778 research outputs found
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Regular Expression Matching and Operational Semantics
Many programming languages and tools, ranging from grep to the Java String
library, contain regular expression matchers. Rather than first translating a
regular expression into a deterministic finite automaton, such implementations
typically match the regular expression on the fly. Thus they can be seen as
virtual machines interpreting the regular expression much as if it were a
program with some non-deterministic constructs such as the Kleene star. We
formalize this implementation technique for regular expression matching using
operational semantics. Specifically, we derive a series of abstract machines,
moving from the abstract definition of matching to increasingly realistic
machines. First a continuation is added to the operational semantics to
describe what remains to be matched after the current expression. Next, we
represent the expression as a data structure using pointers, which enables
redundant searches to be eliminated via testing for pointer equality. From
there, we arrive both at Thompson's lockstep construction and a machine that
performs some operations in parallel, suitable for implementation on a large
number of cores, such as a GPU. We formalize the parallel machine using process
algebra and report some preliminary experiments with an implementation on a
graphics processor using CUDA.Comment: In Proceedings SOS 2011, arXiv:1108.279
A New Computationally Efficient Method for Spacing n Points on a Sphere
The problem of equally spacing n points on a sphere is impossible in general, but there are methods that come close to spacing the points equally. The method introduced in this paper uses a spiral that was found using experimental evidence. The resulting spacings are close to theoretical bounds, and the method is computationally efficient for large numbers of points. The method\u27s accuracy ranges from 70% to 86% of the upper bound as n changes
Explicit connection actions in multiparty session types
This work extends asynchronous multiparty session types (MPST) with explicit connection actions to support protocols with op- tional and dynamic participants. The actions by which endpoints are connected and disconnected are a key element of real-world protocols that is not treated in existing MPST works. In addition, the use cases motivating explicit connections often require a more relaxed form of mul- tiparty choice: these extensions do not satisfy the conservative restric- tions used to ensure safety in standard syntactic MPST. Instead, we de- velop a modelling-based approach to validate MPST safety and progress for these enriched protocols. We present a toolchain implementation, for distributed programming based on our extended MPST in Java, and a core formalism, demonstrating the soundness of our approach. We discuss key implementation issues related to the proposed extensions: a practi- cal treatment of choice subtyping for MPST progress, and multiparty correlation of dynamic binary connections
Formally sound implementations of security protocols with JavaSPI
Designing and coding security protocols is an error prone task. Several flaws are found in protocol implementations and specifications every year. Formal methods can alleviate this problem by backing implementations with rigorous proofs about their behavior. However, formally-based development typically requires domain specific knowledge available only to few experts and the development of abstract formal models that are far from real implementations. This paper presents a Java-based protocol design and implementation framework, where the user can write a security protocol symbolic model in Java, using a well defined subset of the language that corresponds to applied π-calculus. This Java model can be symbolically executed in the Java debugger, formally verified with ProVerif, and further refined to an interoperable Java implementation of the protocol. Soundness theorems are provided to prove that, under some reasonable assumptions, a simulation relation relates the Java refined implementation to the symbolic model verified by ProVerif, so that, for the usual security properties, a property verified by ProVerif on the symbolic model is preserved in the Java refined implementation. The applicability of the framework is evaluated by developing an extensive case study on the popular SSL protocol
- …