Counting Idempotent Relations

This article introduces and motivates idempotent relations. It summarizes characterizations of idempotents and their relationship to transitive relations and quasi-orders. Finally it presents a counting method for idempotent relations and lists the results for up to 6 points

Attack Trees in Isabelle extended with probabilities for Quantum Cryptography

In this paper, we present a proof calculus for Attack Trees and how its application to Quantum Cryptography is made possible by extending the framework to probabilistic reasoning on attacks. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. Furthermore in this paper, we illustrate the application of Attack Trees to security protocols on the example of the Quantum Key Distribution (QKD) algorithm. The application motivates the extension of the Attack Tree proof calculus by probabilities. We therefore introduce probabilities to quantify finite event sequences and show how this extension can be used to extend CTL to its probabilistic version PCTL. We show on the example of QKD how probabilistic reasoning with PCTL enables proof of quantitative security properties

Isabelle Modelchecking for insider threats

The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders

A Formalization of Typed Aspects for the ς-calculus in Isabelle/HOL

In this paper we present an approach towards safe software composition based on aspect-orientation. Aspects enable the systematic addition of code into existing programs but often they also introduce errors. In order to provide safe aspects for software composition we address the verification of the aspect-oriented language paradigm. We construct a basic calculus for aspects with types and prove formally type safety. More precisely, this paper presents the following contributions (a) a fully formalized type system for the Theory of Objects including the proof of type safety, (b) a theory of aspects based on the Theory of Objects including a type system for aspects, and (c) the definition of a notion of type safety for aspects including its proof. The entire theory and proofs are carried out in the theorem prover Isabelle/HOL

Functional Active Objects: Noninterference and Distributed Consensus

In this report, we present recent work on the language of functional active objects ASPfun. We first introduce briefly the language ASPfun, its syntax and semantics. Then, we present a method for static security checking for our functional distributed active object language. We show how the type system of ASPfun is easily extensible for noninterference: a type system that enables analyzing an ASPfun program statically – prior to execution – detects information flows that contradict a given security policy. To prove this conjecture, we introduce the definition of an indistinguishability relation and prove the noninterference theorem that shows that this indistinguishability relation is a bisimulation on ASPfun executions. In a second part, we investigate the question of distributed consensus in ASPfun. We implement Paxos, a distributed consensus algorithm due to Lamport, in ASPfun. This implementation illustrates how functional active objects behave when stateful operations occur

A Mechanized Model of the Theory of Objects

In this paper we present a formalization of Abadi's and Cardelli's theory of ob jects in the interactive theorem prover Isabelle/HOL. Our motivation is to build a mechanized HOL-framework for the analysis of a functional calculus for distributed ob jects. In particular, we present (a) a formal model of ob jects and its operational semantics based on de Bruijn indices (b) a parallel reduction relation for ob jects (c) the proof of confluence for the theory of ob jects reusing Nipkow's HOL-framework for the lambda calculus. We expect this framework to be highly reusable and allow further development and mechanized proofs of various aspects of ob ject theory, e.g., distribution, aspect orientation, typing

A mechanized model of the theory of objects

Abstract. In this paper we present a formalization of Abadi's and Cardelli's theory of objects in the interactive theorem prover Isabelle/HOL. Our motivation is to build a mechanized HOL-framework for the analysis of a functional calculus for distributed objects. In particular, we present (a) a formal model of objects and its operational semantics based on de Bruijn indices (b) a parallel reduction relation for objects (c) the proof of confluence for the theory of objects reusing Nipkow's HOL-framework for the lambda calculus. We expect this framework to be highly reusable and allow further development and mechanized proofs of various aspects of object theory, e.g., distribution, aspect orientation, typing