Integration of analysis techniques in security and fault-tolerance

This thesis focuses on the study of integration of formal methodologies in security protocol analysis and fault-tolerance analysis. The research is developed in two different directions: interdisciplinary and intra-disciplinary. In the former, we look for a beneficial interaction between strategies of analysis in security protocols and fault-tolerance; in the latter, we search for connections among different approaches of analysis within the security area. In the following we summarize the main results of the research

A Structured Approach to Network Security Protocol Implementation

The implementation of network security protocols has not received the same level of attention in the literature as their analysis. Security protocol analysis has successfully used inference logics, like GNY and BAN, and attack analysis, employing state space examination techniques such as model checking and strand spaces, to verify security protocols. Tools, such as the multi-dimensional analysis environment SPEAR II, exist to help automate security protocol specification and verification, however actual implementation of the specification in executable code is a task still largely left to human programmers. Many vulnerabilities have been found in implementations of security protocols such as SSL, PPTP and RADIUS that are incorporated into widely used operating system software, web servers and other network aware applications. While some of these vulnerabilities may be a result of flawed or unclear specifications, many are the result of the failure of programmers to correctly interpret and implement them. The above indicates a gap between security protocol specifications and their concrete implementations, in that there are methodologies and tools that have been established for developing the former, but not the latter. This dissertation proposes an approach to bridging this gap, describes our implementation of that approach and attempts to evaluate its success. The approach is three-fold, providing different measures to improve current ad-hoc implementation approaches: 1. From Informal to Formal Specifications: If a security protocol has been specified using informal standard notation, it can be converted, using automatic translation, to a formal specification language with well defined semantics. The formal protocol specification can then be analysed using formal techniques, to verify that the desired security properties hold. The precise specification of the protocol behaviour further serves to facilitate the concrete implementation of the protocol in code. 2. Separate Implementation Concerns: When implementing security protocols, the what and the when of protocol actions are abstracted from the how. That is, protocol logic implementation concerns, such as when and what actions should be performed on messages, should be clearly and cleanly separated from the cryptographic and network communication implementation details that implement how the actions are performed. Such high level modularity allows code implementing protocol logic to be re-used with different cryptographic algorithm implementations and network communication protocols. It also allows errors in the implementation of the cryptography to be addressed by swapping cryptographic implementations without changing the protocol logic code. The abstraction of cryptographic and network implementation is analogous to the adoption of the Dolev-Yao style models by many analysis techniques, where the cryptography itself is viewed as a black box and assumed perfect, allowing the analysis to focus on the protocol logic. Finally, this separation allows the correctness of the protocol logic implementation and cryptographic primitives implementation to be addressed separately. 3. Automated Implementation Using Code Generation We use code generation to automate the security protocol implementation process, avoiding the risk of human error in interpreting the sometimes subtle semantics of security protocol specifications. The precise nature of formal specification languages provides a base from which to specify and implement an automatic code generation tool. Our approach follows requirements identified for high integrity code generation - where feasible - to give a high level of confidence in the correctness of the generated code. In implementing the approach, we adopt the Spi Calculus for the role of formal specification language. The Spi Calculus was developed by extending the -calculus, a process algebra for describing concurrent communicating systems, to cater for the special case of network security protocols. Spi Calculus specifications can be analysed manually, by developing correctness proofs by hand, and automatically, by using model checkers such as MMC. As Spi Calculus specifications explicitly describe the actions of a security protocol, they are also particularly suitable for use as input for code generation. The implementation of the approach is split across three components that correspond to each of the parts of the approach: 1. Sn2Spi is a translator that converts an informal standard notation specification to a Spi Calculus specification, thus implementing part 1 of our approach. The converted specification can be analysed using any of the formal techniques applicable to the Spi Calculus. Once verified, the specification can be used to generate a concrete implementation using Spi2Java. 2. The Security Protocol Primitives API abstracts cryptographic and network communication operations, decoupling code that implements protocol logic from code that implements cryptographic and network operations. It provides the basic cryptographic and network communications functionality required to implement a security protocol, including: symmetric and asymmetric encryption, message digest, nonce and timestamp generation, marshalling message component data and sending and receiving messages over a network. A provider model, much like that used in the Java Cryptography Extensions API, is employed to allow different implementations to be swapped without changing the SPP client code. 3. Spi2Java is a code generator, essentially implementing a compiler from the Spi Calculus to Java code. Spi2Java uses Prolog to implement a defined mapping from Spi Calculus constructs, i.e. terms and process actions, to Java code segments. These code segments call the SPP API to access cryptographic and network functionality where needed. The mapping was developed by refining Spi constructs to Java code segments that preserve the semantics of the Spi constructs In addition, assertions are made in the code segments to ensure certain conditions are met before the implementation can continue running. Part of evaluating the effectiveness of this automated approach to security protocol implementation, involved a case study where manual implementations of the CCITT Three Message X.509 Protocol, developed by 4th year Computer Science students, and a Spi2Java generated implementation are compared. The outcome of the study favoured the automatically generated implementation, indicating the potential of the approach. Further to demonstrating the utility of code generation, we describe an SPP provider implementation developed to allow a security protocol run, including legitimate and attacker roles, to be simulated in a controlled environment. Spi2Java allows the protocol engineer to quickly and automatically generate code for protocol roles. The code can be executed using this implementation allowing the protocol engineer to step through execution of all roles, both legitimate and attacker, to gain insight into the behaviour of the protocol. The approach is evaluated in terms of the class of attacks it prevents and how it meets the identified requirements for high integrity code generation. It is also compared to existing and current work in the field. Attack classes that exploit faulty protocol logic implementation, vulnerability to type flaws and buffer overflows are prevented. The Spi2Java code generator fully meets three of the five high integrity code generation requirements: formally defined source and target languages are used; the translation software is validated; and the generated code is well structured and documented and can be traced back to the specification. Spi2Java partially meets the requirement that the mapping from source to target language constructs be formally proven to preserve the specification semantics. However the arguments given are not strictly formal. The requirement related to rigorous testing are not met due to practical resource constraints. However, Spi2Java has been used to generate real world protocol implementations that have been verified by manual inspection. Sprite, incorporating the Sn2Spi translator and Spi2Java code generator, provides a structured approach to network security protocol implementation by implementing automated translation from informal to formal security protocol specifications, and by being able to automatically generate Java implementations of network security protocols in which the security protocol engineer can have a high degree of confidence

An approach to accessing product data across system and software revisions

Long-term users of engineering product data are hampered by the ephemeral nature of CAD file formats and the applications that work with them. STEP, the Standard for the Exchange of Product Model Data (ISO 10303), promises to help with meeting this challenge, but is not without problems of its own. We present a complementary solution based on the use of lightweight file formats to preserve specific aspects of the product data, in conjunction with a registry of relevant representation information as defined by the Open Archival Information System Reference Model (ISO 14721). This registry is used to identify suitable destination file formats for different purposes, and provides a resource to aid in the recovery of information from these formats in the future.

Component-based control system development for agile manufacturing machine systems

It is now a common sense that manufactures including machine suppliers and system integrators of the 21 st century will need to compete on global marketplaces, which are frequently shifting and fragmenting, with new technologies continuously emerging. Future production machines and manufacturing systems need to offer the "agility" required in providing responsiveness to product changes and the ability to reconfigure. The primary aim for this research is to advance studies in machine control system design, in the context of the European project VIR-ENG - "Integrated Design, Simulation and Distributed Control of Agile Modular Machinery"

Programming Languages and Systems

This open access book constitutes the proceedings of the 29th European Symposium on Programming, ESOP 2020, which was planned to take place in Dublin, Ireland, in April 2020, as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The actual ETAPS 2020 meeting was postponed due to the Corona pandemic. The papers deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems

International Computer and Information Literacy Study: Assessment Framework

The purpose of the International Computer and Information Literacy Study 2013 (ICILS 2013) is to investigate, in a range of countries, the ways in which young people are developing computer and information literacy (CIL) to support their capacity to participate in the digital age. To achieve this aim, the study will assess student achievement through an authentic computer-based assessment of CIL administered to students in their eighth year of schooling. It will also collect and report on analyses of data about student use of computers and other digital devices as well as students’ attitudes toward the use of computers and other digital tools. The purpose of is publication is to articulate the basic structure of the study. It provides a description of the field and the constructs to be measured. It also outlines the design and content of the measurement instruments, sets down the rationale for those designs, and describes how measures generated by those instruments relate to the constructs. In addition, it hypothesizes relations between constructs so as to provide the foundation for some of the analyses that follow. Above all, the framework links ICILS to other work in the field. The contents of this assessment framework combine theory and practice in an explication of “both the ‘what’ and the ‘how’” (Jago, 2009, p. 1) of ICILS

Twenty years of rewriting logic

AbstractRewriting logic is a simple computational logic that can naturally express both concurrent computation and logical deduction with great generality. This paper provides a gentle, intuitive introduction to its main ideas, as well as a survey of the work that many researchers have carried out over the last twenty years in advancing: (i) its foundations; (ii) its semantic framework and logical framework uses; (iii) its language implementations and its formal tools; and (iv) its many applications to automated deduction, software and hardware specification and verification, security, real-time and cyber-physical systems, probabilistic systems, bioinformatics and chemical systems

Papers for Task Force Meeting on Future and Impacts of Artificial Intelligence, 15-17 August 1983

IIASA's Clearinghouse activity is oriented towards issues of interest among our National Member Organizations. Here, in the forefront, are the issues concerning the promise and impact of science and technology on society and economy in general, and some selected branches in particular. Artificial Intelligence (AI) is one of the most promising research areas. There are many indications that the long predicted upswing of this discipline is finally in the making. A recent survey had Nobel-laureates predict that the most influence in the next century will be made by computers, AI, and robotics. Already, at present, "expert" systems are emerging and applied; natural language understanding systems developed; AI principles are used in robots, flexible automation, computer aided-design, etc. All this will have an, as yet, unspecified social and economic impact on the activity of human beings, both at work and leisure. It certainly takes interdisciplinary and cross-culturally based studies to enhance the understanding of this complex phenomenon. This is the aim of our endeavors in the field which is in excess of our duty to pass useful knowledge to our constituency. We think that IIASA, cooperating in this respect with the Austrian Society for Cybernetic Studies (ASCS), can develop some comparative advantage here. This publication contains papers written by leading personalities, both East and West, in the field of artificial intelligence on the future and impact of this emerging discipline. We hope that the meeting, where the papers will be discussed, will not only identify important areas where the impact of artificial intelligence will be felt most directly, but also find the most rewarding issues for further research