187 research outputs found
A Temporal Logic for Hyperproperties
Hyperproperties, as introduced by Clarkson and Schneider, characterize the
correctness of a computer program as a condition on its set of computation
paths. Standard temporal logics can only refer to a single path at a time, and
therefore cannot express many hyperproperties of interest, including
noninterference and other important properties in security and coding theory.
In this paper, we investigate an extension of temporal logic with explicit path
variables. We show that the quantification over paths naturally subsumes other
extensions of temporal logic with operators for information flow and knowledge.
The model checking problem for temporal logic with path quantification is
decidable. For alternation depth 1, the complexity is PSPACE in the length of
the formula and NLOGSPACE in the size of the system, as for linear-time
temporal logic
Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow
International audienceAnalysis of a probabilistic system often requires to learn the joint probability distribution of its random variables. The computation of the exact distribution is usually an exhaustive precise analysis on all executions of the system. To avoid the high computational cost of such an exhaustive search, statistical analysis has been studied to efficiently obtain approximate estimates by analyzing only a small but representative subset of the system's behavior. In this paper we propose a hybrid statistical estimation method that combines precise and statistical analyses to estimate mutual information and its confidence interval. We show how to combine the analyses on different components of the system with different precision to obtain an estimate for the whole system. The new method performs weighted statistical analysis with different sample sizes over different components and dynamically finds their optimal sample sizes. Moreover it can reduce sample sizes by using prior knowledge about systems and a new abstraction-then-sampling technique based on qualitative analysis. We show the new method outperforms the state of the art in quantifying information leakage
Discovering, quantifying, and displaying attacks
In the design of software and cyber-physical systems, security is often
perceived as a qualitative need, but can only be attained quantitatively.
Especially when distributed components are involved, it is hard to predict and
confront all possible attacks. A main challenge in the development of complex
systems is therefore to discover attacks, quantify them to comprehend their
likelihood, and communicate them to non-experts for facilitating the decision
process. To address this three-sided challenge we propose a protection analysis
over the Quality Calculus that (i) computes all the sets of data required by an
attacker to reach a given location in a system, (ii) determines the cheapest
set of such attacks for a given notion of cost, and (iii) derives an attack
tree that displays the attacks graphically. The protection analysis is first
developed in a qualitative setting, and then extended to quantitative settings
following an approach applicable to a great many contexts. The quantitative
formulation is implemented as an optimisation problem encoded into
Satisfiability Modulo Theories, allowing us to deal with complex cost
structures. The usefulness of the framework is demonstrated on a national-scale
authentication system, studied through a Java implementation of the framework.Comment: LMCS SPECIAL ISSUE FORTE 201
Model based security guarantees and change
Achieving security in practical systems is a hard task. As it is the case
for other critical system properties (i.e. safety), security should be a concern
through all the phases of software development, starting with the very
early phases of requirements and design, because of the potential impact of
unwanted behaviour. Moreover, it remains a critical concern throughout a
system's life-span, because functionality driven updates or re-engineering of a
system can have an impact on its security. The cost of using formal methods
is clearly justified for critical applications. But in the context of a wider class
of industrial applications answers to two questions are important: What are
the gains and limitations of light-weight formal security guarantees achieved
at different abstraction levels? What are the advantages of those techniques
for reasoning about change?
For the first question, we discuss different detailed modelling techniques,
ranging from UML models to CPU cache modelling at the level of binary
code. To tackle the second question, we discuss results on compositionality
and incremental verification techniques which, besides being useful tools for
verification in general, allow re-utilization of existing verification results in case of changes in the models. We apply these techniques to exemplary security
properties with focus on confidentiality, and pin down security assumptions
and guarantees of information
flow control across levels of abstraction
About compositional analysis of pi-calculus processes
We set up a logical framework for the compositional analysis of finite pi-calculus processes. In particular, we extend the partial model checking techniques developed for value passing process algebras to a nominal calculus, i.e. the pi-calculus. The logic considered is an adaptation of the ambient logic to the pi-calculus. As one of the possible applications, we show that our techniques may be used to study interesting security properties as confidentiality for (finite) pi-calculus processes
Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow
Analysis of a probabilistic system often requires to learn the joint probability distribution of its random variables. The computation of the exact distribution is usually an exhaustive precise analysis on all executions of the system. To avoid the high computational cost of such an exhaustive search, statistical analysis has been studied to efficiently obtain approximate estimates by analyzing only a small but representative subset of the system's behavior. In this paper we propose a hybrid statistical estimation method that combines precise and statistical analyses to estimate mutual information and its confidence interval. We show how to combine the analyses on different components of the system with different precision to obtain an estimate for the whole system. The new method performs weighted statistical analysis with different sample sizes over different components and dynamically finds their optimal sample sizes. Moreover it can reduce sample sizes by using prior knowledge about systems and a new abstraction-then-sampling technique based on qualitative analysis. We show the new method outperforms the state of the art in quantifying information leakage
- …