23,371 research outputs found
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
A Reduced Semantics for Deciding Trace Equivalence
Many privacy-type properties of security protocols can be modelled using
trace equivalence properties in suitable process algebras. It has been shown
that such properties can be decided for interesting classes of finite processes
(i.e., without replication) by means of symbolic execution and constraint
solving. However, this does not suffice to obtain practical tools. Current
prototypes suffer from a classical combinatorial explosion problem caused by
the exploration of many interleavings in the behaviour of processes.
M\"odersheim et al. have tackled this problem for reachability properties using
partial order reduction techniques. We revisit their work, generalize it and
adapt it for equivalence checking. We obtain an optimisation in the form of a
reduced symbolic semantics that eliminates redundant interleavings on the fly.
The obtained partial order reduction technique has been integrated in a tool
called APTE. We conducted complete benchmarks showing dramatic improvements.Comment: Accepted for publication in LMC
Handling Data-Based Concurrency in Context-Aware Service Protocols
Dependency analysis is a technique to identify and determine data
dependencies between service protocols. Protocols evolving concurrently in the
service composition need to impose an order in their execution if there exist
data dependencies. In this work, we describe a model to formalise context-aware
service protocols. We also present a composition language to handle dynamically
the concurrent execution of protocols. This language addresses data dependency
issues among several protocols concurrently executed on the same user device,
using mechanisms based on data semantic matching. Our approach aims at
assisting the user in establishing priorities between these dependencies,
avoiding the occurrence of deadlock situations. Nevertheless, this process is
error-prone, since it requires human intervention. Therefore, we also propose
verification techniques to automatically detect possible inconsistencies
specified by the user while building the data dependency set. Our approach is
supported by a prototype tool we have implemented.Comment: In Proceedings FOCLASA 2010, arXiv:1007.499
Automated Verification of Quantum Protocols using MCMAS
We present a methodology for the automated verification of quantum protocols
using MCMAS, a symbolic model checker for multi-agent systems The method is
based on the logical framework developed by D'Hondt and Panangaden for
investigating epistemic and temporal properties, built on the model for
Distributed Measurement-based Quantum Computation (DMC), an extension of the
Measurement Calculus to distributed quantum systems. We describe the
translation map from DMC to interpreted systems, the typical formalism for
reasoning about time and knowledge in multi-agent systems. Then, we introduce
dmc2ispl, a compiler into the input language of the MCMAS model checker. We
demonstrate the technique by verifying the Quantum Teleportation Protocol, and
discuss the performance of the tool.Comment: In Proceedings QAPL 2012, arXiv:1207.055
Model checking probabilistic and stochastic extensions of the pi-calculus
We present an implementation of model checking for probabilistic and stochastic extensions of the pi-calculus, a process algebra which supports modelling of concurrency and mobility. Formal verification techniques for such extensions have clear applications in several domains, including mobile ad-hoc network protocols, probabilistic security protocols and biological pathways. Despite this, no implementation of automated verification exists. Building upon the pi-calculus model checker MMC, we first show an automated procedure for constructing the underlying semantic model of a probabilistic or stochastic pi-calculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for processes of a specific structure a more efficient, compositional approach is applicable, which uses our extension of MMC on each parallel component of the system and then translates the results into a high-level modular description for the PRISM tool. The feasibility of our techniques is demonstrated through a number of case studies from the pi-calculus literature
Partial Order Reduction for Security Protocols
Security protocols are concurrent processes that communicate using
cryptography with the aim of achieving various security properties. Recent work
on their formal verification has brought procedures and tools for deciding
trace equivalence properties (e.g., anonymity, unlinkability, vote secrecy) for
a bounded number of sessions. However, these procedures are based on a naive
symbolic exploration of all traces of the considered processes which,
unsurprisingly, greatly limits the scalability and practical impact of the
verification tools.
In this paper, we overcome this difficulty by developing partial order
reduction techniques for the verification of security protocols. We provide
reduced transition systems that optimally eliminate redundant traces, and which
are adequate for model-checking trace equivalence properties of protocols by
means of symbolic execution. We have implemented our reductions in the tool
Apte, and demonstrated that it achieves the expected speedup on various
protocols
- âŠ