AGVI Automatic Generation, Verification, and Implementation of security protocols By: Dawn Song, Adrian Perrig, and Doantam Phan. In: 13 th Conference.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

CSC411Artificial Intelligence 1 Chapter 3 Structures and Strategies For Space State Search Contents Graph Theory Strategies for Space State Search Using.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.

Snap-stabilizing Committee Coordination Borzoo Bonakdarpour Stephane Devismes Franck Petit IEEE International Parallel and Distributed Processing Symposium.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

Algorithms and Problem Solving-1 Algorithms and Problem Solving.

Algorithms and Problem Solving. Learn about problem solving skills Explore the algorithmic approach for problem solving Learn about algorithm development.

Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.

1 Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing Jason Franklin Joint work with Deepak Garg, Dilsun Kaynar, and.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Monte Carlo Analysis of Security Protocols: Needham-Schroeder Revisited Radu Grosu SUNY at Stony Brook Joint work with Xiaowan Huang, Scott Smolka, & Ping.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.

Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on.

Efficient Evaluation of XQuery over Streaming Data Xiaogang Li Gagan Agrawal The Ohio State University.

Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)

A Simple Method for Extracting Models from Protocol Code David Lie, Andy Chou, Dawson Engler and David Dill Computer Systems Laboratory Stanford University.

Stochastic Algorithms Some of the fastest known algorithms for certain tasks rely on chance Stochastic/Randomized Algorithms Two common variations – Monte.

Chapter 10: Compilers and Language Translation Invitation to Computer Science, Java Version, Third Edition.

Executable specification of cryptofraglets with Maude for security verification Fabio Martinelli and Marinella Petrocchi IIT-CNR, Pisa Italy presented.

Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.

MBSat Satisfiability Program and Heuristics Brief Overview VLSI Testing B Marc Boulé April 2001 McGill University Electrical and Computer Engineering.

B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.

Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.

Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore.

110/19/2015CS360 AI & Robotics AI Application Areas  Neural Networks and Genetic Algorithms  These model the structure of neurons in the brain  Humans.

Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I.

CSCE 813 Internet Security Cryptographic Protocol Analysis.

Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.

A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.

1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.

Page 1 Advanced Technology Center HCSS 03 – April 2003 vFaat: von Neumann Formal Analysis and Annotation Tool David Greve Dr. Matthew Wilding Rockwell.

Intrusion Tolerant Software Architectures Bruno Dutertre and Hassen Saïdi System Design Laboratory, SRI International OASIS PI Meeting.

Correctness Proofs and Counter-model Generation with Authentication-Protocol Logic Koji Hasebe Mitsuhiro Okada Department of Philosophy, Keio University.

EXE: Automatically Generating Inputs of Death Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler 13th ACM conference on.

May University of Glasgow Generalising Feature Interactions in Muffy Calder, Alice Miller Dept. of Computing Science University of Glasgow.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke Presented by: Xia Cheng.

Verification & Validation By: Amir Masoud Gharehbaghi

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

A Memory-hierarchy Conscious and Self-tunable Sorting Library To appear in 2004 International Symposium on Code Generation and Optimization (CGO ’ 04)

Security for Broadcast Network

A Simulation-Based Study of Overlay Routing Performance CS 268 Course Project Andrey Ermolinskiy, Hovig Bayandorian, Daniel Chen.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

Compositional Verification for System-on-Chip Designs SRC Student Symposium Paper 16.5 Nishant Sinha Edmund Clarke Carnegie Mellon University.

Agenda  Quick Review  Finish Introduction  Java Threads.

Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,

1 Advanced course on: Parallel and Distributed Model Checking Lecture 1 – Lecturers: Orna Grumberg, Computer Science Dept, Technion Karen Yorav,

Sub-fields of computer science. Sub-fields of computer science.

Basic concepts of Model Checking

Artificial Intelligence

Algorithms and Problem Solving

Formal methods: Lecture

Security Protocols Analysis

Algorithms and Problem Solving

Presentation transcript:

AGVI Automatic Generation, Verification, and Implementation of security protocols By: Dawn Song, Adrian Perrig, and Doantam Phan. In: 13 th Conference on Computer Aided Verification (CAV), 2001 Presenter: AliReza Namvar

Motivation Rapid design&deployment of security protocol eCommerce systems Security protocol are difficult to: Design Verify the correctness Implement correctly

Intoduction Optimal security protocol: System aspects: Computation overhead Communication overhead Power consumptions Guarantee the correctness by Automatic Verifiers Automatic implementation to reduce the number of bugs

Overview Specify security requirement: Authentication and secrecy System specification System spec: Sym/asym enc/decryption Low bandwidth Protocol Generator Protocol Screener Candidate Protocols Code Generator

Protocol Specification metric function cost or overhead of the protocol monotonically increasing a specification of the initial setup defines which cryptographic primitives are available to the principals what keys each principal possesses Adrian Perrig and Dawn Song. A first step towards the automatic generation of security protocols. In Network and Distributed System Security Symposium, February 2000.

Representation

Each msg can be represented as a tree atomic messages as leaves operations as intermediate nodes. A,B,{A,B}K B

Protocol Generator Generates candidate security protocol Satisfying the system requirements Using exhaustive search in a combinatorial protocol space[4round auth. = 10^12] Discard obviously flawed protocols Powerful reduction tech.(10000/s) Automatic Protocol Generation Security Properties Metric function Initial Setup Correct Protocol

Protocol Generator (cntd) Iterative deepening Each iteration:cost threshold Search < given threshold Sorted protocols passed to the protocol screener practical APG Using efficient reduction techniques and heuristics Each security property is therefore accompanied by: pruning algorithm (which efficiently discards most severely flawed protocols) a verification condition for the screener. Stuart Russell and Peter Norvig. Artificial Intelligence: A Modern Approach. Prentice Hall Series in Artificial Intelligence, 1995.

Protocol Screener Analyze protocol executions with any arbitrary protocol configuration Analysis Termination Gives a proof for satisfaction of sec. Props. or Generates a counterexample Exploits state space reduction techniques to achieve high efficiency Backward search, symbolic representation Average: 5-10/s [500Mhz PenIII linux]

Protocol Screener (Cntd) Athena: represent execution Strand SM Logic:to reason about strand spaces&bundles Automate procedure to evaluate well – formed formulae in this logic Forced termination: Bounding #of concurrent protocol runs Length of msgs No state explosion caused by asyn. Composition & symmetry redundancy Uncertainty theorems: Prune state space at early stage

Athena:Logic Terms: Node constant (n,n1, … ) Strand constants (s,s1, … ) Bundle constant (c,c1, … ) Bundle variable (C,C1, … ) Prepositional Formula: n  s,n  c, n  C, s  c,s  C are atomic  f1 and f1  f2 are p.f. if f1 and f2 are p.f. Well-formed formulae(wff) f,  F1,F1  F2 Athena: a New Efficient Automatic Checker for Security Protocol Analysis, Song 1999

Code Generator translates the formal specification into Java code final implementation is correct (proof by construction) implementation is secure Buffer overruns False input attacks Type flaws Replay attacks and freshness attacks

Conclusions Variation of system speciation for experiments Iterative deepening is Greedy.Any proof for optimality? Is formal security protocol analysis is NP? Automatic code generation.