100 research outputs found
Modeling Bitcoin Contracts by Timed Automata
Bitcoin is a peer-to-peer cryptographic currency system. Since its
introduction in 2008, Bitcoin has gained noticeable popularity, mostly due to
its following properties: (1) the transaction fees are very low, and (2) it is
not controlled by any central authority, which in particular means that nobody
can "print" the money to generate inflation. Moreover, the transaction syntax
allows to create the so-called contracts, where a number of
mutually-distrusting parties engage in a protocol to jointly perform some
financial task, and the fairness of this process is guaranteed by the
properties of Bitcoin. Although the Bitcoin contracts have several potential
applications in the digital economy, so far they have not been widely used in
real life. This is partly due to the fact that they are cumbersome to create
and analyze, and hence risky to use.
In this paper we propose to remedy this problem by using the methods
originally developed for the computer-aided analysis for hardware and software
systems, in particular those based on the timed automata. More concretely, we
propose a framework for modeling the Bitcoin contracts using the timed automata
in the UPPAAL model checker. Our method is general and can be used to model
several contracts. As a proof-of-concept we use this framework to model some of
the Bitcoin contracts from our recent previous work. We then automatically
verify their security in UPPAAL, finding (and correcting) some subtle errors
that were difficult to spot by the manual analysis. We hope that our work can
draw the attention of the researchers working on formal modeling to the problem
of the Bitcoin contract verification, and spark off more research on this
topic
Evaluating the Stream Control Transmission Protocol Using Uppaal
The Stream Control Transmission Protocol (SCTP) is a Transport Layer protocol
that has been proposed as an alternative to the Transmission Control Protocol
(TCP) for the Internet of Things (IoT). SCTP, with its four-way handshake
mechanism, claims to protect the Server from a Denial-of-Service (DoS) attack
by ensuring the legitimacy of the Client, which has been a known issue
pertaining to the three-way handshake of TCP. This paper compares the
handshakes of TCP and SCTP to discuss its shortcomings and strengths. We
present an Uppaal model of the TCP three-way handshake and SCTP four-way
handshake and show that SCTP is able to cope with the presence of an
Illegitimate Client, while TCP fails. The results confirm that SCTP is better
equipped to deal with this type of attack.Comment: In Proceedings MARS 2017, arXiv:1703.0581
Timed Analysis of Security Protocols
We propose a method for engineering security protocols that are aware of
timing aspects. We study a simplified version of the well-known Needham
Schroeder protocol and the complete Yahalom protocol, where timing information
allows the study of different attack scenarios. We model check the protocols
using UPPAAL. Further, a taxonomy is obtained by studying and categorising
protocols from the well known Clark Jacob library and the Security Protocol
Open Repository (SPORE) library. Finally, we present some new challenges and
threats that arise when considering time in the analysis, by providing a novel
protocol that uses time challenges and exposing a timing attack over an
implementation of an existing security protocol
A Note on Fault Diagnosis Algorithms
In this paper we review algorithms for checking diagnosability of
discrete-event systems and timed automata. We point out that the diagnosability
problems in both cases reduce to the emptiness problem for (timed) B\"uchi
automata. Moreover, it is known that, checking whether a discrete-event system
is diagnosable, can also be reduced to checking bounded diagnosability. We
establish a similar result for timed automata. We also provide a synthesis of
the complexity results for the different fault diagnosis problems.Comment: Note: This paper is an extended version of the paper published in the
proceedings of CDC'09, 48th IEEE Conference on Decision and Control and 28th
Chinese Control Conference, Shanghai, P.R. China, December 2009
Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment
aimed at fostering the collaboration between system designers and security
experts at all methodological stages of the development of an embedded system.
A central issue in the design of an embedded system is the definition of the
hardware/software partitioning of the architecture of the system, which should
take place as early as possible. SysML-Sec aims to extend the relevance of this
analysis through the integration of security requirements and threats. In
particular, we propose an agile methodology whose aim is to assess early on the
impact of the security requirements and of the security mechanisms designed to
satisfy them over the safety of the system. Security concerns are captured in a
component-centric manner through existing SysML diagrams with only minimal
extensions. After the requirements captured are derived into security and
cryptographic mechanisms, security properties can be formally verified over
this design. To perform the latter, model transformation techniques are
implemented in the SysML-Sec toolchain in order to derive a ProVerif
specification from the SysML models. An automotive firmware flashing procedure
serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Online On-the-Fly Testing of Real-time Systems
In this paper we present a framework, an algorithm and a new tool for online testing of real-time systems based on symbolic techniques used in UPPAAL model checker. We extend UPPAAL timed automata network model to a test specification which is used to generate test primitives and to check the correctness of system responses including the timing aspects. We use timed trace inclusion as a conformance relation between system and specification to draw a test verdict. The test generation and execution algorithm is implemented as an extension to UPPAAL and experiments carried out to examine the correctness and performance of the tool. The experiment results are promising
Online On-the-Fly Testing of Real-time Systems
In this paper we present a framework, an algorithm and a new tool for online testing of real-time systems based on symbolic techniques used in UPPAAL model checker. We extend UPPAAL timed automata network model to a test specification which is used to generate test primitives and to check the correctness of system responses including the timing aspects. We use timed trace inclusion as a conformance relation between system and specification to draw a test verdict. The test generation and execution algorithm is implemented as an extension to UPPAAL and experiments carried out to examine the correctness and performance of the tool. The experiment results are promising
- …