Soft Concurrent Constraint Programming

Soft constraints extend classical constraints to represent multiple consistency levels, and thus provide a way to express preferences, fuzziness, and uncertainty. While there are many soft constraint solving formalisms, even distributed ones, by now there seems to be no concurrent programming framework where soft constraints can be handled. In this paper we show how the classical concurrent constraint (cc) programming framework can work with soft constraints, and we also propose an extension of cc languages which can use soft constraints to prune and direct the search for a solution. We believe that this new programming paradigm, called soft cc (scc), can be also very useful in many web-related scenarios. In fact, the language level allows web agents to express their interaction and negotiation protocols, and also to post their requests in terms of preferences, and the underlying soft constraint solver can find an agreement among the agents even if their requests are incompatible.Comment: 25 pages, 4 figures, submitted to the ACM Transactions on Computational Logic (TOCL), zipped file

Soft Constraint Programming to Analysing Security Protocols

Security protocols stipulate how the remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms, each of different strength. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham-Schroeder protocol, we have recently discovered a new attack on that protocol as a form of retaliation by principals who have been attacked previously. Having commented on that attack, we then demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos.Comment: 29 pages, To appear in Theory and Practice of Logic Programming (TPLP) Paper for Special Issue (Verification and Computational Logic

Analysis of Integrity Policies using Soft Constraints

An integrity policy defines the situations when modification of information is authorized and is enforced by the security mechanisms of the system. However, in a complex application system it is possible that an integrity policy may have been incorrectly specified and, as a result, a user may be authorized to modify information that can lead to an unexpected system compromise. In this paper we outline a scalable and quantitative technique that uses constraint solving to model and analyze the effectiveness of application system integrity policie

Believing the Integrity of a System (Invited Talk)

AbstractAn integrity policy defines the situations when modification of information is authorised and is enforced by the protection mechanisms of a system. Traditional models of protection tend to define integrity in terms of ad-hoc authorisation techniques whose effectiveness are justified more on the basis of experience and "best practice" rather than on any theoretical foundation. In a complex application system it is possible that an integrity policy may have been incorrectly configured, or that the protection mechanisms are inadequate, resulting in an unexpected system compromise. This paper examines the meaning of integrity and and describes a simple belief logic approach for analysing the integrity of a system configuration

Soft Constraint Programming to Analysing Security Protocols

Security protocols stipulate how remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham- Schroeder protocol, we have recently discovered a new attack on that protocol. We briefly describe that attack, and demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos

Certificate validation in untrusted domains

Authentication is a vital part of establishing secure, online transactions and Public key Infrastructure (PKI) plays a crucial role in this process for a relying party. A PKI certificate provides proof of identity for a subject and it inherits its trustworthiness from the fact that its issuer is a known (trusted) Certification Authority (CA) that vouches for the binding between a public key and a subject's identity. Certificate Policies (CPs) are the regulations recognized by PKI participants and they are used as a basis for the evaluation of the trust embodied in PKI certificates. However, CPs are written in natural language which can lead to ambiguities, spelling errors, and a lack of consistency when describing the policies. This makes it difficult to perform comparison between different CPs. This thesis offers a solution to the problems that arise when there is not a trusted CA to vouch for the trust embodied in a certificate. With the worldwide, increasing number of online transactions over Internet, it has highly desirable to find a method for authenticating subjects in untrusted domains. The process of formalisation for CPs described in this thesis allows their semantics to be described. The formalisation relies on the XML language for describing the structure of the CP and the formalization process passes through three stages with the outcome of the last stage being 27 applicable criteria. These criteria become a tool assisting a relying party to decide the level of trust that he/she can place on a subject certificate. The criteria are applied to the CP of the issuer of the subject certificate. To test their validity, the criteria developed have been examined against the UNCITRAL Model Law for Electronic Signatures and they are able to handle the articles of the UNCITRAL law. Finally, a case study is conducted in order to show the applicability of the criteria. A real CPs have been used to prove their applicability and convergence. This shows that the criteria can handle the correspondence activities defined in a real CPs adequately.EThOS - Electronic Theses Online ServiceKing Abdulaziz UniversityGBUnited Kingdo

Soft constraints for security

Integrity policies and cryptographic protocols have much in common. They allow for a number of participating principals, and consist of sets of rules controlling the actions that principals should or should not perform. They are intended to uphold various security properties, the crucial ones being integrity, confidentiality and authentication. This paper takes a unified view to the analysis of integrity policies and cryptographic protocols: they are artifacts that must be designed to be sufficiently robust to attack given an understood threat model. For example, integrity policy rules provide resilience to the threat of internal fraud, while cryptographic protocols provide resilience to the threat of replay and related attacks. The framework is modelled using (soft) constraints and analysis corresponds to the soft constraint satisfaction problem. Soft constraints facilitate a quantitative approach to analyzing integrity, confidentiality and authentication. Examples will be given: an integrity policy may achieve different levels of integrity under different circumstances; a protocol message may enjoy different levels of confidentiality for different principals; a principal can achieve different levels of authentication with different principals

Soft Constraints for Security Protocol Analysis: Confidentiality

We model any network configuration arising from the execution of a security protocol as a soft constraint satisfaction problem (SCSP). We formalise the protocol goal of confidentiality as a property of the solution for an SCSP, hence confidentiality always holds with a certain security level. The policy SCSP models the network configuration where all admissible protocol sessions have terminated successfully, and an imputable SCSP models a given network configuration. Comparing the solutions of these two problems elicits whether the given configuration hides a confidentiality attack. We can also compare attacks and decide which is the most significant. The approach is demonstrated on the asymmetric Needham-Schroeder protocol