Isabelle Modelchecking for insider threats

The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders

Attack trees in Isabelle

In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification

A verified algorithm enumerating event structures

An event structure is a mathematical abstraction modeling concepts as causality, conflict and concurrency between events. While many other mathematical structures, including groups, topological spaces, rings, abound with algorithms and formulas to generate, enumerate and count particular sets of their members, no algorithm or formulas are known to generate or count all the possible event structures over af inite set of events. We present an algorithm to generate such a family, along with a functional implementation verified using Isabelle/HOL. As byproducts, we obtain a verified enumeration of all possible preorders and partial orders. While the integer sequences counting preorders and partial orders are already listed on OEIS (On-line Encyclopedia of Integer Sequences), the one counting event structures is not. We therefore used our algorithm to submit a formally verified addition, which has been successfully reviewed and is now part of the OEIS.Postprin

A formalized general theory of syntax with bindings

We present the formalization of a theory of syntax with bindings that has been developed and refined over the last decade to support several large formalization efforts. Terms are defined for an arbitrary number of constructors of varying numbers of inputs, quotiented to alpha-equivalence and sorted according to a binding signature. The theory includes a rich collection of properties of the standard operators on terms, such as substitution and freshness. It also includes induction and recursion principles and support for semantic interpretation, all tailored for smooth interaction with the bindings and the standard operators

Attack tree analysis for insider threats on the IoT using Isabelle

The Internet-of-Things (IoT) aims at integrating small devices around humans. The threat from human insiders in “regular” organisations is real; in a fully-connected world of the IoT, organisations face a substantially more severe security challenge due to unexpected access possibilities and information flow. In this paper, we seek to illustrate and classify insider threats in relation to the IoT (by ‘smart insiders’), exhibiting attack vectors for their characterisation. To model the attacks we apply a method of formal modelling of Insider Threats in the interactive theorem prover Isabelle. On the classified IoT attack examples, we show how this logical approach can be used to make the models more precise and to analyse the previously identified Insider IoT attacks using Isabelle attack tree

Modular Reasoning in Isabelle

The concept of locales for Isabelle enables local definition and assumption for interactive mechanical proofs. Furthermore, dependent types are constructed in Isabelle/HOL for first class representation of structure. These two concepts are introduced briefly. Although each of them has proved useful in itself, their real power lies in combination. This paper illustrates by examples from abstract algebra how this combination works and argues that it enables modular reasoning

Dependently Typed Records for Representing Mathematical Structure

this paper appears in Theorem Proving in Higher Order Logics, TPHOLs 2000,