152,941 research outputs found
Modelling and Verification of Multiple UAV Mission Using SMV
Model checking has been used to verify the correctness of digital circuits,
security protocols, communication protocols, as they can be modelled by means
of finite state transition model. However, modelling the behaviour of hybrid
systems like UAVs in a Kripke model is challenging. This work is aimed at
capturing the behaviour of an UAV performing cooperative search mission into a
Kripke model, so as to verify it against the temporal properties expressed in
Computation Tree Logic (CTL). SMV model checker is used for the purpose of
model checking
Towards a Formal Verification of the Lightning Network with TLA+
Payment channel networks are an approach to improve the scalability of blockchain-based cryptocurrencies. Because payment channel networks are used for transfer of financial value, their security in the presence of adversarial participants should be verified formally. We formalize the protocol of the Lightning Network, a payment channel network built for Bitcoin, and show that the protocol fulfills the expected security properties. As the state space of a specification consisting of multiple participants is too large for model checking, we formalize intermediate specifications and use a chain of refinements to validate the security properties where each refinement is justified either by model checking or by a pen-and-paper proof
Model Checking Access Control Policies: A Case Study using Google Cloud IAM
Authoring access control policies is challenging and prone to
misconfigurations. Access control policies must be conflict-free. Hence,
administrators should identify discrepancies between policy specifications and
their intended function to avoid violating security principles. This paper aims
to demonstrate how to formally verify access control policies. Model checking
is used to verify access control properties against policies supported by an
access control model. The authors consider Google's Cloud Identity and Access
Management (IAM) as a case study and follow NIST's guidelines to verify access
control policies automatically. Automated verification using model checking can
serve as a valuable tool and assist administrators in assessing the correctness
of access control policies. This enables checking violations against security
principles and performing security assessments of policies for compliance
purposes. The authors demonstrate how to define Google's IAM underlying
role-based access control (RBAC) model, specify its supported policies, and
formally verify a set of properties through three examples
Partial Order Reduction for Security Protocols
Security protocols are concurrent processes that communicate using
cryptography with the aim of achieving various security properties. Recent work
on their formal verification has brought procedures and tools for deciding
trace equivalence properties (e.g., anonymity, unlinkability, vote secrecy) for
a bounded number of sessions. However, these procedures are based on a naive
symbolic exploration of all traces of the considered processes which,
unsurprisingly, greatly limits the scalability and practical impact of the
verification tools.
In this paper, we overcome this difficulty by developing partial order
reduction techniques for the verification of security protocols. We provide
reduced transition systems that optimally eliminate redundant traces, and which
are adequate for model-checking trace equivalence properties of protocols by
means of symbolic execution. We have implemented our reductions in the tool
Apte, and demonstrated that it achieves the expected speedup on various
protocols
Enforcing role-based access control in a social network
Social networks supply a means by which people can communicate with each other while allowing for ease in initiating interaction and expressions. These systems of human collaboration may also be used to store and distribute information of a sensitive nature that must be secured against intrusions at all times. Given the massive operation embodied by social networks, multiple methods have been developed that control the flow of information so that those with authorization can gain access. Before allowing a social network to begin distributing its contents, a prudent prerequisite should be that the security protocols prevent unauthorized access.Ă‚Â Ă‚Â Formal modeling and analysis of security properties, particularly those of Role-Based Access Control (RBAC), in social networks is the main focus of this thesis. A social network system and its security assurance mechanisms are modeled using the input language of Symbolic Model Verifier (SMV), and the properties of the system are specified using computation tree temporal logic (CTL*). Those properties are then verified using the SMV model checker. A real case was studied to demonstrate the effectiveness of model checking security properties in a social network system. The case consists of an account in which a group of users share various resources and access privileges which are controlled by RBAC. The case study results show that model checking is capable of formally analyzing security policies particularly RBAC in a social network system. In addition, the counter examples generated from model checking could help to create test cases for testing system implementation, and they can help us to find defects in the model as well. Formally modeling and model checking security policies in a complex system, like a social network, can greatly improve the security of these systems.Ă‚Â Ă‚Â M.S
Expressiveness and Decidability of Temporal Logics for Asynchronous Hyperproperties
Hyperproperties are properties of systems that relate different executions traces, with many applications from security to symmetry, consistency models of concurrency, etc. In recent years, different linear-time logics for specifying asynchronous hyperproperties have been investigated. Though model checking of these logics is undecidable, useful decidable fragments have been identified with applications e.g. for asynchronous security analysis. In this paper, we address expressiveness and decidability issues of temporal logics for asynchronous hyperproperties. We compare the expressiveness of these logics together with the extension S1S[E] of S1S with the equal-level predicate by obtaining an almost complete expressiveness picture. We also study the expressive power of these logics when interpreted on singleton sets of traces. We show that for two asynchronous extensions of HyperLTL, checking the existence of a singleton model is already undecidable, and for one of them, namely Context HyperLTL (HyperLTL_C), we establish a characterization of the singleton models in terms of the extension of standard FO[<] over traces with addition. This last result generalizes the well-known equivalence between FO[<] and LTL. Finally, we identify new boundaries on the decidability of model checking HyperLTL_C
Expressiveness and Decidability of Temporal Logics for Asynchronous Hyperproperties
Hyperproperties are properties of systems that relate different executions traces, with many applications from security to symmetry, consistency models of concurrency, etc. In recent years, different linear-time logics for specifying asynchronous hyperproperties have been investigated. Though model checking of these logics is undecidable, useful decidable fragments have been identified with applications e.g. for asynchronous security analysis. In this paper, we address expressiveness and decidability issues of temporal logics for asynchronous hyperproperties. We compare the expressiveness of these logics together with the extension S1S[E] of S1S with the equal-level predicate by obtaining an almost complete expressiveness picture. We also study the expressive power of these logics when interpreted on singleton sets of traces. We show that for two asynchronous extensions of HyperLTL, checking the existence of a singleton model is already undecidable, and for one of them, namely Context HyperLTL (HyperLTLC), we establish a characterization of the singleton models in terms of the extension of standard FO[<] over traces with addition. This last result generalizes the well-known equivalence between FO[<] and LTL. Finally, we identify new boundaries on the decidability of model checking HyperLTL
Recommended from our members
A UML-based static verification framework for security
Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language
Exploring model-based development for the verification of real-time Java code
Many safety- and security-critical systems are real-time systems and, as a result, tools and techniques for verifying real-time systems are extremely important. Simulation and testing such systems can be exceedingly time-consuming and these techniques provide only probabilistic measures of correctness. There are a number of model-checking tools for real-time systems. However, they provide formal verification for models, not programs. To increase the confidence in real-time programs written in real-time Java, this paper takes a modelling approach to the design of such programs. First, models can be mechanically verified, to check whether they satisfy particular properties, by using current real-time model-checking tools. Then, programs are derived from the model by following a systematic approach. To illustrate the approach we use a nontrivial example: a gear controller
- …