828 research outputs found
An Experiment in Ping-Pong Protocol Verification by Nondeterministic Pushdown Automata
An experiment is described that confirms the security of a well-studied class
of cryptographic protocols (Dolev-Yao intruder model) can be verified by
two-way nondeterministic pushdown automata (2NPDA). A nondeterministic pushdown
program checks whether the intersection of a regular language (the protocol to
verify) and a given Dyck language containing all canceling words is empty. If
it is not, an intruder can reveal secret messages sent between trusted users.
The verification is guaranteed to terminate in cubic time at most on a
2NPDA-simulator. The interpretive approach used in this experiment simplifies
the verification, by separating the nondeterministic pushdown logic and program
control, and makes it more predictable. We describe the interpretive approach
and the known transformational solutions, and show they share interesting
features. Also noteworthy is how abstract results from automata theory can
solve practical problems by programming language means.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866
A New Enforcement on Declassification with Reachability Analysis
Language-based information flow security aims to decide whether an
action-observable program can unintentionally leak confidential information if
it has the authority to access confidential data. Recent concerns about
declassification polices have provided many choices for practical intended
information release, but more precise enforcement mechanism for these policies
is insufficiently studied. In this paper, we propose a security property on the
where-dimension of declassification and present an enforcement based on
automated verification. The approach automatically transforms the abstract
model with a variant of self-composition, and checks the reachability of
illegal-flow state of the model after transformation. The self-composition is
equipped with a store-match pattern to reduce the state space and to model the
equivalence of declassified expressions in the premise of property. The
evaluation shows that our approach is more precise than type-based enforcement.Comment: 7 pages, this is a full version of the work presented on 2011 IEEE
INFOCOM Workshop
Visibly Pushdown Modular Games
Games on recursive game graphs can be used to reason about the control flow
of sequential programs with recursion. In games over recursive game graphs, the
most natural notion of strategy is the modular strategy, i.e., a strategy that
is local to a module and is oblivious to previous module invocations, and thus
does not depend on the context of invocation. In this work, we study for the
first time modular strategies with respect to winning conditions that can be
expressed by a pushdown automaton.
We show that such games are undecidable in general, and become decidable for
visibly pushdown automata specifications.
Our solution relies on a reduction to modular games with finite-state
automata winning conditions, which are known in the literature.
We carefully characterize the computational complexity of the considered
decision problem. In particular, we show that modular games with a universal
Buchi or co Buchi visibly pushdown winning condition are EXPTIME-complete, and
when the winning condition is given by a CARET or NWTL temporal logic formula
the problem is 2EXPTIME-complete, and it remains 2EXPTIME-hard even for simple
fragments of these logics.
As a further contribution, we present a different solution for modular games
with finite-state automata winning condition that runs faster than known
solutions for large specifications and many exits.Comment: In Proceedings GandALF 2014, arXiv:1408.556
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
The Complexity of Quantitative Information Flow in Recursive Programs
Information-theoretic measures based upon mutual information can be employed to quantify the information that an execution of a program reveals about its secret inputs. The information leakage bounding problem asks whether the information leaked by a program does not exceed a given threshold. We consider this problem for two scenarios: a) the outputs of the program are revealed, and b)the timing (measured in the number of execution steps) of the program is revealed. For both scenarios, we establish complexity results in the context of deterministic boolean programs, both for programs with and without recursion. In particular, we prove that for recursive programs the information leakage bounding problem is no harder than checking reachability
Security Evaluation and Hardening of Free and Open Source Software (FOSS)
Recently, Free and Open Source Software (FOSS) has emerged as an alternative to Commercial-Off- The-Shelf (COTS) software. Now, FOSS is perceived as a viable long-term solution that deserves careful consideration because of its potential for significant cost savings, improved reliability, and numerous advantages over proprietary software. However, the secure integration of FOSS in IT infrastructures is very challenging and demanding. Methodologies and technical policies must be adapted to reliably compose large FOSS-based software systems. A DRDC Valcartier-Concordia University feasibility study completed in March 2004 concluded that the most promising approach for securing FOSS is to combine advanced design patterns and Aspect-Oriented Programming (AOP). Following the recommendations of this study a three years project have been conducted as a collaboration between Concordia University, DRDC Valcartier, and Bell Canada. This paper aims at presenting the main contributions of this project. It consists of a practical framework with the underlying solid semantic foundations for the security evaluation and hardening of FOSS
- ā¦