Presentation is loading. Please wait.

Presentation is loading. Please wait.

Logic for Computer Security Protocols

Published byCamilla Öberg Modified over 5 years ago

Similar presentations

Presentation on theme: "Logic for Computer Security Protocols"— Presentation transcript:

1 Logic for Computer Security Protocols
John Mitchell Stanford University

2 Outline Example BAN logic Current Protocol Logic
Floyd-Hoare logic of programs BAN logic Current Protocol Logic

3 Part I Logic of programs Historical references: Floyd, … Hoare, …

4 Before-after assertions
Main idea F <P> G If F is true before executing P, then G after Two variants Total correctness F [P] G If F before, then P will halt with G Partial correctness F {P} G If F before, and if P halts, then G

5 While programs Programs P ::= x := e | P;P | if B then P else P
| while B do P where x is any variable e is any integer expression B is a Boolean expression (true or false)

6 Assertion about assignment
Assignment axiom F(t) { x := t } F(x) Examples 7= { x := 7 } x=7 (y+1)>0 { x := y+1 } x>0 x+1=2 { x := x+1 } x=2 This is not most general case. Need to assume no aliasing…

7 Rule of consequence If And Then F { P } G F’  F and G  G’

8 Example Assertion Proof y>0 { x := y+1 } x>0
(y+1)>0 { x := y+1 } x> (assignment axiom) y> { x := y+1 } x> (consequence) x=1 { x := x+1 } x=2 x+1=2 { x := x+1 } x= (assignment axiom) x= { x := x+1 } x= (consequence)

9 Conditional Example F  B { P1 } G F B {P2 } G
F { if B then P1 else P2 } G Example true { if y  0 then x := y else x := -y } x  0

10 Sequence Example F { P1 } G G { P2 } H F { P1; P2 } H
x=0 { x := x+1 ; x := x+1 } x=2

11 Loop Invariant Example F  B { P } F F { while B do P } F B
true { while x  0 do x := x-1 } x=0

12 Example: Compute d=x-y
B P1 Assertion yx {d:=0; while (y+d)<x do d := d+1} y+d=x Main ideas in proof Choose loop invariant y+dx y+dx  B {P1} y+dx y+dx {while B do P1} y+dx B Use assignment axiom and sequence rule to complete the proof of property of P1

13 Facts about Hoare logic
Compositional Proof follows structure of program Sound “Relative completeness” Properties of computation over N provable from properties of N Some technical issues … Important concept: Loop invariant !!! Common practice beyond Hoare logic

14 Part II BAN Logic

15 There is something called BAN
Needham “The main contribution of BAN logic was to make the study of 3-line protocols intellectually respectable.” Paper, A Logic of Authentication", ACM Transactions on Computer Systems, Vol. 8, No. 1, pp , February 1990.

16 Using BAN Logic Protocol expressed in “idealized” form
Identify initial assumptions in the language of BAN logic Use postulates and rules of BAN logic to deduce new predicate

17 Notation P |X: P believes X P X: P sees X
P would be entitled to believe X. The principal P may act as though X is true. P X: P sees X P can read the contents of X (possibly after decryption, assuming P has the needed keys) P can include X in messages to other principals

18 BAN Logic P |~ X P once said X P | X P controls X #(X) X is fresh
P sent a message including the statement X. Possibly in the past or in the current run of the protocol P believed that X was true when it send the message P | X P controls X P has jurisdiction over X P is a trusted authority on the truth of X. #(X) X is fresh The present begins with the start of the current execution of the current protocol X is fresh if it is not contained in any message in the past

19 BAN Logic K P  Q: K is a shared key for P and Q.
K is a secure key for communication between P and Q K will never be discovered by any principal except for P or Q, or a principal trusted by either P or Q. | P K is a public key for P The matching secret key (the inverse of K, denoted by K-1) will never be discovered by any principal except P, or a principals trusted by P

Download ppt "Logic for Computer Security Protocols"

Similar presentations

Chapter 4: Control Structures I (Selection)

Chapter 4: Control Structures I (Selection)
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Program verification: flowchart programs Book: chapter 7.

Program verification: flowchart programs Book: chapter 7.
Program verification: flowchart programs Book: chapter 7.

Program verification: flowchart programs Book: chapter 7.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
Copyright 2003-04, Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.

This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Predicate Transformers

Predicate Transformers
CSE 331 Software Design & Implementation Dan Grossman Winter 2014 Lecture 2 – Reasoning About Code With Logic 1CSE 331 Winter 2014.

CSE 331 Software Design & Implementation Dan Grossman Winter 2014 Lecture 2 – Reasoning About Code With Logic 1CSE 331 Winter 2014.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
CS 355 – Programming Languages

CS 355 – Programming Languages
Compositional Protocol Logic CS 395T. Outline uFloyd-Hoare logic of programs Compositional reasoning about properties of programs uDDMP protocol logic.

Compositional Protocol Logic CS 395T. Outline uFloyd-Hoare logic of programs Compositional reasoning about properties of programs uDDMP protocol logic.
CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.
Axiomatic Semantics Dr. M Al-Mulhem ICS535-091.

Axiomatic Semantics Dr. M Al-Mulhem ICS

Similar presentations

Ads by Google