. Formal Methods: An Example Correctness of Peterson’s algorithm “For all executions, there are no states where both proc0InCrit and proc1InCrit have assumed the value true .” In Linear Temporal Logic: � ( ¬ ( p0c ∧ p1c )) where #define p0c proc0InCrit == true #define p1c proc1InCrit == true Karl Palmskog Verification of the Session Management Protocol

  11. Session Layer Resurgence Problem situation ◮ Demand for new network services ◮ Aging Internet architecture ◮ Need to handle mobility and nomadicity ◮ Lots of extensions of TCP/IP: MIP, HIP, IPSec, . . . Proposed solution ◮ Adopt a more flexible view of the protocol stack ◮ Introduce new functionality at the session layer ◮ Use event-driven reconfiguration and state management Karl Palmskog Verification of the Session Management Protocol

  12. Session Layer Resurgence Karl Palmskog Verification of the Session Management Protocol

  13. Session Layer Resurgence Session layer components ◮ Event collector/dispatcher ◮ Preferences/rules database ◮ Socket rebind extension ◮ Session API ◮ TCP state controller ◮ Session Management Protocol (SMP) Karl Palmskog Verification of the Session Management Protocol

  14. Session Layer Resurgence Session-enabled Session-enabled Legacy application application application Session Management API Session Management Protocol Event collector Rebind-enhanced socket API and dispatcher TCP state Preferences and controller rules database Rebind across Transport layer protocols the stack Network layer protocols Karl Palmskog Verification of the Session Management Protocol

  15. Session Layer Resurgence Session Management Protocol ◮ Data integrity for sessions ◮ Keep track of communication state ◮ Send and and receive context updates Karl Palmskog Verification of the Session Management Protocol

  16. Session Layer Resurgence SMP channels and message types ◮ Data channel ◮ data — application data ◮ checkpoint — communication state data ◮ Control channel ◮ resume — request session resumption ◮ resume ok — confirm session resumption ◮ resume denied — deny session resumption ◮ suspend — sender has suspended Karl Palmskog Verification of the Session Management Protocol

  17. Session Layer Resurgence State machine T19 T1: Network lost T8 T2: User suspends; send suspend T3: Received resume; rebind SUSPENDED T4: Received suspend T5: User suspends T6: Received resume T2 T9 T7: Network changed T5 T4 T8: Received resume; send resume_denied ACTIVE T9: User resumes T7 T1 T10: Sent resume_ok; rollback T3 T11: Failed to send resume_ok T13 T11 READY_RESUME T12: Sent resume T12 T13: Failed to send resume T10 T6 T14: Received resume_ok T15: Received resume_denied T17 T16 T18 T15 T16: Network changed; rebind T17: Received resume; initiator SENT_RESUME T18: Received resume; not initiator T14 T19: Network lost; change interface Karl Palmskog Verification of the Session Management Protocol

  18. Verification of SMP Starting point ◮ Verify the checkpoint mechanism ◮ Lets endpoints know where to resume ◮ Limited scope, well-defined protocol ◮ Important for the correctness of SMP Karl Palmskog Verification of the Session Management Protocol

  19. Verification of SMP Prerequisites A , B : network endpoints S A , S B : sequences of words of data S i A : the i th word of a sequence ◮ Goal for A : transfer all words in S A to B , in order ◮ Goal for B : transfer all words in S B to A , in order Service provisions The purpose is to let A and B continually agree on at least one tuple � i , j � , such that: B , . . . , S j − 1 ◮ A has received S 0 B , S 1 properly B A , . . . , S i − 1 ◮ B has received S 0 A , S 1 properly A Karl Palmskog Verification of the Session Management Protocol

  20. Verification of SMP Environmental assumptions ◮ Executed in the context of an established session ◮ Endpoints use buffered, reliable data channels ◮ Disconnection is not possible Procedure rules ◮ Same for both endpoints ◮ Maintain acknowledged and pending checkpoints/tuples ◮ After filling up the buffer, create a new checkpoint ◮ Send checkpoint message with checkpoint id and number of bytes sent/received ◮ Do not create checkpoints until a reply has been received ◮ Update checkpoint definition using reply data Karl Palmskog Verification of the Session Management Protocol

  21. Verification of SMP Safety specification “The endpoints always have a checkpoint in common”: � (( ak → ( akSn ∧ akRc )) ∧ ( akPn → ( akPnSn ∧ akPnRc )) ∧ ( pnAk → ( pnAkSn ∧ pnAkRc )) ∧ (( ak ∧ ¬ akPn ∧ ¬ pnAk ) ∨ ( ¬ ak ∧ akPn ∧ ¬ pnAk ) ∨ ( ¬ ak ∧ ¬ akPn ∧ pnAk ))) Liveness specification “Endpoints always eventually reach a state from which they can receive and send data”: ( � ♦ inAct ) ∧ ( � ♦ ninAct ) Karl Palmskog Verification of the Session Management Protocol

  22. Verification of SMP Promela model mtype = { data,cp } ; typedef dataMsg { mtype type; byte cpId; byte cpSent; byte cpRecd; } chan point1Recv = [queueSize] of { dataMsg } ; chan point2Recv = [queueSize] of { dataMsg } ; run Endpoint(point1Recv, point2Recv, 0); run Endpoint(point2Recv, point1Recv, 1); Karl Palmskog Verification of the Session Management Protocol

  23. Verification of SMP Correcting the protocol ◮ Only the connection initiator can send checkpoint requests ◮ Needs to know session data buffer size of peer ◮ Only one stream position field in checkpoint message Verification results ◮ Exhaustive verification with partial-order reduction ◮ No counterexamples found ◮ Without compression, would use 10-20 GB of memory Karl Palmskog Verification of the Session Management Protocol

  24. Verification of SMP State machine correctness ◮ Safety: if a session is resumed, it is resumed properly ◮ Liveness: there are no deadlocks State machine model ◮ Add control channels and states to checkpoint protocol model ◮ Use Promela ’s channel over channel feature for mobility ◮ Protocol changes during rollback due to checkpoint error Verification results ◮ Exhaustively verified for some parameters ◮ Many partial state-space searches Karl Palmskog Verification of the Session Management Protocol

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verification of the Session Management Protocol Masters Project in Computer Science Karl

Verification of the Session Management Protocol Masters Project in Computer Science Karl

Verification of the Session Management Protocol Masters Project in Computer Science Karl Palmskog Supervisor: Mads Dam Examiner: Johan H astad Commissioned by Yuri Ismailov at Ericsson AB 2006-11-08 Karl Palmskog Verification of the

488 views • 15 slides
Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message

Session Initiation Protocol (SIP) The Session Description Protocol The Most Common Message Body Session information describing the media to be exchanged between the parties SDP, RFC 2327 (initial publication) A number of

671 views • 21 slides
MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan (Slides from A.D. Gordon and C. Fournet) Spring, 2014 Outline of Lectures Lecture 1 (Jan 22, Today) Intro to Verified Protocol Implementations

1.32k views • 112 slides
Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug

Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug

Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug Emina Michael Arvind Zachary Weitz Woos Torlak D. Ernst Krishnamurthy Tatlock The Border Gateway Protocol The Border Gateway Protocol AS AS

645 views • 29 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Protocol Verification using Flows: An Industrial Experience Murali Talupur Joint work with John

Protocol Verification using Flows: An Industrial Experience Murali Talupur Joint work with John

Protocol Verification using Flows: An Industrial Experience Murali Talupur Joint work with John O Leary, Mark R. Tuttle SCL, Intel Corp Parametric Verification using Flows P A True or Cex P(N) Model Check Abstract Last year we

479 views • 32 slides
Internet Technology 5/6/2016 Session Initiation Protocol (SIP) Dominant protocol for Voice

Internet Technology 5/6/2016 Session Initiation Protocol (SIP) Dominant protocol for Voice

Internet Technology 5/6/2016 Session Initiation Protocol (SIP) Dominant protocol for Voice over IP (VoIP): RFC 3261 Allows a call to be established between multiple parties Notify a callee of a call request Agree on media encodings

300 views • 8 slides
Title: Formal Specification and Verification of a Communication Protocol (temporary) Author:

Title: Formal Specification and Verification of a Communication Protocol (temporary) Author:

Title: Formal Specification and Verification of a Communication Protocol (temporary) Author: Hojung Bang Affiliation: KAIST Address: 373-1, Kuseong-dong, Yuseong-gu, Daejeon, 305-701, Korea Abstract: In this paper, we summarized our experience

285 views • 6 slides
Formal verification of the implementation of the MQTT protocol in IoT devices Kristiyan Mladenov

Formal verification of the implementation of the MQTT protocol in IoT devices Kristiyan Mladenov

Formal verification of the implementation of the MQTT protocol in IoT devices Kristiyan Mladenov University of Amsterdam Faculty of Physics, Mathematics and Informatics MSc System and Network Engineering Research Project 2 July 3, 2017 1 /

476 views • 33 slides
1 Use second form Sample Protocol Goals Given set of traces Authenticity: who sent it?

1 Use second form Sample Protocol Goals Given set of traces Authenticity: who sent it?

TECS Week 2005 Analysis Techniques Protocol Verification by the Inductive Method Crypto Protocol Analysis Dolev-Yao Formal Models Computational Models (perfect cryptography) Random oracle Probabilistic process calculi John Mitchell

63 views • 4 slides
The Session Description Protocol The Most Common Message Body Be session information

The Session Description Protocol The Most Common Message Body Be session information

The Session Description Protocol The Most Common Message Body Be session information describing the media to be exchanged between the parties SDP, RFC 2327 (initial publication) SIP uses SDP in an answer/offer mode. An agreement

690 views • 49 slides
Protocol-based Verification of Message-passing Parallel Programs Hugo A. L opez, Eduardo R. B.

Protocol-based Verification of Message-passing Parallel Programs Hugo A. L opez, Eduardo R. B.

t i f a r c A t * C o m * p l * t e n t e A e t * A s i W s E n L e o l C l S C D P * o * c O e s u u m E O e R e n v o t t d e * y s * a a E d l u e a t Protocol-based

543 views • 37 slides
Session Initiation Protocol Jouni Soitinaho 1 Jso_SIP_v2.PPT/ 05.04.2001/ Jouni Soitinaho

Session Initiation Protocol Jouni Soitinaho 1 Jso_SIP_v2.PPT/ 05.04.2001/ Jouni Soitinaho

Session Initiation Protocol Jouni Soitinaho 1 Jso_SIP_v2.PPT/ 05.04.2001/ Jouni Soitinaho Contents Protocol Development Protocol Basics Expandability Extension Examples Application areas Conclusions 2

617 views • 26 slides
Risk Management System based on FIX protocol CSEE 4840 Final Report Kaixi Ji (kj2330) Modi Yan

Risk Management System based on FIX protocol CSEE 4840 Final Report Kaixi Ji (kj2330) Modi Yan

Risk Management System based on FIX protocol CSEE 4840 Final Report Kaixi Ji (kj2330) Modi Yan (my2408) 1. Overview Financial Information eXchange (FIX) protocol is intended for information security transactions in markets. FIX session is used

783 views • 55 slides
Improvised Explosive Devices 2018 Session of the Group of Experts CCW Amended Protocol II

Improvised Explosive Devices 2018 Session of the Group of Experts CCW Amended Protocol II

Directorate of Mine Action Coordination (DMAC) State Ministry for Disaster Management and Humanitarian Affairs Improvised Explosive Devices 2018 Session of the Group of Experts CCW Amended Protocol II Mohammad Shafiq Yosufi Director, DMAC

338 views • 22 slides
MPRI 2-30: ! Automated Verification of ! Cryptographic Protocol Implementations K Bhargavan (Slides

MPRI 2-30: ! Automated Verification of ! Cryptographic Protocol Implementations K Bhargavan (Slides

MPRI 2-30: ! Automated Verification of ! Cryptographic Protocol Implementations K Bhargavan (Slides from A.D. Gordon and C. Fournet) Spring, 2014 TLS Handshakes ''''''ClientHello''''''''''''''''''99999999>'

744 views • 73 slides
Pictures/articles The Global Waste Problem Ban on single-use plastic items approved by European

Pictures/articles The Global Waste Problem Ban on single-use plastic items approved by European

Pictures/articles The Global Waste Problem Ban on single-use plastic items approved by European Parliament Press for link Canada to ban single use plastics as early as 2021 Press for link Nestle is aiming at 100% recyclable or reusable

142 views • 10 slides
Jingle Bell Jukebox . . . The Flip Side!: A Presentation of Holiday Hits Arranged for 2-Part

Jingle Bell Jukebox . . . The Flip Side!: A Presentation of Holiday Hits Arranged for 2-Part

Jingle Bell Jukebox . . . The Flip Side!: A Presentation of Holiday Hits Arranged for 2-Part Voices (Teacher's Handbook) Click here if your download doesn"t start automatically Jingle Bell Jukebox . . . The Flip Side!: A Presentation of

277 views • 5 slides
El Salvador Mission Trip Episcopal Diocese of Massachusetts June 16 to 26, 2007 1 El Salvador

El Salvador Mission Trip Episcopal Diocese of Massachusetts June 16 to 26, 2007 1 El Salvador

El Salvador Mission Trip Episcopal Diocese of Massachusetts June 16 to 26, 2007 1 El Salvador Land area and population similar to Massachusetts History of civil unrest, a large and disenfranchised poor population, and limited

504 views • 46 slides
Managing Your Message Gena Cook Keller Virginia Department of Education Coordinator of

Managing Your Message Gena Cook Keller Virginia Department of Education Coordinator of

Leading Change Managing Your Message Gena Cook Keller Virginia Department of Education Coordinator of Professional Learning @gckeller1230 gena.keller@doe.virginia.gov June 26, 2017 Virginia Association of Secondary School Principals

228 views • 20 slides
Memphis Walks Shelby Co. Health Department, Office of Sustainability; Livable Memphis; Crosstown

Memphis Walks Shelby Co. Health Department, Office of Sustainability; Livable Memphis; Crosstown

Memphis Walks focus is on improving quality of life by supporting improved walkability, promoting increased physical activity, safer communities, and social cohesion via walking, (all with measured results.) University partners: Depts. of

348 views • 8 slides
MEMPHIS ENERGY FUTURE Public power and the 21st century utility in Memphis 2 ABOUT SACE The

MEMPHIS ENERGY FUTURE Public power and the 21st century utility in Memphis 2 ABOUT SACE The

1 MEMPHIS ENERGY FUTURE Public power and the 21st century utility in Memphis 2 ABOUT SACE The Southern Alliance for Clean Energy promotes responsible energy choices to ensure clean, safe and healthy communities throughout the Southeast. 3

187 views • 16 slides
Victorian Village Inc exists to create a vibrant diverse urban neighborhood that treasures our

Victorian Village Inc exists to create a vibrant diverse urban neighborhood that treasures our

Victorian Village Inc exists to create a vibrant diverse urban neighborhood that treasures our architectural heritage and builds a community that is safe, clean, and prosperous. Development Planning Community Outreach Partnerships Scott

188 views • 14 slides
Car arl J J. P Perso son Customized S Solutions C s Compan any Aperso son2perso son

Car arl J J. P Perso son Customized S Solutions C s Compan any Aperso son2perso son

Car arl J J. P Perso son Customized S Solutions C s Compan any Aperso son2perso son Consu sulting F Firm 901. 1.212. 212.515 151 www.customizedsolutions4y 4you.com Rearview Mirror vs Windshield Accountability IIA Memphis Chapter

288 views • 18 slides

More recommend