Internet Security CSCE 813 Communicating Sequential Processes

CSCE Farkas2 Project Related Work Need to know by now: – What is the problem domain? – What is the specific problem you’re addressing? – What solutions are out there (if there is any)? – What are the limitations of these solutions? – How your proposed approach overcome some of these limitations?

CSCE Farkas3 Related Work Format: 1. Problem Overview 2. Related work 2.1 Research on problem domain 2.2 Research on specific problem 2.3 Limitation of existing research References

CSCE Farkas4 Related Work Organize existing work into categories, e.g., on what specific problem they solve, what is the nature of the proposed solution, etc. Don’t just list the different papers in a sequential order! Briefly explain what problems they address and what the main contributions are. Be critical!

CSCE Farkas5 References Be precise! Use full references, with authors, title, where it was published, when, and the page numbers If you supply URLs, list when the URL was downloaded Organize references in alphabetical order Use one of the accepted bibliography format See mat/Bibliography%20Format.htm for more formatting on references mat/Bibliography%20Format.htm

Back to CSP

CSCE Farkas7 Reading Today: – Modelling and analysis of security protocols: Chapter 1 Next Class: – Modelling and analysis of security protocols: Chapter 1 and 2

CSCE Farkas8 CSP Objectives Model dynamics Model and analyze concurrency – E.g., calculation intensive systems, distributed applications Support parallelism

CSCE Farkas9 Prefix Offering a single action Offering of choice: any set of visible actions – If A  , ?x : A → P(x) represent all the actions in A – x is the parameter of P -- parameters can be used in events or manipulated – When a  A is chosen, it behaves like P(a)

CSCE Farkas10 Choice Operator Choice operator:  – Gives the option between the actions of two processes then – Behaves like the one chosen Revisit: if A = B  C then ?x : A → P(x) = (?x : B → P(x))  (?x : C → Q(x) ) If B and C are disjoint: together they give all the choices in A What happens if B and C overlap?

CSCE Farkas11 Non-Deterministic Choice P  Q – behaves like P or like Q – User has no control over which – Can be implemented using two internal actions – Implementer is not required to implement this way (can choose either P or Q or (P or Q)) Useful for model degree of unpredictability, like communication medium that transmits data correctly or loose it.

CSCE Farkas12 Time-Based Choice P  t Q – Chose choices offered by P for t time units and – If nothing is chosen, it behaves like Q Similar traces than other choice if no time is recorded Can be P  Q where t is non-deterministic

CSCE Farkas13 Conditional Choice If-then-else Choice is based on condition – if b then P else Q Example: FW(s) = in?x → (if valid(x,s) then out!x → FW(newstate(s,x)) else FW(newstate(s,x)) ) Revisit non-deterministic machine: NDM = in?x → (NDM  out!x → NDM)

CSCE Farkas14 Parallel Operators Put sequential processes parallel System state: state of each component – Number of possible states increases exponentially with the size of the network How to put processes together for parallel network? How to check whether such a network satisfies a specification?

CSCE Farkas15 Parallel Combination Just an other process to which any of the previous operators can be applied. Each parallel process is equivalent to a sequential one (with infeasibly large number of states) CSP processes influence each other by affecting what communications they can perform.

CSCE Farkas16 Parallel Combination Synchronize all visible actions – P || Q can perform a   only when P and Q can – (?x : A → P(x)) || (?x : B → Q(x)) = ?x : A  B → (P(x) || Q(x))

CSCE Farkas17 Parallel Combinations Interfaces parallel operator: P || X Q – Synchronize all events in X Example: – P = ?x : A → P’(x) – Q = ?x : B → Q’(x) – P || X Q = ?x : X  A  B → (P’(x) || Q’(x))  ?x : A \ X → (P’(x) || X Q)  ?x : B \ X → (P|| X Q’(x))

CSCE Farkas18 General Interleaving P ||| Q when P || Ø Q P and Q use disjoint sets of events

CSCE Farkas19 Alphabet Controlled P X || Y Q Each process is given control of a particular set of events No process is ever permitted to communicate outside of its own alphabet Interface between two processes: intersection of their alphabet

CSCE Farkas20 Use of Parallel Operators Achieve a particular overall behavior For example, build constraints on traces – P || X Q, where P is any process, and all Q’s processes belong to X => P is only allowed to do things in X that Q permits. – E.g., example on page 54

CSCE Farkas21 Hiding and Renaming Hiding: – Internal details are not visible to outsiders – If X in  and P is a process than P \ X behaves like P but all events in X are hidden (turned into invisible actions) Renaming: – Alphabet replacement (relation) – P[[R]] behaves like P but all visible events a from P are renamed by whatever R associates a with – Use to make copies – e.g., P [[ a,a / b,c ]] – both b and c are mapped to a – e.g., P [[ b,c / a,a ]] – both a is mapped to b and c (offers the choice of b and c to the environment but the state after either of these choices is the same

CSCE Farkas22 Additional operators Sequential composition P ; Q – Does whatever P does until terminates and then does what Q does Process Skip : successful termination – Special event:  -- always the final event – e.g., a → b → Skip, terminates successfully after events a and b – e.g., (a → Skip) ; P same external behavior as a → P

CSCE Farkas23 CSP Operators Stopprocess does nothing a → Pevent prefix ?x:A → Pevent prefix choice P  Qchoice between two processes P  Qnondeterministic choice P || Qlockstep parallel P || X Qinterface parallel P X || Y Qsynchronizing parallel

CSCE Farkas24 CSP Operators P \ Xevent hiding P[[R]] process relation renaming Skip successful termination P ; Qsequential composition

CSCE Farkas25 Process Behavior Concurrent processes may lead to: Deadlock: each process is willing to do something but the entire system cannot agree on any action Livelock: infinite sequence of internal (hidden) communication occur between the components. Similar external appearance to deadlock Non-determinism: both processes P1 and p2 are willing to talk to a third one Q which has to make a choice.

CSCE Farkas26 Traces Sequences of visible events until an arbitrary finite time E.g., – traces(Stop) = { } – traces(a → P  b → Skip) = { n, n^, n^ n in N } Traces model – Nonempty – Prefix closed (if s^t is in trace, so is s) We can calculate traces(P) for any CSP P

CSCE Farkas27 Next Class: Modeling security protocols in CSP