a formal connection between security properties and jml
play

A Formal Connection between Security Properties and JML Annotations - PowerPoint PPT Presentation

Sep 03, 2022 •358 likes •787 views

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke Huisman Alejandro Tamalet Radboud University Nijmegen, The Netherlands Introduction: The Goal Trusted devices (smart phones, PDA, smart

  1. A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke Huisman Alejandro Tamalet Radboud University Nijmegen, The Netherlands

  2. Introduction: The Goal  Trusted devices (smart phones, PDA, smart cards) need a way to ensure the security of applications.  We want to enforce (at runtime) a certain property. Ultimately, we would like to prove (statically) that it holds.  We will work with Java or Java-like sequential programs. Tamalet - Radboud University 2

  3. Introduction: The Means  One way to achieve this goal is to encode the property as JML annotations  JML connects runtime checking (jmlc) and proving (ESC/Java2).  This imposes restrictions on the kind of properties we can express: only safety properties (no liveness). Tamalet - Radboud University 3

  4. Example: An applet protocol as an automaton (Cheon and Perumendla) destroy init stop start start init; (start; stop)+; destroy Tamalet - Radboud University 4

  5. Example: The applet protocol specified in JML (Cheon and Perumendla) @ requi res st at e I NI T st at e STO P package j ava appl et / / == | | == ; . @ ensures st at e START / / == ; publ i c voi d st ar t publ i c cl ass Appl et ( ) { { @ set st at e START @ publ i c st at i c f i nal ghost i nt / / = ; / * @ PRI STI NE . . . = 1 , @ I NI T } = 2 , @ START = 3 , @ requi res st at e START @ STO P / / == ; = 4 , @ ensur es st at e STO P @ D ESTRO Y / / == ; = 5 ; publ i c voi d st op @ ( ) { * / @ set st at e STO P / / = ; @ publ i c ghost i nt st at e PRI STI NE . . . / / = ; } @ requi res st at e PRI STI N E / / == ; @ requi res st at e STO P @ ensures st at e I N I T / / == ; / / == ; @ ensures st at e D ESTRO Y publ i c voi d i ni t / / == ; ( ) { publ i c voi d dest r oy @ set st at e I NI T ( ) { / / = ; @ set st at e D ESTRO Y / / = ; . . . . . . } } . . . Tamalet - Radboud University 5

  6. Multi-Variable Automata (MVA)  We want to keep the high level view of these properties.  Regular automata are not enough to express many interesting properties. We use automata with variables.  An automaton specifies a property of a class called the monitored class. Tamalet - Radboud University 6

  7. Transitions  Transitions of an MVA have an event, a guard and actions.  The events can be entry to or exit of methods. We distinguish between a normal exit and an exceptional exit.  Guards and actions may involve fields of the monitored class or parameters of the method. Actions can only update variables of the automaton. Tamalet - Radboud University 7

  8. Example: Embedded transactions Property: At most N embedded transactions. bt = beginTransaction() bt, t<N → skip ct = commitTransaction() at = abortTransaction() bt, t:=t+1 entry Q2 exit normal bt, skip exit exceptional t:=0 Q1 → ct, t>0 Automaton: skip Monitored class: transactions.java ct, t:=t-1 Q = {Q1, Q2, Q3} → at, t >0 Σ = {bt, bt, bt, ct, ct, ct, at} t:=t-1 Q3 ct, skip vars A = {(t, int, 0)} vars P = {} Tamalet - Radboud University 8

  9. Other properties  Enforce and order in which methods are called: life cycle or protocol of an object.  Restrict the frequency of a particular method call. Example: m() can be called at most one time.  Method m1() can not or can only be called inside method m2(). Tamalet - Radboud University 9

  10. Characteristics of a MVA  The automaton must be deterministic.  We complete the transition function by adding an error state. We call it halted.  Since we work with safety properties, halted is a trap state.  We don't have accepted states. Tamalet - Radboud University 10

  11. Abstract correctness property P = program (may already have annotations) A = automaton describing a security property || = monitored by ≈ = equivalence relation Assumptions: P does not throw nor catch JML exceptions A is “ well formed ” and “ well behaved ” P || A ≈ ann_program(P, A) Tamalet - Radboud University 11

  12. Translation into JML... plus some code transformations  Some code transformations are needed to treat exceptions. We have to enclose the body in a t r y - cat ch f i nal l y block. -  If no code transformations are allowed we must restrict the expressiveness of the automata. We would only be able to talk about entry to methods. Tamalet - Radboud University 12

  13. ann_program: Two step translation  For the following algorithm, we focus more in its correctness than in its actual implementation.  For ease of verification, the translation is done in two steps. In the first step we do some abstractions and then we refine them in the second step. Tamalet - Radboud University 13

  14. Step 1 – 1: Add ghost variables  New ghost variables are added to encode the automaton.  Control points (including halted): integers initialized to a unique value.  Current control point (cp): integer initialized to the value of the initial control point.  Variables of the automaton: their type and initial value are provided by the automaton. Tamalet - Radboud University 14

  15. Step 1 – 1: Example @ publ i c st at i c f i nal ghost i nt / * @ HALTED = 0 , @ Q 1 = 1 , @ Q 2 = 2 , @ Q 3 = 3 ; @ * / @ publ i c ghost i nt cp Q / / = 1 ; @ publ i c ghost i nt t / / = 0 ; Tamalet - Radboud University 15

  16. Step 1 – 2: Strengthen invariant  The invariant is strengthened to assert that the current control point has not reached the error state . @ publ i c i nvari ant cp hal t ed / / ! = ; Tamalet - Radboud University 16

  17. Step 1 – 3: Annotate methods @ requi res pr e ; / / m() @ ensures pos ; / / m ( ) { assert pre & inv; pre_set { pre_set; @ annot at i ons r egar di ng / * m s ent r y @ ' * / } body { m s body body; ' } pos_set { @ annot at i ons r egar di ng / * m s nor m al exi t @ → ex ' * / → assert !ex } exc_set { assert inv; pos & inv; @ annot at i ons r egar di ng exc_set; / * pos_set; m s except i onal exi t @ ' * / } } Tamalet - Radboud University 17

  18. Step 1 – 4: Translate events  Each transition is translated independently of the type of its event (entry, exit normal or exit exceptional).  We assume the existence of an i f statement that works with ghost variables in the condition and in the branches. Tamalet - Radboud University 18

  19. Step 1 – 4: Example at @ i f ( cp Q @ i f ( cp Q && t / * == 1 ) { / * == 1 > 0 ) { @ i f ( t @ set t t > 0 ) { = – 1 ; @ set t t @ set cp Q = – 1 ; = 1 ; @ set cp Q @ el se { = 1 ; } @ el se { @ set cp HALTED } = ; @ set cp HALTED @ = ; } @ el se i f ( cp Q @ } == 2 ) { * / @ set cp HALTED = ; @ el se i f ( cp Q } == 3 ) { @ set cp HALTED = ; @ el se { / / cp HALTED } == @ set cp HALTED = @ } @ * / Tamalet - Radboud University 19

  20. Step 2 – 1: Refine if - 1  The i f for ghost variables are translated into a sequence of set statements using conditional statements. i f ( c ) { set x c a x : = ? : ; set x a : = ; set y c b y : = ? : ; set y b : = ; } Tamalet - Radboud University 20

  21. Step 2 – 1: Refine if - 2  Two auxiliary ghost variables are used to ensure the independence of the branches. i f ( cp Q set b cp Q 1 = == 1 ; == 1 ) { i f ( x set b b && x 2 = 1 >= 5 ; >= 5 ) { set x x set x b x x = 2 ? - 1 : ; = - 1 ; set cp Q set cp b Q cp = 2 ? 2 : ; = 2 ; } i f ( x set b b && b && x 2 = 1 ! 2 < 0 ; < 0 ) { set x x set x b x x = 2 ? +1 : ; = +1 ; set cp Q set cp b Q y = 2 ? 1 : ; = 1 ; } el se { set b b && b 2 = 1 ! 2 ; set cp HALTED set cp b HALTED cp = 2 ? : ; = ; } } Tamalet - Radboud University 21

  22. Step 2 – 2: Refine pre_set et al. m cat ch ( Except i on e { ( ) { ) @ ghost bool ean ex @ exc_set / / ; / / ; @ set ex t rue ; t ry { / / = t hrow e @ pr e_set ; / / ; } f i nal l y { @ assert cp hal t ed / / ! = ; @ i f ( ! ex pos_exc / / ) { ; } body } } } Tamalet - Radboud University 22

  23. Example: translation of the embedded transactions publ i c voi d begi nTr ansact i on ( ) { @ ghost bool ean ex / / ; t ry { @ set cp cp Q && t N Q HALTED / / = ( == 1 < ) ? 2 : ; @ assert cp HALTED / / ! = ; body } cat ch ( Except i on e ) { @ set cp cp Q Q HALTED / / = ( == 2 ) ? 1 : ; @ set ex t rue ; / / = } f i nal l y { @ set t ex && cp Q t t / / = ( ! == 2 ) ? +1 : ; @ set cp ex && cp Q Q HALTED / / = ( ! == 2 ) ? 1 : ; } } Tamalet - Radboud University 23

  24. Formalization  Everything must be defined:  Automatons and their operational semantics.  (A subset of) Java programs with annotations and their operational semantics (big step, based on Von Oheimb's formalization).  A semantics for monitored programs.  A bisimulation relation. Tamalet - Radboud University 24

Recommend

Grammar formalisms Tree Adjoining Grammar: Formal Properties, Part I Parsing Formal Properties

Grammar formalisms Tree Adjoining Grammar: Formal Properties, Part I Parsing Formal Properties

Some sample languages Pumping Lemma for TAL Closure Properties Grammar formalisms Tree Adjoining Grammar: Formal Properties, Part I Parsing Formal Properties of TAG Laura Kallmeyer, Timm Lichte, Wolfgang Maier Universit at T ubingen

260 views • 14 slides
Rethinking Connection Security Indicators Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie,

Rethinking Connection Security Indicators Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie,

Rethinking Connection Security Indicators Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo Connection Security Indicators Connection

238 views • 23 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal verification uses algorithms to rigorously prove properties of hardware or software design. 20 years ago, we had the FDIV bug: 42.0 / 7.0 = 8.0 Formal

576 views • 6 slides
A Formal Analysis of Some Properties of Kerberos 5 Using MSR Frederick Butler, Iliano Cervesato,

A Formal Analysis of Some Properties of Kerberos 5 Using MSR Frederick Butler, Iliano Cervesato,

A Formal Analysis of Some Properties of Kerberos 5 Using MSR Frederick Butler, Iliano Cervesato, Aaron D. Jaggard, and Andre Scedrov Project Goals Give precise statement and formal analysis of a real world protocol Find a real world

474 views • 25 slides
Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT

Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT

Some Puzzles Security Connection Cryptography Need For Formal Methods Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT Bombay siva@iitb.ac.in Oct 14, 2004 G. Sivakumar Computer Science and

671 views • 43 slides
Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard Institute for Computer Science Security instruments learned so far Symmetric and asymmetric cryptography confidentiality, integrity, non-repudiation

319 views • 29 slides
TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides connection-oriented ,

TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides connection-oriented ,

TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides connection-oriented , reliable stream delivery service (handles loss, duplication, transmission errors, reordering) Provides port abstraction (like UDP) Establishes

559 views • 30 slides
1 3.1.1 Formal Properties and a little Remarks (III) Theory This definition of a MAS is

1 3.1.1 Formal Properties and a little Remarks (III) Theory This definition of a MAS is

3. Multi-agent systems (MAS) 3.1 Formal Definitions and Properties Multi-agent systems (MAS) are used to describe We can now refine our agent definition: several agents that interact with each other Definition : Agent in a MAS (positively,

85 views • 4 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal analysis of security models for critical systems: Virtualization platforms and mobile

Formal analysis of security models for critical systems: Virtualization platforms and mobile

Formal analysis of security models for critical systems: Virtualization platforms and mobile devices Carlos Luna Grupo de Seguridad Inform atica, InCo Facultad de Ingenier a, Universidad de la Rep ublica, Uruguay Formal analysis

751 views • 56 slides
1 Properties of agents: Properties of agents: rationality reflectivity and reactivity (I) $ $

1 Properties of agents: Properties of agents: rationality reflectivity and reactivity (I) $ $

2. Single-agent systems 2.1 Formal Definitions and Properties n Term agent used with many different meanings: Our goal: rather broad definition l Agent of an agency (see James Bond) l Agent as a person acting on behalf of another Definition

360 views • 3 slides
1 Properties of agents: Properties of agents: rationality reflectivity and reactivity (I)

1 Properties of agents: Properties of agents: rationality reflectivity and reactivity (I)

2. Single-agent systems 2.1 Formal Definitions and Properties n Term agent used with many different meanings: Our goal: rather broad definition Agent of an agency (see James Bond) Definition : Agent Agent as a person acting on

150 views • 3 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA IIT Delhi, Fall 2010 Lecture 1: WriCng Secure Web ApplicaCons

472 views • 25 slides
Institute for Cyber Security A Formal Model for Isolation Management in Cloud

Institute for Cyber Security A Formal Model for Isolation Management in Cloud

Institute for Cyber Security A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio October 15-17, 2014 NSS

146 views • 13 slides
Optimality Properties of Planning via Petri Net Unfolding: A Formal Analysis Sebastian Sardina

Optimality Properties of Planning via Petri Net Unfolding: A Formal Analysis Sebastian Sardina

Optimality Properties of Planning via Petri Net Unfolding: A Formal Analysis Sebastian Sardina and Sarah Hickmott RMIT University Australia ICAPS 2009 1 / 18 Planning via Directed Unfolding 1. Forward search partial order planning STRIPS,

802 views • 25 slides
1 How do we establish fundamental principles Formal methods reducing complexity of security?

1 How do we establish fundamental principles Formal methods reducing complexity of security?

Charge Topics What are the most important ideas from other fields that we should try to integrate into cyber security? The Science of Security The Science of Security What steps are needed to establish more useful Questions and Promising

253 views • 3 slides
Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures

Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures

Introduction RSM: Rotating Sboxes Masking Information Theoretic Evaluation of RSM Security Evaluation of RSM against CPA and 2O-CPA Conclusions and Perspectives Formal Analysis of the Entropy / Security Trade-off in First-Order Masking

539 views • 38 slides
Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

911 views • 63 slides
Chapter Three: Closure Properties for Regular Languages Formal Language, chapter 3,

Chapter Three: Closure Properties for Regular Languages Formal Language, chapter 3,

Chapter Three: Closure Properties for Regular Languages Formal Language, chapter 3, slide 1 1 Once we have defined some languages formally, we can consider combinations and modifications of those languages: unions, intersections,

685 views • 45 slides
Formal Security Analysis and Improvement of a hash-based

Formal Security Analysis and Improvement of a hash-based

Formal Security Analysis and Improvement of a hash-based NFC M-coupon Protocol Ali Alshehri and Steve Schneider Agenda Introduc?on. Approach

498 views • 25 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya

Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya

Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya Kizhvatov 2 Russian State University for the Humanities, Moscow, Russia

811 views • 54 slides

More recommend