Internet Security CSCE 813 Communicating Sequential Processes

CSCE Farkas2 Reading Today: – Modelling and analysis of security protocols: Chapter 1 Next Class: – Modelling and analysis of security protocols: Chapter 1 and 2

CSCE Farkas3 CSP Objectives Model dynamics Model and analyze concurrency – E.g., calculation intensive systems, distributed applications Support parallelism

CSCE Farkas4 CSP Notation for describing systems of parallel agents that communicate by passing messages between them Formal study of systems – Concurrency – Security Mathematical notation for describing interaction – Different components influence each other

CSCE Farkas5 CSP Components Processes Operators Communication: visible events:  Invisible (internal) event:  CSP: allows to describe the states in which processes might be  allows to work out what actions are immediately possible for the process and what the result states of the actions are

CSCE Farkas6 Message Passing Synchronous: both processes MUST be ready to communicate Non-buffered sends and receives Explicit naming of source and destination processes

CSCE Farkas7 Messages Process AProcess B Send (B, message)Receive (A, message) Input command: ? e.g., keyboard?m Output command: ! e.g., screen?average

CSCE Farkas8 Communication Process P executes and input command specifying process Q as its source AND Process Q executes an output command specifying process P as its destination AND The target variable in the input statement matches the value in the output statement

CSCE Farkas9 Program Equivalence Two programs P1 and P2 are equivalent if they produce patterns of visible actions that cannot be distinguished by an observer. Only the communications of a program matters!

CSCE Farkas10 Communication Prefix: given a process P and a communication a in , a → P is a program that – Performs a then – Behaves as P Given in, out in  what is – in → out → P Process Stop: no visible or non-visible action – Given a in  what is a → Stop

CSCE Farkas11 Build Processes Consider: Given a,b,c in  – Proc = a → b → c → Stop – Proc: finite succession of choices before stopping – Proc’s environment might choose not to accepted any of a,b,c, so it might get stuck before Stop

CSCE Farkas12 Build Processes Recursion: processes “go on forever” Looping back to a state they have been before 1. Alt = to → fro → Alt 2. Dalt = to → fro → to → fro → Dalt 3. Malt1 = to → Malt2 4. Malt2 = fro → Malt1 5. Nalt = to → fro → Dalt 1. 1, 2, 5, and (3,4) are equivalent programs

CSCE Farkas13 Prefix Offering a single action Offering of choice: any set of visible actions – If A  , ?x : A → P(x) represent all the actions in A – x is the parameter of P -- parameters can be used in events or manipulated – When a  A is chosen, it behaves like P(a) Example: always prepared to offer any event from A   – RUN A = ?x : A → RUN A

CSCE Farkas14 Compound events Coding Machine example – CM1(s) = ?x : L  {off} → CM1’ (s,x) – CM1’(s,off) = Stop – CM1’(s,x) = crypt(s,x) → CM1(newstate(s,x)) (x  L) Action: channel name followed by zero or more data components Coding Machine example without off – CM2(s) = in?x → out!crypt(s,x) → CM2(newstate(s,x))

CSCE Farkas15 Choice Operators Deterministic finite state machine over finite  – e.g., P i = ? X : A i → P i ’(x) Choice operator:  – Gives the option between the actions of two processes then – Behaves like the one chosen

CSCE Farkas16 Choice Operator Example Choice – if A = B  C then ?x : A → P(x) = (?x : B → P(x))  (?x : C → P(x) ) Stop and equivalence – if A = A  Ø then ?x : A → P(x) = (?x : A → P(x))  Stop that is P  P  Stop – If B= Ø then ?x : B → P(x)  Stop

CSCE Farkas17 Choice Operator Revisit: if A = B  C then ?x : A → P(x) = (?x : B → P(x))  (?x : C → P(x) ) If B and C are disjoint: together they give all the choices in A What happens if B and C overlap? – Given processes P and Q, what does P  Q mean? – Choosing an action x  B  C what is the result of (?x : B → P(x))  (?x : C → Q(x) ) – CSP allows the implementor to make a choice between the two sides – After action x, the process may behave as P(x) or Q(x), the environment has no control over it.

CSCE Farkas18 Non-determinism Program acts nondeterministically if it is unpredictable The program is allowed to make internal decision that affect how it behaves as viewed from the outside Implementation is allowed to choose E.g., (a → a → Stop)  (a → b → Stop)

CSCE Farkas19 Non-Deterministic Choice P  Q – behaves like P or like Q – User has no control over which – Can be implemented using two internal actions – Implementer is not required to implement this way (can choose either P or Q or (P or Q)) Useful for model degree of unpredictability, like communication medium that transmits data correctly or loose it.

CSCE Farkas20 Non-Deterministic Choice P  Q and P  Q have identical traces: sequences of visible communications In most circumstances it cannot be told whether a non-deterministic choice was made by observing the process. What is the difference between (a → P) Stop and (a → P)  Stop ?

CSCE Farkas21 Parallel Operators Put sequential processes parallel System state: state of each component – Number of possible states increases exponentially with the size of the network How to put processes together for parallel network? How to check whether such a network satisfies a specification?

CSCE Farkas22 Parallel Combination Just an other process to which any of the previous operators can be applied. Each parallel process is equivalent to a sequential one (with infeasibly large number of states) CSP processes influence each other by affecting what communications they can perform.

CSCE Farkas23 Parallel Combination Synchronize all visible actions – P || Q can perform a   only when P and Q can – (?x : A → P(x)) || (?x : B → Q(x)) = ?x : A  B → (P(x) || Q(x))

CSCE Farkas24 Parallel Combinations Interfaces parallel operator: P || X Q – Synchronize all events in X Example: – P = ?x : A → P’(x) – Q = ?x : B → Q’(x) – P || X Q = ?x : X  A  B → (P’(x) || Q’(x))  ?x : A \ X → (P’(x) || X Q)  ?x : B \ X → (P|| X Q’(x))

CSCE Farkas25 Alphabet Controlled P X || Y Q Each process is given control of a particular set of events No process is ever permitted to communicate outside of its own alphabet Interface between two processes: intersection of their alphabet

CSCE Farkas26 CSP Operators Stopprocess does nothing a → Pevent prefix ?x:A → Pevent prefix choice P  Qchoice between two processes P Qnondeterministic choice P || Qlockstep parallel P || X Qinterface parallel P X || Y Qsynchronizing parallel

CSCE Farkas27 Next Class: CSP CH 1 finish Modeling security protocols in CSP