1 UCDavis SecLab MURI October 2002 Issues in the Verification of Systems Tao Song, Jim Alves-Foss, Karl Levitt Computer Security Lab Computer Science Department.

Slides:



Advertisements
Similar presentations
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Advertisements

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
Secure Operating Systems Lesson 0x11h: Systems Assurance.
May 11, ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.
Module 3 Windows Server 2008 Branch Office Scenario.
An Engineering Approach to Computer Networking
Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
1 Intrusion Monitoring of Link-State Routing Protocols Akshay Aggarwal Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
UCDavis SecLab MURI October Automated Intrusion Response Project Ivan Balepin, Karl Levitt UC Davis Computer Security Lab.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Introduction An introduction to the software and organization of the Internet Lab.
OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.
Introduction An introduction to the equipment and organization of the Internet Lab.
1 Verification of Global Access Control in Large Scale Networks David M. Nicol University of Illinois at Urbana-Champaign CNLS 2010 Collaborators : Bill.
RSC Part II: Network Layer 3. IP addressing Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are, mainly, part of the.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.
 Ping - Transmits four 32 byte packets to target computer ◦ Measures response time ◦ Returns IP address of target computer ◦ Example: ping uottawa.ca.
TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.
TCP/IP. The Internet Protocol Suite is the set of communications protocols used for the Internet and other similar networks. It is commonly also known.
1 Computer Communication & Networks Lecture 26 Application Layer: Domain Name System Waleed Ejaz.
Domain Name System CH 25 Aseel Alturki
1 ECE 156 Computer Network Architecture Professor Krish Chakrabarty Department of Electrical and Computer Engineering Fall 2006.
COMP1321 Digital Infrastructure Richard Henson February 2014.
Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.
Windows routing and resolution. Basic concepts  Host name: machine.sub-domain.domain example: mail.ubalt.edu same machine name in Windows in NetBIOS.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Transmission Control Protocol / Internet Protocol (TCP/IP)
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.
Access Control Lists Accessing the WAN – Chapter 5.
2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.
Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.
A Certifying Compiler and Pointer Logic Zhaopeng Li Software Security Lab. Department of Computer Science and Technology, University of Science and Technology.
Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.
Graciela Perera– August 23, 2010 Department of Computer Science and Information Systems Slide 1 of 14 OVERVIEW FOR NETWORKING CONCEPTS AND ADMINISTRATION.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Internet Protocols. ICMP ICMP – Internet Control Message Protocol Each ICMP message is encapsulated in an IP packet – Treated like any other datagram,
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
Introduction An introduction to the equipment and organization of the Internet Lab.
ERICSON BRANDON M. BASCUG Alternate - REGIONAL NETWORK ADMINISTRATOR HOW TO TROUBLESHOOT TCP/IP CONNECTIVITY.
Computer Communication: An example What happens when I click on
How to use the Internet Ikjun Yeom. How to send a packet  buy a computer  make sure that the computer is equipped with a network interface card  find.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
ECE 374: Computer Networks & Internet Introduction Spring 2015 Prof. Michael Zink.
Developing a Framework for Simulation, Verification and Testing of SDL Specifications Olga Shumsky Lawrence Henschen Northwestern University
ECE 374: Computer Networks & Internet Introduction Spring 2012 Prof. Michael Zink.
TCP/IP Protocol Suite ©Richard L. Goldman September 25, 2002.
Networking SPARCS 2000 wheel seminar
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Frederico Araujo CS6362 – Fall 2010 Automated Theorem Proving.
IS 2620: Developing Secure Systems Formal Verification/Methods Lecture 9 March 15, 2012.
COMP1321 Digital Infrastructure Richard Henson March 2016.
TDC375 Autumn 03/04 John Kristoff - DePaul University 1 Network Protocols Internet Protocols Overview.
Accessing the WAN – Chapter 5
ICMP ICMP – Internet Control Message Protocol
Accessing the WAN – Chapter 5
Accessing the WAN – Chapter 5
Introduction An introduction to the software and organization of the Internet Lab.
Chapter 14: Representing Identity
Logical architecture refinement
IS 2935: Developing Secure Systems
UNIX System Protection
Presentation transcript:

1 UCDavis SecLab MURI October 2002 Issues in the Verification of Systems Tao Song, Jim Alves-Foss, Karl Levitt Computer Security Lab Computer Science Department University of California, Davis

2 UCDavis SecLab MURI October 2002 Index Background of verification Security of systems Verification of systems

3 UCDavis SecLab MURI October 2002 Background of verification Background of verification What is verification? – Existing artifact – Formalization – Mathematical proof

4 UCDavis SecLab MURI October 2002 Background of verification Background of verification Usage of verification – Hardware verification e.g. ACL2 AMD K5 chipset – Protocol verification e.g. SMV Security protocol – System verification e.g. ACL Kit

5 UCDavis SecLab MURI October 2002 Background of verification Background of verification Why verification? – Complexity of today's systems – Increasing error costs – Commonality in reasoning frameworks.

6 UCDavis SecLab MURI October 2002 Background of verification Background of verification Formal methods in verification – Theorem Prover e.g. HOL, PVS, Coq, and ACL2 etc – Model Checking e.g. COSPAN, SPIN, Mocha and SMV etc

7 UCDavis SecLab MURI October 2002 Security of systems Basic Concepts of security – Security policy and mechanism – Specifications e.g. specification of program finger – Assumptions

8 UCDavis SecLab MURI October 2002 Security of systems Example: Specification of the program ftpd SPEC in.ftpd ( ) SE: -> *; -> (OPEN_RD, WorldReadable($F.mode)) | (OPEN_RD, CreatedByProc($P.pid, &$F)) | (OPEN_RD, $F.ouid == $S.uid) | (OPEN_WR, CreatedByProc($P.pid, &$F)) | (OPEN_WR, $F.path == "/var/log/wtmp") | (CHMOD, CreatedByProc($P.pid, &$F)) | (CHOWN, CreatedByProc($P.pid, &$F)) | (EXEC, $path == "/bin/tar" || $path == "/bin/compress" || $path == "/bin/ls" || $path == "/bin/gzip") |………………………

9 UCDavis SecLab MURI October 2002 Security of systems System System Calls Security Policy Hierarchical model of system Specifications for Programs and Protocols Programs and Network Protocols Valid Operations of Specifications

10 UCDavis SecLab MURI October 2002 Security of systems Important issues of systems – Access control Access triple (uid, pid, fid) – Setuid programs e.g. Passwd, ftpd, sendmail, etc. – System calls Important system calls: open, chown, execve, symlink, chmod, fork, etc.

11 UCDavis SecLab MURI October 2002 Security of systems Hard issues in building model of security of systems – Define the security policy – Describe behaviors of systems – Classify objects of systems – Prove security

12 UCDavis SecLab MURI October 2002 System verification An idea of the system verification – Use specification to monitor systems – Formalize behaviors of systems according to specifications – Formalize security policy and assumptions – Formal proof of security

13 UCDavis SecLab MURI October 2002 System verification Approach of the system – Using specification to monitor the behavior of privileged programs – Using ACL2 to formalize and prove security features of systems

14 UCDavis SecLab MURI October 2002 System verification System Services System-wide Top Level Host Programs and Network Protocols Applications Operational Integrity Resource Usage Access Data Integrity Temporal/Interaction Specification model

15 UCDavis SecLab MURI October 2002 System verification ireply_waitcached ARP RequestARP Response ARP cache timeout alarm Unsolicited ARP Response Bogus ARP Response Malformed Request ARP Request Specification for ARP (Address Resolution Protocol)

16 UCDavis SecLab MURI October 2002 Other Protocol Specifications Domain Name System (DNS) Network File System (NFS) Distributed Host Configuration Protocol (DHCP) TCP FTP RIP routing protocol OSPF routing protocol

17 UCDavis SecLab MURI October 2002 System verification Requirement of verification – Formal statements of security policy – Formal statements of specifications of privileged programs and protocols – Formal statements of assumptions

18 UCDavis SecLab MURI October 2002 System verification Formal statements of security policy (defun policy() ( and policy_read(pid, fid) policy_write(pid,fid) policy_create(pid,fid) policy_exec(pid, fid) …… )

19 UCDavis SecLab MURI October 2002 System verification Formal statements of security policy (defun policy_read( pid, fid) ( or IsRoot(pid) userid of process is root Readable(pid, fid) the file is readable WorldReadable(fid) …… )

20 UCDavis SecLab MURI October 2002 System verification Formal statements of specifications (defun spec() ( and spec_standard(pid, fid) ’standard specification of programs spec_passwd(pid, fid) ’specification of the program passwd …… spec_ARP() ’specification of the ARP protocol …… ) )

21 UCDavis SecLab MURI October 2002 System verification Formal statements of specifications (defun spec_chage(pid, fid) ( and WorldReadable(fid) WriteInPath(fid, “/var/spool/at/.SEQ”) CreatedByProc(chmod,pid,fid) …… )

22 UCDavis SecLab MURI October 2002 System verification Formal statements of assumptions (defun assumption() ( and assum_sys_1() assum_sys_2() …… assum_verify_1() assum_verify_2() …… ))

23 UCDavis SecLab MURI October 2002 System verification An example of assumptions (defun assum_sys_n( pid ) ( imply ( = pid.setuid 0) true )

24 UCDavis SecLab MURI October 2002 System verification Prototype of verification (defthm verify() ( imply ( and assumption() spec()) policy() )

25 UCDavis SecLab MURI October 2002 System verification Ongoing work – Build security model of a system Classify the subjects, objects and operations Define security states and state transitions Extend the model to cover network protocol – Automatic verification Analysis the assumption of the security of a system Refine formal statements of specifications

26 UCDavis SecLab MURI October 2002 Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.