TXT

CSP, Casper and security verification

By Oscar Olson,2014-05-27 15:07
6 views 0
CSP, Casper and security verification

     ??ÎÄÓÉnew_tianliye??Ï×

    pdfÎĵµ?ÉÄÜÔÚWAP?Ëä?ÀÀÌåÑé???Ñ????ÒéÄúÓÅÏÈÑ?ÔñTXT???òÏÂÔØÔ?ÎÄ?þµ????ú?é????

     n Security : Confidentiality, Authentication, Integrity and Availability n Research 1. Security System Access Control Model, and Information etc Flow n 2. Security Protocol SSH,Kerberos , RADIUS

     n Theorem Proving -BAN, GNY, SVO logic n Model Checking -FDR(CSP), SPIN, SMV, CADP n Type Theory -PCC(Proof Carrying Code) n Global Computing -spicalculus

     n Process Algebra

     a formal description technique to complex systems, especially those involving communication,

     compute

     concurrently

     executing

     components

     n CSP(Communicating Sequential Processes)

     It is a process at specification the in language of designed during of can C.A.R. Hoare , 1980s ? A formal notation which the computations by concurrent be processes communicating channel University Oxford

     by

     th

     concisely

     described and modelled .

     n

     Casper( Compiler for the Analysis of Se A Protocols) CSP description of the system is 1. very time consuming

     n

     2. only possible for people well practi CSP

     2. even the experts will often make m that prove hard to spot ??Casper simplifies this process.

     Security Protocol

     Intruder

     Casper CSP Modeling

     FDR Verification

     Spec of Security Protocol

     Spec of Intruder

     Initiator ||| Responder ||| Server ||| Intruder

     send

     receive

     Intiator

     receive send

     Server Responder

     send receive

     take.Alice.y

     fake.x.Bob learn say

     Intruder

     leak

     n 1. Trace

     Refinement:

     Safety

     n 2.

     Failures

     Refinement

     :

     Deadloc

     n 3. Failures Divergences Refinement : Liveness

     Specification

     trace (Specification) trace (Implementation)

     refinement

     Implementation

     n

     A trace of a process is a finite seque events, representing the of the behaviour process up to a certain point in time. is written traces(P)

     traces(coin - STOP) ={<>, } > CLOCK = - CLOCK tick > traces(CLOCK) = {<>,, ??} = {tick}* Examples : a - > b - > STOP a - > STOP A - > b - > STOP STOP

     n

     They are both safety a certain bad properties: thing should not happen Secrecy:

     n

     Information m has not become known to the intruder n Authentication:

     The matching of these two events gua the identities of A andB

     A Intr B

     Run with A

     Commit with B

     n The protocol Message 1> b a a a. : n Message 2- sb : b.{a. (b) > na b ServerKey .} n Message 3- a : aba b ServerKey > s k ..} {b. n n (a) {a. ServerKey k} ab (b) Message 4 > b : ab a k {a. (b) } kab } ServerKey .{ nb

     S {b.kab.na.nb}ServerKey(a). {a.kab}ServerKey(b) a.na A b.{a.na.nb}ServerKey(b) B

     {a.kab}ServerKey(b).{nb}kab

     n symbolic SKey

     n The CSP approach is based on inserting sig

     Running.a.b as (in ??

     protocol)

     Agent a is executing a protocol run apparently with b

     Commit.b.a in ?? ( bs

     protocol)

     Agent b has completed a protocol run apparently with a

     n Authentication is achieved if Running.a.b always precedes Commit.b.a the traces of the syste in

     Weaker and the or stronger forms on of authentication parameters can be achieved by variations of the of these

     constraints

     them

     n The Yahalom rotocol aims at providing P the initiator to the responder, and viceversa

     authentication of both parties : authentication of

     n We will analyze the two authentication separately

     n This requires two separate protocol

     enhancemen

     n CSP description of the two parties -Enhanced Initiator= ?? na ) (a,

     env?b: Agent

     g send.a.b.a. n a g [] (receive.J.a{b. (a) kab . bServerKey .a } nn .m g signal.Running_Initiator.a.b n .b ab nk k ?Å ?ª?Å?× a . ab g send.a.b.m.{ n }k n ?Å ???Ï?Í?Ö?Å b ab b g Session(a,b,) ) kab , b ,a nn m?Å ??

     Responder ) = ?? (b,n b k ?Å ?ª?Å?× ab n ?Å ???Ï?Í?Ö?Å b m?Å ??

     [] (receive.a.b.a.nag send.b.J.bbServerKey n . } .{a. n a (b)

     g receive.a.b.{a..{ }k kab }ServerKey n (b)b ab g signal. Commit_Responder.b.a. n .b ab nk a . g Session(b,a,) ) kab , b ,a nn

     Initiatora

     a.na

     Responderb

     Server

     b.{a.na .nb}ServerKey(b) {b.k ab.na .nb}ServerKey(a) {a.k ab}ServerKey(b)

     Run_Init.a.b.na.nb.k ab {a.k ab}ServerKey(b) .{nb}kab Com_Resp.b.a.na.nb.k ab

     n The property to be verified: signal. Running_Initiator.a.b. na b ab n. .k precedes signal.Commit_Responder.b.a. na b ab n. .k in n Again, all the Traces(System) can be

     this

     property by

     verif the

     automatically

     checking

     tr

     n CSP description of the two parties -Enhanced Initiator= ?? na ) (a,

     env?b: Agent

     g send.a.b.a. n a g [] (receive.J.a{b. (a) kab . bServerKey .a } nn .m g send.a.b.m.{ n }k k ?Å ?ª?Å?× b ab ab g

    signal.Commit_Initiator.a.b. n .b ab nk n ?Å ???Ï?Í?Ö?Å a . b g Session(a,b,) ) kab , b ,a nn m?Å ??

     Responder ) = ?? (b,n b k ?Å ?ª?Å?× ab n ?Å ???Ï?Í?Ö?Å b m?Å ??

     [] (receive.a.b.a.nag send.b.J.bbServerKey n . } .{a. n a (b)

     g signal. Running_Responder.b.a n .b n a g receive.a.b.{a. n }k kab }ServerKey .{ (b)b ab g Session(b,a,) ) kab , b , a n n

     Initiatora

     a.na

     Responderb

     Server

     Run_Resp.b.a.na.nb. b.{a.na .nb}ServerKey(b) {b.k

    ab.na .nb}ServerKey(a) {a.k ab}ServerKey(b) {a.k

    ab}ServerKey(b) .{nb}kab

     Run_Init.a.b.na.nb.k ab

     n The property to be verified: signal.

     Running_Responder.b.a. na b n . precedes

     signal.Commit_Initiator.a.b. na b ab n k .. in all the Traces(System) n Again, this property can be verified by checking the traces

??TXTÓÉ??ÎÄ?â????ÏÂÔØ:http://www.mozhua.net/wenkubao

Report this document

For any questions or suggestions please email
cust-service@docsford.com