33 research outputs found
Analysis of Smartcard-based Payment Protocols in the Applied Pi-calculus using Quasi-Open Bisimilarity
Cryptographic protocols are instructions explaining how the communication be- tween agents should be done. Critical infrastructure sectors, such as communication networks, financial services, information technology, transportation, etc., use security protocols at their very core to establish the information exchange between the components of the system. Symbolic verification is a discipline that investigates whether a given protocol satisfies the initial requirements and delivers exactly what it intends to deliver. An immediate goal of symbolic verification is to improve the reliability of existing systems – if a protocol is vulnerable, actions must be taken asap before a malicious attacker exploits it; a far-reaching goal is to improve the system design practices – when creating a new protocol, it must be proven correct before the implementation.
Properties of cryptographic protocols roughly fall into two categories. Either reachability-based, i.e. that a system can or cannot reach a state satisfying some condition, or equivalence-based, i.e. that a system is indistinguishable from its idealised version, where the desired property trivially holds. Security properties are often formulated as a reachability problem and privacy properties as an equivalence problem. While the study of security properties is relatively settled, and powerful tools like Tamarin and ProVerif, where it is possible to check reachability queries, exist, the study of privacy properties expressed as equivalence only starts gaining momentum. Tools like DeepSec, Akiss, and, again, ProVerif offer only limited support when it comes to indistinguishability. This is partially due to the question of “What is an attacker capable of?” is not answered definitively in the second case.
The widely-accepted default attacker, when it comes to security, is the so-called Dolev-Yao attacker, which has full control of the communication network; however, there is no default attacker who attempts to break the privacy of a protocol. The capabilities of such an attacker are reflected in the equivalence relation used to define a privacy property; hence the choice of such relation is crucial.
This dissertation justifies a particular equivalence relation called quasi-open bisimilarity which satisfies several natural requirements. It has sound and complete modal logic characterisation, meaning that any attack on privacy has a practical interpretation; it enables compositional reasoning, meaning that if a privacy property of a system automatically extends to a bigger system having the initial one as a component, and, it captures the capability of an attacker to make decisions dynamically during the execution of the protocol.
We not only explain the notion of quasi-open bisimilarity, but we also employ it to study real-world protocols. The first protocol, UBDH, is an authenticated key agreement suitable for card payments, and the second protocol, UTX, is a smartcard-based payment protocol. Using quasi-open bisimilarity, we define the target privacy property of unlinkability, namely that it is impossible to link protocol sessions made with the same card and prove that it holds for UBDH and UTX. The proofs that UBDH and UTX satisfy their privacy requirements to our knowledge are the first ones that demonstrate that a privacy property of a security protocol, defined as bisimilarity equivalence, is satisfied for an unbounded number of protocol sessions. Moreover, these proofs illustrate the methodology that could be employed to study the privacy of other protocols
Coalgebra for the working software engineer
Often referred to as ‘the mathematics of dynamical, state-based systems’, Coalgebra claims to provide a compositional and uniform framework to spec ify, analyse and reason about state and behaviour in computing. This paper addresses this claim by discussing why Coalgebra matters for the design of models and logics for computational phenomena. To a great extent, in this domain one is interested in properties that are preserved along the system’s evolution, the so-called ‘business rules’ or system’s invariants, as well as in liveness requirements, stating that e.g. some desirable outcome will be eventually produced. Both classes are examples of modal assertions, i.e. properties that are to be interpreted across a transition system capturing the system’s dynamics. The relevance of modal reasoning in computing is witnessed by the fact that most university syllabi in the area include some incursion into modal logic, in particular in its temporal variants. The novelty is that, as it happens with the notions of transition, behaviour, or observational equivalence, modalities in Coalgebra acquire a shape . That is, they become parametric on whatever type of behaviour, and corresponding coinduction scheme, seems appropriate for addressing the problem at hand. In this context, the paper revisits Coalgebra from a computational perspective, focussing on three topics central to software design: how systems are modelled, how models are composed, and finally, how properties of their behaviours can be expressed and verified.Fuzziness, as a way to express imprecision, or uncertainty, in computation is an important feature in a number of current application scenarios: from hybrid systems interfacing with sensor networks with error boundaries, to knowledge bases collecting data from often non-coincident human experts. Their abstraction in e.g. fuzzy transition systems led to a number of mathematical structures to model this sort of systems and reason about them. This paper adds two more elements to this family: two modal logics, framed as institutions, to reason about fuzzy transition systems and the corresponding processes. This paves the way to the development, in the second part of the paper, of an associated theory of structured specification for fuzzy computational systems
Syntactic approaches to negative results in process algebras and modal logics
Concurrency as a phenomenon is observed in most of the current computer science
trends. However the inherent complexity of analyzing the behavior of such a system
is incremented due to the many different models of concurrency, the variety of applications and architectures, as well as the wide spectrum of specification languages and demanded correctness criteria. For the scope of this thesis we focus on state based models of concurrent computation, and on modal logics as specification languages. First we study syntactically the process algebras that describe several different concurrent behaviors, by analyzing their equational theories. Here, we use well-established techniques from the equational logic of processes to older and newer setups, and then transition to the use of more general and novel methods for the syntactical analysis of models of concurrent programs and specification languages. Our main contributions are several positive and negative axiomatizability results over various process algebraic languages and equivalences, along with some complexity results over the satisfiability of multi-agent modal logic with recursion, as a specification language.Samhliða sem fyrirbæri sést í flestum núverandi tölvunarfræði stefnur. Hins vegar er eðlislægt flókið að greina hegðun slíks kerfis- tem er aukið vegna margra mismunandi gerða samhliða, fjölbreytileikans af forritum og arkitektúr, svo og breitt svið forskrifta mælikvarða og kröfðust réttmætisviðmiða. Fyrir umfang þessarar ritgerðar leggjum við áherslu á ástandsbundin líkön af samhliða útreikningum og á formlegum rökfræði sem forskrift tungumálum. Fyrst skoðum við setningafræðilega ferlialgebrurnar sem lýsa nokkrum mismunandi samhliða hegðun, með því að greina jöfnukenningar þeirra. Hér notum við rótgróin tækni mynda jöfnunarrökfræði ferla til eldri og nýrri uppsetningar, og síðan umskipti yfir í notkun almennari og nýrra aðferða fyrir setningafræðileg greining á líkönum samhliða forrita og forskriftartungumála. Helstu framlög okkar eru nokkrar jákvæðar og neikvæðar niðurstöður um axiomatizability yfir ýmis ferli algebrumál og jafngildi, ásamt nokkrum samSveigjanleiki leiðir af því að fullnægjanleiki fjölþátta formrökfræði með endurkomu, sem a forskrift tungumál.RANNIS: `Open Problems in the Equational Logic of Processes’ (OPEL) (grant No 196050-051)
Reykjavik University research fund: `Runtime and Equational Verification of Concurrent Programs' (ReVoCoP) (grant No 222021
Foundations of Software Science and Computation Structures
This open access book constitutes the proceedings of the 22nd International Conference on Foundations of Software Science and Computational Structures, FOSSACS 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conference on Theory and Practice of Software, ETAPS 2019. The 29 papers presented in this volume were carefully reviewed and selected from 85 submissions. They deal with foundational research with a clear significance for software science
Combining Semilattices and Semimodules
We describe the canonical weak distributive law of the powerset monad over
the -left-semimodule monad , for a class of semirings . We
show that the composition of with by means of such
yields almost the monad of convex subsets previously introduced by
Jacobs: the only difference consists in the absence in Jacobs's monad of the
empty convex set. We provide a handy characterisation of the canonical weak
lifting of to as well as an algebraic
theory for the resulting composed monad. Finally, we restrict the composed
monad to finitely generated convex subsets and we show that it is presented by
an algebraic theory combining semimodules and semilattices with bottom, which
are the algebras for the finite powerset monad
How to write a coequation
There is a large amount of literature on the topic of covarieties,
coequations and coequational specifications, dating back to the early
seventies. Nevertheless, coequations have not (yet) emerged as an everyday
practical specification formalism for computer scientists. In this review
paper, we argue that this is partly due to the multitude of syntaxes for
writing down coequations, which seems to have led to some confusion about what
coequations are and what they are for. By surveying the literature, we identify
four types of syntaxes: coequations-as-corelations, coequations-as-predicates,
coequations-as-equations, and coequations-as-modal-formulas. We present each of
these in a tutorial fashion, relate them to each other, and discuss their
respective uses