CSP Semantics
description
Transcript of CSP Semantics
CSP SemanticsCSP Semantics
ISA 763ISA 763Security Protocol VerificationSecurity Protocol Verification
We thank Professor Csilla Farkas of USC for providing some We thank Professor Csilla Farkas of USC for providing some transparencies that were used to construct this transparencytransparencies that were used to construct this transparency
CSP SemanticsCSP Semantics 22
ReferencesReferences The Theory and Practice of Concurrency by A. W. The Theory and Practice of Concurrency by A. W.
Roscoe, available at Roscoe, available at web.comlab.ox.ac.uk/oucl/work/bill.web.comlab.ox.ac.uk/oucl/work/bill.roscoeroscoe/publications/6/publications/68b.pdf 8b.pdf
Chapters 4 and 5 of Modeling and analysis of security Chapters 4 and 5 of Modeling and analysis of security protocols by Peter Ryan and Steve Schneider. protocols by Peter Ryan and Steve Schneider.
The FDR2 User Manual available at The FDR2 User Manual available at http://www.fsel.com/documentation/fdr2/html/fdr2manual.http://www.fsel.com/documentation/fdr2/html/fdr2manual.html#SEC_Tophtml#SEC_Top
Formal Systems, FDR download, Formal Systems, FDR download, http://www.fsel.com/http://www.fsel.com/ M. Morgenthal: Design and Validation of Computer M. Morgenthal: Design and Validation of Computer
Protocols, Protocols, http://wwwtcs.inf.tu-dresden.de/~morgen/sem-ws02.htmlhttp://wwwtcs.inf.tu-dresden.de/~morgen/sem-ws02.html
CSP SemanticsCSP Semantics 33
CSP Semantics - 1CSP Semantics - 1 Operational SemanticsOperational Semantics
Interprets the language on an (abstract) machine:Interprets the language on an (abstract) machine: such as the ones used in imperative languages using a such as the ones used in imperative languages using a
program counter, next instruction stack etc.program counter, next instruction stack etc. Denotational SemanticsDenotational Semantics
The language is translated to another abstract domain The language is translated to another abstract domain Translate the basic constructsTranslate the basic constructs Translate the combinators to constructs in the target domainTranslate the combinators to constructs in the target domain Use a compositionality principle to construct the denotation of Use a compositionality principle to construct the denotation of
the whole program from translated partsthe whole program from translated parts Algebraic SemanticsAlgebraic Semantics
Translate the language into a Translate the language into a normal fromnormal from by rewriting by rewriting all programs in that formall programs in that form
Describe how to execute the program in normal formDescribe how to execute the program in normal form
CSP SemanticsCSP Semantics 44
CSP Semantics - 2CSP Semantics - 2 Operational SemanticsOperational Semantics
Interprets the language on an (abstract) machine:Interprets the language on an (abstract) machine: Construct a labeled transition system (LTS)Construct a labeled transition system (LTS)
Denotational SemanticsDenotational Semantics The language is translated to another abstract domain The language is translated to another abstract domain Trace semantics, Failure Divergence SemanticsTrace semantics, Failure Divergence Semantics
Algebraic SemanticsAlgebraic Semantics Translate the language into a Translate the language into a normal fromnormal from by rewriting by rewriting
all programs in that formall programs in that form Proof rulesProof rules
CSP SemanticsCSP Semantics 55
Operational SemanticsOperational Semantics
Labeled transition system (LTS)Labeled transition system (LTS)Nodes:Nodes: state of the process state of the processDirected edges:Directed edges: events events
Visible eventsVisible events Internal transitionsInternal transitions
Recall Trace Refinement:Recall Trace Refinement:S S ⊑⊑TT T T iff iff trace(T) trace(T) trace(S) trace(S)
CSP SemanticsCSP Semantics 66
An example LTSAn example LTS
Image from M. Morgenthal
CSP SemanticsCSP Semantics 77
Another LTS ExampleAnother LTS Example
Image from M. Morgenthal
CSP SemanticsCSP Semantics 88
Connection between LTS ExamplesConnection between LTS Examples
An Implementation of An Implementation of SS as: as: A ||| BA ||| B where where AB = a AB = a b b AB and AB and AC = a AC = a c c AC ACwherewhere AA corresponds to AA corresponds to AB ||| ACAB ||| AC BA corresponds to BA corresponds to bb→ AB ||| AC→ AB ||| AC AC corresponds to AC corresponds to AB||| (c → AC)AB||| (c → AC) BC corresponds to BC corresponds to b → AB||| (c → AC)b → AB||| (c → AC)
CSP SemanticsCSP Semantics 99
AAAA corresponds corresponds to to AB ||| ACAB ||| ACBABA corresponds corresponds to to b→ AB ||| ACb→ AB ||| ACACAC corresponds corresponds to to AB||| (c → AC)AB||| (c → AC)BCBC corresponds corresponds to to b → AB||| (c → b → AB||| (c → AC)AC)
CSP SemanticsCSP Semantics 1010
Traces Refinement CheckTraces Refinement Check
Image from M. Morgenthal
CSP SemanticsCSP Semantics 1111
Trace RefinementsTrace RefinementsAn implementation An implementation refinesrefines the trace of a the trace of a
processprocessHence we would like an implementation to Hence we would like an implementation to
satisfy the specificationsatisfy the specificationWhich properties? Which properties?
For his class, those trace properties used to For his class, those trace properties used to specify security properties.specify security properties.
CSP SemanticsCSP Semantics 1212
Denotational SemanticsDenotational Semantics Recall Trace Semantics for CSP processesRecall Trace Semantics for CSP processes Could not reason the difference between Could not reason the difference between
external choice and internal choiceexternal choice and internal choice Example: consider Example: consider ={a,b} and={a,b} andQ1 Q1 ≡(a→STOP) ≡(a→STOP) □ □ (b→STOP) (b→STOP) Q1 Q1 ≡(a→STOP) ≡(a→STOP) ΠΠ (b→STOP)(b→STOP)Q3 Q3 ≡STOP ≡STOP ΠΠ(a→STOP) (a→STOP) □□(b→STOP)(b→STOP) Refusal set of Q1={}Refusal set of Q1={} Q2 can refuse {a} and {b} but not {a,b}Q2 can refuse {a} and {b} but not {a,b} Q3 can refuse any subset of Q3 can refuse any subset of ..
CSP SemanticsCSP Semantics 1313
Refusal SetsRefusal SetsP1 {c}
{a, c}
{a, b, c} {a, b, c}
P2 {c}
{b, c}
{a, b, c} {a, b, c}
P3 {c}
{b, c} {a, c}
{a, b, c} {a, b, c}
P4 {c}
{b, c} {a, c}
{a, b, c} {a, b, c}
a b
b a
b
a
a b
c c
a b
{b, c}
CSP SemanticsCSP Semantics 1414
Refusal SetsRefusal Sets P1 P1 ≡ (a → b→ STOP) ≡ (a → b→ STOP) □ □ (b → a → STOP)(b → a → STOP)
≡ ≡ (a → STOP) (a → STOP) ||| ||| (b → STOP)(b → STOP)Failure Sets = (<>,{}), (<>,c), Failure Sets = (<>,{}), (<>,c), (<a>, {a,c}), (<ba>,{a,b,c})(<a>, {a,c}), (<ba>,{a,b,c})
P2 ≡ (c→a→STOP)P2 ≡ (c→a→STOP)□□(b→c→STOP)\ c(b→c→STOP)\ c Failure sets ={(<>,X| X Failure sets ={(<>,X| X {b,c}} {b,c}} UU
{(<a>,X),(<b>,X)| {(<a>,X),(<b>,X)| X X {a,b,c}}{a,b,c}} Internal actions introduce nondterminismInternal actions introduce nondterminism
CSP SemanticsCSP Semantics 1515
Refusal SetsRefusal Sets P3 P3 ≡ (a → STOP) ≡ (a → STOP) ΠΠ (b → STOP)(b → STOP) Must accept one of {a} or {b} if both {a,b} Must accept one of {a} or {b} if both {a,b}
are offeredare offered Different from Different from
P1 - must accept either P1 - must accept either P2 - must accept aP2 - must accept a
P4 ≡ (c→a→STOP)P4 ≡ (c→a→STOP)□□(c→b→STOP)(c→b→STOP) After <c> refuses {X|{a,b}⊈X}After <c> refuses {X|{a,b}⊈X} Failure allows us to distinguish between Failure allows us to distinguish between
internal and external choice –traces could internal and external choice –traces could not do this!not do this!
CSP SemanticsCSP Semantics 1616
Failure SemanticsFailure Semantics failure(P)failure(P) = {(s,X)| s = {(s,X)| s∈∈ΣΣ* and P/s does not * and P/s does not
accept any x accept any x∈X}∈X}Failure Refinement:Failure Refinement: P⊑P⊑FFQQ (read Q (read Q
failure refines P) ifffailure refines P) ifftrace(Q) trace(Q) trace(P) andtrace(P) and failure(Q) failure(Q) failure(p)
CSP SemanticsCSP Semantics 1717
DivergenceDivergence pp≡(≡(p.a→p)\{a}p.a→p)\{a} Cannot observe Cannot observe aa externally. externally. Diverges – i.e. looks like a Diverges – i.e. looks like a -loop-loop We do not care what happens after a We do not care what happens after a
process divergesprocess diverges
SS
aa
SS
CSP SemanticsCSP Semantics 1818
Failure and DivergenceFailure and Divergence
Add extra symbol Add extra symbol ✔✔ to to ΣΣ to indicate that the to indicate that the process has terminatedprocess has terminated
Interpretation:Interpretation: ✔✔ is emitted by the process to is emitted by the process to the environment to indicate normal the environment to indicate normal terminationtermination
P P ⇒⇒ss⇒ Q means process P becomes Q⇒ Q means process P becomes QStable State:Stable State: a state that does not a state that does not
accept accept
CSP SemanticsCSP Semantics 1919
Failure and DivergenceFailure and Divergence trace(P)≡{trace(P)≡{s∈ ∈ ΣΣ*U{*U{✔} | } | ∃Q.∃Q.P P ⇒⇒ss⇒ Q}⇒ Q} tracetrace⊥⊥(P)≡{(P)≡{s: (t,X)∈F} is a prefix closed set∈F} is a prefix closed set diveregnce(P)≡{diveregnce(P)≡{s^t|s∈ s^t|s∈ ΣΣ*,*,t∈ t∈ ΣΣ*U{*U{✔✔} }
∃∃Q.Q.P P ⇒⇒ss⇒ Q, Q div}⇒ Q, Q div}Extension closed sets of traces that has an infinite set of actions
failurefailure⊥⊥(P)(P)={(s,X)| s is a trace and X is set ={(s,X)| s is a trace and X is set of actions that can be refused in a of actions that can be refused in a stable state of P}state of P}
CSP SemanticsCSP Semantics 2020
The Failures Divergence ModelThe Failures Divergence Model ⊥⊥ℕℕ=(=(ΣΣ*U{*U{✔}} x ℘( x ℘(ΣΣU{U{✔}), }), ΣΣ*U{*U{✔} )} )
Refers to ( (s, actions: D): Failure, Refers to ( (s, actions: D): Failure, strings: Divergent string )strings: Divergent string )
Any non-empty subset S of Any non-empty subset S of ℕ has an infimum ℕ has an infimum given bygiven by ⊓ ⊓ S =S =( {F|(F,D)⋃( {F|(F,D)⋃ ∈S}, ∈S}, {D |(F,D)⋃ {D |(F,D)⋃ ∈S})∈S})
Supremum of aSupremum of a directed set △ is given by directed set △ is given by ⊔⊔S =S =(∩{F|(F,D)(∩{F|(F,D)∈ △}, ∈ △}, ∩{D |(F,D)∩{D |(F,D)∈ △})∈ △})
Theorem:Theorem: If If ΣΣ is finite then is finite then ((ℕ, ⊑ℕ, ⊑FDFD,, ⊓, ⊔) ⊓, ⊔) is a is a complete partial ordercomplete partial order
CSP SemanticsCSP Semantics 2121
Computing the FD Semantics-1Computing the FD Semantics-1
failuresfailures⊥(STOP)={(<>,X)|XΣΣ*U{*U{✔}} } } divergences(STOP)={}divergences(STOP)={} failuresfailures⊥(SKIP)={(<>,X)|XΣΣ*U{*U{✔}} } } divergences(SKIP)={}divergences(SKIP)={} failuresfailures⊥(a→pa→p)={(<>,X)|a∉X} U U
{(<a>^s,X):a∈ ∈ failuresfailures⊥(P)} divergences(divergences(a→pa→p)= )=
{(<a>^s,X):s∈divergence∈divergence(P)}
CSP SemanticsCSP Semantics 2222
Computing the FD Semantics-2Computing the FD Semantics-2
failuresfailures⊥(?x:A→p→p)={(<>,X)|X∩A={}} U U {(<a>^s,X):a∈ ∈ failuresfailures⊥(P)}
divergences(divergences(?x:A→p?x:A→p)= )= {(<a>^s,X):s∈∈divergence(P[a/x])}
failuresfailures⊥(P⊓Q)=failuresfailures⊥(P) U U failuresfailures⊥(Q) divergences(divergences(P⊓Q)= )=
divergencedivergence(P) U U divergencedivergence(Q)
CSP SemanticsCSP Semantics 2323
Computing the FD Semantics-3Computing the FD Semantics-3 divergences(divergences(P□Q) ) = =
divergencedivergence(P) U U divergencedivergence(Q) failuresfailures⊥(P□Q)={(<>,x)| (<>,x)∈ ∈ failuresfailures⊥(P)∩failuresfailures⊥(Q)}
U {(s,X): s≠<>,(s,X)U {(s,X): s≠<>,(s,X)∈∈failuresfailures⊥(P)UUfailuresfailures⊥(Q)}
U {(s,X):<>U {(s,X):<>∈∈diveregencediveregence(P)UUdiveregencediveregence(Q)}U {(s,X):X U {(s,X):X XΣΣ, <, <✔> )> )∈∈tracetrace⊥(P)U U tracetrace⊥(Q)}
CSP SemanticsCSP Semantics 2424
Computing the FD Semantics-4Computing the FD Semantics-4
divergences(divergences(P||XQ) ) ={u^v|={u^v|ss∈ ∈ tracetrace⊥(P), tt∈∈tracetrace⊥(Q), u∈(s||∈(s||XXt)t)∩ ΣΣ*,*, ss∈∈divergencedivergence(P) or t t∈∈divergencedivergence(Q) }
failuresfailures⊥(P||XQ)={(u,YUZUZ)| u∈ s||∈ s||XXttY\(XU {U {✔})}) = = Z\(XU {U {✔})}) /\ /\s,t (s,Y)s,t (s,Y)∈failures∈failures⊥(P), (t,Z)(t,Z)∈∈failuresfailures⊥(Q)
{(u,Y)|u{(u,Y)|u∈∈diveregencediveregence(P||XQ)}
CSP SemanticsCSP Semantics 2525
Computing the FD Semantics-5Computing the FD Semantics-5 divergences(divergences(P\X) ) = =
{(s\X)^t| ss∈∈divergencedivergence(P)} U {(u\X)^t| u{(u\X)^t| u∈∈ΣΣ /\ (u\x) is finite /\ /\ (u\x) is finite /\
∀∀s< u, s∈traces< u, s∈trace⊥(P)(P)} failuresfailures⊥(P\X)=
{(s\X,Y)| (s,Y(s,YUXUX))∈failures∈failures⊥(P)} U
{(s,X)|s{(s,X)|s∈∈diveregencediveregence(P\X)}
CSP SemanticsCSP Semantics 2626
Deterministic ProcessesDeterministic Processes A process is said to be A process is said to be deterministicdeterministic if if 1.1. t^<a>t^<a>∈∈tracetrace(P) ⇒ (t,{a})∉(P) ⇒ (t,{a})∉failure(P)failure(P)2.2. divergence(P) ={}divergence(P) ={} That is, never diverges and do not have the That is, never diverges and do not have the
choice of accepting and refusing an actionchoice of accepting and refusing an action Deterministic processes are the maximal Deterministic processes are the maximal
elements under elements under ⊑⊑FDFD Example:Example: (a (a→STOP)□(a→a→STOP) is non-→STOP)□(a→a→STOP) is non-
deterministicdeterministic
CSP SemanticsCSP Semantics 2727
Deterministic Processes and LTSDeterministic Processes and LTS
Two nondeterministic LTS whose behavior Two nondeterministic LTS whose behavior is deterministicis deterministic
aa a
a
CSP SemanticsCSP Semantics 2828
Abstraction - 1Abstraction - 1Abstraction = hide detailsAbstraction = hide detailsExample:Example: many-to-one renamingmany-to-one renaming
[(a[(a→c→→c→STOPSTOP)□(b→d→)□(b→d→STOPSTOP)] [[b/a]])] [[b/a]]= (a→c→STOP) □(a→d→= (a→c→STOP) □(a→d→STOPSTOP)] )] = a→( (c→= a→( (c→STOPSTOP)⊓(d→)⊓(d→STOPSTOP) ) ) ) Eager abstractionEager abstraction: hiding operator: hiding operatorℰℰHH(P)=(P)=p\H – assumes that events in H p\H – assumes that events in H
pass out of sightpass out of sight
CSP SemanticsCSP Semantics 2929
Abstraction - 2Abstraction - 2Lazy abstractionLazy abstraction: Projection of P into L: Projection of P into LℒℒHH(P)= P@L= (P)= P@L=
{(s\H,X)|(s,X∩L)∈ failures{(s\H,X)|(s,X∩L)∈ failures⊥(P)} Example: L={l1,l2}, H={h}
P ≡ (l1→P) □ (l2→h→P) □ (h→P) →P) □ (l2→h→P) □ (h→P) ℒℒHH(P)= Q (P)= Q ≡ (l1→Q) □ l2→(STOP⊓Q) →Q) □ l2→(STOP⊓Q)
Finite traces of Finite traces of ℒℒHH(P) are precisely {s\(P) are precisely {s\H| s ∈ tracesH| s ∈ traces(P)}
CSP SemanticsCSP Semantics 3030
CasperCasperCompilerCompilerEasy to specify protocols and security Easy to specify protocols and security
propertiespropertiesE.g., Yahalom protocolE.g., Yahalom protocol
Input: 1 page protocol and security spec.Input: 1 page protocol and security spec.Output (CSP): 10 pagesOutput (CSP): 10 pages
CSP SemanticsCSP Semantics 3131
Casper Casper Protocol Definition: Protocol Definition:
protocol operation, including protocol operation, including messages between the agents, messages between the agents, tests performed by the agents, tests performed by the agents, types of data, types of data, initial knowledge, initial knowledge, specification of the protocol’s goals, specification of the protocol’s goals, algebraic equivalences over the typesalgebraic equivalences over the types
Components:Components: Protocol descriptionProtocol description Free variablesFree variables ProcessesProcesses SpecificationSpecification
CSP SemanticsCSP Semantics 3232
Casper Casper System definition:System definition: actual system to be actual system to be
checked, including agents, their roles, checked, including agents, their roles, actual data types, intruder’s abilitiesactual data types, intruder’s abilities
Components:Components:Actual variablesActual variablesFunctionsFunctionsSystemSystem Intruder informationIntruder information
CSP SemanticsCSP Semantics 3333
Protocol DescriptionProtocol Description
Image from M. Morgenthal
CSP SemanticsCSP Semantics 3434
Free VariablesFree Variables
Image from M. Morgenthal
CSP SemanticsCSP Semantics 3535
ProcessesProcesses
Image from M. Morgenthal
CSP SemanticsCSP Semantics 3636
SpecificationSpecification
Image from M. Morgenthal
CSP SemanticsCSP Semantics 3737
System specs: VariablesSystem specs: Variables
Image from M. Morgenthal
CSP SemanticsCSP Semantics 3838
System specs: Functions System specs: Functions
Image from M. Morgenthal
CSP SemanticsCSP Semantics 3939
System specs: The System System specs: The System
Image from M. Morgenthal
CSP SemanticsCSP Semantics 4040
System specs: The IntruderSystem specs: The Intruder
Image from M. Morgenthal