Lecture 4 1 Honnor Projects Supervised by Catuscia Palamidessi The  -calculus, a small language for specification and verification of concurrency and.

Slides:

Advertisements

Similar presentations

1 Concurrency: Deadlock and Starvation Chapter 6.

Advertisements

Security attacks. - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to.

Operating System Security

Operating Systems Lecture Notes Deadlocks Matthew Dailey Some material © Silberschatz, Galvin, and Gagne, 2002.

Concurrency: Deadlock and Starvation Chapter 6. Deadlock Permanent blocking of a set of processes that either compete for system resources or communicate.

Paris, 3 Dec 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 12 Probabilistic process calculi Catuscia Palamidessi LIX, Ecole Polytechnique.

Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.

Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.

Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, University of Bologna - Italy.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

Digital Signatures and Hash Functions. Digital Signatures.

Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lecture 4 1 Expressing Security Properties in CSP Security properties: the goals that a protocol is meant to satisfy, relatively to specific kinds and.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi

Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Randomized and Quantum Protocols in Distributed Computation Michael Ben-Or The Hebrew University Michael Rabin’s Birthday Celebration.

Chapter 7 – Deadlock and Indefinite Postponement

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Modelling and Analysing of Security Protocol: Lecture 12 Probabilistic Modelling Checking of Anonymous Systems Tom Chothia CWI.

School of Information Technology Centre for Software Assurance Enabling Security Testing from Specification to Code Shane Bracher and Padmanabhan Krishnan.

CS 603 Dining Philosopher’s Problem February 15, 2002.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Chapter 10: Authentication Guide to Computer Network Security.

ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)

Probabilistic Methods in Concurrency Lecture 4 Problems in distributed systems for which only randomized solutions exist Catuscia Palamidessi

11 February CdP INRIA Futurs Catuscia Palamidessi INRIA Saclay.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

Lecture 8 e-money. Today Secure Electronic Transaction (SET) CyberCash On line payment system using e-money ECash NetCash MilliCent CyberCoin.

CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1

Security protocols and their verification Mark Ryan University of Birmingham Midlands Graduate School University of Birmingham April 2005 Steve Kremer.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

10 December 2002ENS Cachan1 Generalized dining philosophers Catuscia Palamidessi, INRIA in collaboration with Mihaela Oltea Herescu, IBM Michael Pilquist,

Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)

CS 367: Model-Based Reasoning Lecture 5 (01/29/2002) Gautam Biswas.

MPRI – Course on Concurrency Probabilistic methods in Concurrency Catuscia Palamidessi INRIA Futurs and LIX

The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Csci5233 computer security & integrity 1 Cryptography: an overview.

6 June Lecture 2 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State University,

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Lab 3-5 Debrief.

Probabilistic Anonymity Mohit Bhargava, IIT New Delhi Catuscia Palamidessi, INRIA Futurs & LIX.

Probabilistic and Nondeterministic Aspects of Anonymity Catuscia Palamidessi, INRIA & LIX Based on joint work with Mohit Bhargava, IIT New Delhi Kostas.

Paris, 17 December 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 14 Application of probabilistic process calculi to security Catuscia.

Verification of Security Protocols Lecture 0: admin Sandro Etalle.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Lecture 11: Synchronization (Chapter 6, cont)

Operating Systems CSE 411 CPU Management Dec Lecture Instructor: Bhuvan Urgaonkar.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

6 June Lecture 3 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State university,

Introduction to Network Systems Security Mort Anvari.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

Probabilistic Methods in Concurrency Lecture 6 Progress statements: A tool for verification of probabilistic automata Catuscia Palamidessi

6 October PPDP / GPCE 2002 Mobile Calculi Catuscia Palamidessi, INRIA Futurs, France joint work with Mihaela Herescu, IBM, Austin for Distributed.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

16 January 2004LIX1 Equipe Comète Concurrency, Mobility, and Transactions Catuscia Palamidessi INRIA-Futurs and LIX.

Classical IPC Problems

Cryptography: an overview

Cryptography: an overview

Formal Methods for Security Protocols

Security attacks.

2.4 Classic IPC Problems Dining philosophers Readers and writers

Expressing Security Properties in CSP

Cryptography: an overview

Presentation transcript:

Lecture 4 1 Honnor Projects Supervised by Catuscia Palamidessi The  -calculus, a small language for specification and verification of concurrency and mobility The generalized dining philosophers, a paradigm for resource allocation The spi-calculus, a small language for specification and verification of security protocols

Lecture 4 2 Project 1: The  -calculus Completed. With Shawna Daigle Implementation of (a fragment of) the  - calculus, a small language for specification and verification of concurrent process which communicate via mobile links

Lecture 4 3 The  -calculus   Example of link mobility   Representation of systems whose Connection structure changes over time

Lecture 4 4 Prj.2: Generalized Dining Philosophers Current project. With Michael Pilquist The problem: coordinate the activity of several processes (philosophers), who share common resources (forks), and need more than one resource to perform a certain activity (eat). We want to avoid deadlock and starvation Generalized means that a philosopher can need more than two forks and that a fork can be shared by more than two philosophers

Lecture 4 5 Dining Philosophers: classic case Each fork is shared by exactly two philosophers

Lecture 4 6 Dining Philosophers: deadlock Each philosopher is holding one fork

Lecture 4 7 Dining Philosophers: generalized case Each fork can be shared by more than two philosophers

Lecture 4 8 Project 3: The spi-calculus Current project. With Jennifer McCord Investigation of the spi-calculus, a small language to express and verify security protocols and their properties, like Secrecy messages, keys, etc. remain secret Authentication guarantees about the parties involved in the protocol Non-repudiation evidence of the involvement of the other party Anonymity protecting the identity of agents wrt particular events Formal tools for automatic verification

Lecture 4 9 Example: The dining cryptographers Crypt (0) Crypt (1) Crypt (2) Master pays.0notpays.0 An example of achieving anonymity

Lecture 4 10 The dining cryptographers The Problem: Three cryptographers share a meal The meal is paid either by the organization (master) or by one of them. The master decides who pays Each of the cryptographers is informed by the master whether or not he is paying GOAL: The cryptographers would like to know whether the meal is being paid by the master or by one of them, but without knowing who is paying (if it is one of them).

Lecture 4 11 The dining cryptographers: Solution Solution: Each cryptographer tosses a coin. Each coin is in between two cryptographers. The result of each coin-tossing is visible to the adjacent cryptographers, and only to them. Each cryptographer examines the two adjacent coins If he is paying, he announces “agree” if the results are the same, and “disagree” otherwise. If he is not paying, he says the opposite Claim: if the number of “disagree” is even, then the master is paying. Otherwise, one of them is paying. In the latter case, the non paying cryptographers will not be able to deduce whom exactly is paying

Lecture 4 12 The dining cryptographers: Solution Crypt (0) Crypt (1) Crypt (2) Master Coin( 2) Coin (1) Coin (0) pays.0notpays.0 look.2.0 out.1