Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 UCDavis SecLab MURI October 2002 Issues in the Verification of Systems Tao Song, Jim Alves-Foss, Karl Levitt Computer Security Lab Computer Science Department.

Published byOphelia Hampton Modified over 9 years ago

Similar presentations

Presentation on theme: "1 UCDavis SecLab MURI October 2002 Issues in the Verification of Systems Tao Song, Jim Alves-Foss, Karl Levitt Computer Security Lab Computer Science Department."— Presentation transcript:

1 1 UCDavis SecLab MURI October 2002 Issues in the Verification of Systems Tao Song, Jim Alves-Foss, Karl Levitt Computer Security Lab Computer Science Department University of California, Davis

2 2 UCDavis SecLab MURI October 2002 Index Background of verification Security of systems Verification of systems

3 3 UCDavis SecLab MURI October 2002 Background of verification Background of verification What is verification? – Existing artifact – Formalization – Mathematical proof

4 4 UCDavis SecLab MURI October 2002 Background of verification Background of verification Usage of verification – Hardware verification e.g. ACL2 AMD K5 chipset – Protocol verification e.g. SMV Security protocol – System verification e.g. ACL Kit

5 5 UCDavis SecLab MURI October 2002 Background of verification Background of verification Why verification? – Complexity of today's systems – Increasing error costs – Commonality in reasoning frameworks.

6 6 UCDavis SecLab MURI October 2002 Background of verification Background of verification Formal methods in verification – Theorem Prover e.g. HOL, PVS, Coq, and ACL2 etc – Model Checking e.g. COSPAN, SPIN, Mocha and SMV etc

7 7 UCDavis SecLab MURI October 2002 Security of systems Basic Concepts of security – Security policy and mechanism – Specifications e.g. specification of program finger – Assumptions

8 8 UCDavis SecLab MURI October 2002 Security of systems Example: Specification of the program ftpd SPEC in.ftpd ( ) SE: -> *; -> (OPEN_RD, WorldReadable($F.mode)) | (OPEN_RD, CreatedByProc($P.pid, &$F)) | (OPEN_RD, $F.ouid == $S.uid) | (OPEN_WR, CreatedByProc($P.pid, &$F)) | (OPEN_WR, $F.path == "/var/log/wtmp") | (CHMOD, CreatedByProc($P.pid, &$F)) | (CHOWN, CreatedByProc($P.pid, &$F)) | (EXEC, $path == "/bin/tar" || $path == "/bin/compress" || $path == "/bin/ls" || $path == "/bin/gzip") |………………………

9 9 UCDavis SecLab MURI October 2002 Security of systems System System Calls Security Policy Hierarchical model of system Specifications for Programs and Protocols Programs and Network Protocols Valid Operations of Specifications

10 10 UCDavis SecLab MURI October 2002 Security of systems Important issues of systems – Access control Access triple (uid, pid, fid) – Setuid programs e.g. Passwd, ftpd, sendmail, etc. – System calls Important system calls: open, chown, execve, symlink, chmod, fork, etc.

11 11 UCDavis SecLab MURI October 2002 Security of systems Hard issues in building model of security of systems – Define the security policy – Describe behaviors of systems – Classify objects of systems – Prove security

12 12 UCDavis SecLab MURI October 2002 System verification An idea of the system verification – Use specification to monitor systems – Formalize behaviors of systems according to specifications – Formalize security policy and assumptions – Formal proof of security

13 13 UCDavis SecLab MURI October 2002 System verification Approach of the system – Using specification to monitor the behavior of privileged programs – Using ACL2 to formalize and prove security features of systems

14 14 UCDavis SecLab MURI October 2002 System verification System Services System-wide Top Level Host Programs and Network Protocols Applications Operational Integrity Resource Usage Access Data Integrity Temporal/Interaction Specification model

15 15 UCDavis SecLab MURI October 2002 System verification ireply_waitcached ARP RequestARP Response ARP cache timeout alarm Unsolicited ARP Response Bogus ARP Response Malformed Request ARP Request Specification for ARP (Address Resolution Protocol)

16 16 UCDavis SecLab MURI October 2002 Other Protocol Specifications Domain Name System (DNS) Network File System (NFS) Distributed Host Configuration Protocol (DHCP) TCP FTP RIP routing protocol OSPF routing protocol

17 17 UCDavis SecLab MURI October 2002 System verification Requirement of verification – Formal statements of security policy – Formal statements of specifications of privileged programs and protocols – Formal statements of assumptions

18 18 UCDavis SecLab MURI October 2002 System verification Formal statements of security policy (defun policy() ( and policy_read(pid, fid) policy_write(pid,fid) policy_create(pid,fid) policy_exec(pid, fid) …… )

19 19 UCDavis SecLab MURI October 2002 System verification Formal statements of security policy (defun policy_read( pid, fid) ( or IsRoot(pid) userid of process is root Readable(pid, fid) the file is readable WorldReadable(fid) …… )

20 20 UCDavis SecLab MURI October 2002 System verification Formal statements of specifications (defun spec() ( and spec_standard(pid, fid) ’standard specification of programs spec_passwd(pid, fid) ’specification of the program passwd …… spec_ARP() ’specification of the ARP protocol …… ) )

21 21 UCDavis SecLab MURI October 2002 System verification Formal statements of specifications (defun spec_chage(pid, fid) ( and WorldReadable(fid) WriteInPath(fid, “/var/spool/at/.SEQ”) CreatedByProc(chmod,pid,fid) …… )

22 22 UCDavis SecLab MURI October 2002 System verification Formal statements of assumptions (defun assumption() ( and assum_sys_1() assum_sys_2() …… assum_verify_1() assum_verify_2() …… ))

23 23 UCDavis SecLab MURI October 2002 System verification An example of assumptions (defun assum_sys_n( pid ) ( imply ( = pid.setuid 0) true )

24 24 UCDavis SecLab MURI October 2002 System verification Prototype of verification (defthm verify() ( imply ( and assumption() spec()) policy() )

25 25 UCDavis SecLab MURI October 2002 System verification Ongoing work – Build security model of a system Classify the subjects, objects and operations Define security states and state transitions Extend the model to cover network protocol – Automatic verification Analysis the assumption of the security of a system Refine formal statements of specifications

26 26 UCDavis SecLab MURI October 2002 Thank you

Download ppt "1 UCDavis SecLab MURI October 2002 Issues in the Verification of Systems Tao Song, Jim Alves-Foss, Karl Levitt Computer Security Lab Computer Science Department."

Similar presentations

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
May 11, 2009 1 ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.

May 11, ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
1 Intrusion Monitoring of Link-State Routing Protocols Akshay Aggarwal Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of.

1 Intrusion Monitoring of Link-State Routing Protocols Akshay Aggarwal Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
UCDavis SecLab MURI October 2002 1 Automated Intrusion Response Project Ivan Balepin, Karl Levitt UC Davis Computer Security Lab.

UCDavis SecLab MURI October Automated Intrusion Response Project Ivan Balepin, Karl Levitt UC Davis Computer Security Lab.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Introduction An introduction to the software and organization of the Internet Lab.

Introduction An introduction to the software and organization of the Internet Lab.
OSPF www.systemyar.net. To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.

OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.
Introduction An introduction to the equipment and organization of the Internet Lab.

Introduction An introduction to the equipment and organization of the Internet Lab.
1 Verification of Global Access Control in Large Scale Networks David M. Nicol University of Illinois at Urbana-Champaign CNLS 2010 Collaborators : Bill.

1 Verification of Global Access Control in Large Scale Networks David M. Nicol University of Illinois at Urbana-Champaign CNLS 2010 Collaborators : Bill.

Similar presentations

Ads by Google