computing information flow using symbolic model checking
play

Computing Information Flow Using Symbolic Model-Checking Rohit Chadha - PowerPoint PPT Presentation

Jul 19, 2023 •108 likes •919 views

Computing Information Flow Using Symbolic Model-Checking Rohit Chadha 1 Umang Mathur 2 Stefan Schwoon 3 1 University of Missouri Columbia, Missouri, USA 2 Indian Institute of Technology - Bombay Mumbai 3 LSV, ENS Cachan France December 17, 2014

  1. Computing Information Flow Using Symbolic Model-Checking Rohit Chadha 1 Umang Mathur 2 Stefan Schwoon 3 1 University of Missouri Columbia, Missouri, USA 2 Indian Institute of Technology - Bombay Mumbai 3 LSV, ENS Cachan France December 17, 2014

  2. Outline Introduction Preliminaries Summary Calculation Computing Information Leakage: Symbolic Algorithms Moped-QLeak Demo Conclusions and Future Work Thank You

  3. Introduction ◮ Quantifying information leakage - Inferring information about inputs by observing public outputs

  4. Introduction ◮ Quantifying information leakage - Inferring information about inputs by observing public outputs ◮ No leakage = ⇒ Outputs independent of inputs

  5. Introduction ◮ Quantifying information leakage - Inferring information about inputs by observing public outputs ◮ No leakage = ⇒ Outputs independent of inputs ◮ Full leakage = ⇒ Unique input corresponding to given output

  6. Introduction ◮ Quantifying information leakage - Inferring information about inputs by observing public outputs ◮ No leakage = ⇒ Outputs independent of inputs ◮ Full leakage = ⇒ Unique input corresponding to given output ◮ Comparing leakage across programs - less leakage is desirable

  7. Measuring Information Leakage

  8. Measuring Information Leakage Several metrics - min-entropy, Shannon’s entropy, etc.,

  9. Measuring Information Leakage Several metrics - min-entropy, Shannon’s entropy, etc., 1. Min-entropy leakage measures vulnerability of the secret inputs to being guessed correctly in a single attempt of the adversary � ME U ( P ) = log max s ∈S µ ( S = s | O = o ) . o ∈O

  10. Measuring Information Leakage Several metrics - min-entropy, Shannon’s entropy, etc., 1. Min-entropy leakage measures vulnerability of the secret inputs to being guessed correctly in a single attempt of the adversary � ME U ( P ) = log max s ∈S µ ( S = s | O = o ) . o ∈O 2. Shannon entropy leakage measures expected number of guesses required to correctly guess the secret input SE U ( P ) = log | S | − 1 � | P − 1 ( o ) | log | P − 1 ( o ) | | S | o ∈ O

  11. Example Consider the following example:

  12. Example Consider the following example: def example (input) : output = input % 8 return output

  13. Example Consider the following example: def example (input) : output = input % 8 return output What would be the information leaked by the above program

  14. Example Consider the following example: def example (input) : output = input % 8 return output What would be the information leaked by the above program ◮ using min-entropy ?

  15. Example Consider the following example: def example (input) : output = input % 8 return output What would be the information leaked by the above program ◮ using min-entropy ? ◮ using Shannon entropy ?

  16. Dining Cryptographers

  17. Dining Cryptographers ◮ Cryptographers A, B and C: Dine out

  18. Dining Cryptographers ◮ Cryptographers A, B and C: Dine out

  19. Dining Cryptographers ◮ Cryptographers A, B and C: Dine out ◮ Payment done by

  20. Dining Cryptographers ◮ Cryptographers A, B and C: Dine out ◮ Payment done by ◮ One of A, B or C, or

  21. Dining Cryptographers ◮ Cryptographers A, B and C: Dine out ◮ Payment done by ◮ One of A, B or C, or ◮ NSA

  22. Dining Cryptographers ◮ Cryptographers A, B and C: Dine out ◮ Payment done by ◮ One of A, B or C, or ◮ NSA ◮ Determine if the NSA paid or not w/o revealing information about cryptographers

  23. Dining Cryptographers: Protocol 2 stage protocol:

  24. Dining Cryptographers: Protocol 2 stage protocol: 1. Every two cryptographers establish a shared one-bit secret : Toss a coin

  25. Dining Cryptographers: Protocol 2 stage protocol: 1. Every two cryptographers establish a shared one-bit secret : Toss a coin 2. Each cryptographer publicly announces a bit, which is

  26. Dining Cryptographers: Protocol 2 stage protocol: 1. Every two cryptographers establish a shared one-bit secret : Toss a coin 2. Each cryptographer publicly announces a bit, which is ◮ XOR of shared bits, if did not pay

  27. Dining Cryptographers: Protocol 2 stage protocol: 1. Every two cryptographers establish a shared one-bit secret : Toss a coin 2. Each cryptographer publicly announces a bit, which is ◮ XOR of shared bits, if did not pay ◮ ¬ (XOR of shared bits), otherwise

  28. Dining Cryptographers: Protocol 2 stage protocol: 1. Every two cryptographers establish a shared one-bit secret : Toss a coin 2. Each cryptographer publicly announces a bit, which is ◮ XOR of shared bits, if did not pay ◮ ¬ (XOR of shared bits), otherwise ¬ XOR(0 , 1) = 0 1 0 1 XOR(1 , 1) = 0 XOR(0 , 1) = 1

  29. Dining Cryptographers: Protocol 2 stage protocol: 1. Every two cryptographers establish a shared one-bit secret : Toss a coin 2. Each cryptographer publicly announces a bit, which is ◮ XOR of shared bits, if did not pay ◮ ¬ (XOR of shared bits), otherwise ¬ XOR(0 , 1) = 0 1 0 1 XOR(1 , 1) = 0 XOR(0 , 1) = 1 Stage-1 (left) and Stage-2 (right)

  30. Dining Cryptographers: Protocol 2 stage protocol: 1. Every two cryptographers establish a shared one-bit secret : Toss a coin 2. Each cryptographer publicly announces a bit, which is ◮ XOR of shared bits, if did not pay ◮ ¬ (XOR of shared bits), otherwise ¬ XOR(0 , 1) = 0 1 0 1 XOR(1 , 1) = 0 XOR(0 , 1) = 1 Stage-1 (left) and Stage-2 (right) XOR(Announcement A , Announcement B , Announcement C ) = 0 iff NSA paid for the dinner

  31. Probabilistic Boolean Programs ◮ Global variablesn G : Input and output

  32. Probabilistic Boolean Programs ◮ Global variablesn G : Input and output ◮ Local variables: Internal calculations

  33. Probabilistic Boolean Programs ◮ Global variablesn G : Input and output ◮ Local variables: Internal calculations ◮ Program statements : transform global and local variables

  34. Probabilistic Boolean Programs ◮ Global variablesn G : Input and output ◮ Local variables: Internal calculations ◮ Program statements : transform global and local variables ◮ For Program P , F P : 2 G → 2 G ∪ {⊥}

  35. Probabilistic Boolean Programs ◮ Global variablesn G : Input and output ◮ Local variables: Internal calculations ◮ Program statements : transform global and local variables ◮ For Program P , F P : 2 G → 2 G ∪ {⊥} ◮ F P ( ¯ g 0 ) = ⊥ iff P does not terminate

  36. Probabilistic Boolean Programs ◮ Global variablesn G : Input and output ◮ Local variables: Internal calculations ◮ Program statements : transform global and local variables ◮ For Program P , F P : 2 G → 2 G ∪ {⊥} ◮ F P ( ¯ g 0 ) = ⊥ iff P does not terminate ◮ Summary - Joint probability distribution µ

  37. Probabilistic Boolean Programs ◮ Global variablesn G : Input and output ◮ Local variables: Internal calculations ◮ Program statements : transform global and local variables ◮ For Program P , F P : 2 G → 2 G ∪ {⊥} ◮ F P ( ¯ g 0 ) = ⊥ iff P does not terminate ◮ Summary - Joint probability distribution µ

  38. Algebraic Decision Diagrams ◮ Set of variables V

  39. Algebraic Decision Diagrams ◮ Set of variables V ◮ Algebraic set M ( M = [0 , 1] for probabilistic statements, M = { 0 , 1 } implies BDDs)

  40. Algebraic Decision Diagrams ◮ Set of variables V ◮ Algebraic set M ( M = [0 , 1] for probabilistic statements, M = { 0 , 1 } implies BDDs) ◮ ADD : 2 V → M

  41. Algebraic Decision Diagrams ◮ Set of variables V ◮ Algebraic set M ( M = [0 , 1] for probabilistic statements, M = { 0 , 1 } implies BDDs) ◮ ADD : 2 V → M ◮ Efficient reduced representations, similar to BDDs

  42. Algebraic Decision Diagrams ◮ Set of variables V ◮ Algebraic set M ( M = [0 , 1] for probabilistic statements, M = { 0 , 1 } implies BDDs) ◮ ADD : 2 V → M ◮ Efficient reduced representations, similar to BDDs x y y z z z z 1 0 0 1 0 . 5 0 . 5 0 . 5 0 . 5 x y z z 1 0 . 5

  43. Algebraic Decision Diagrams ◮ Set of variables V ◮ Algebraic set M ( M = [0 , 1] for probabilistic statements, M = { 0 , 1 } implies BDDs) ◮ ADD : 2 V → M ◮ Efficient reduced representations, similar to BDDs x y y z z z z 1 0 0 1 0 . 5 0 . 5 0 . 5 0 . 5 x y z z 1 0 . 5 ADD (up) and its reduced form (bottom)

  44. Computing Summaries: Fixed Point Iteration ◮ Program statement l → µ l

  45. Computing Summaries: Fixed Point Iteration ◮ Program statement l → µ l ◮ Can be represented efficiently as MTBBDs

  46. Computing Summaries: Fixed Point Iteration ◮ Program statement l → µ l ◮ Can be represented efficiently as MTBBDs Stmt 0x2c x Stmt: x = !x x' 0x29 0x2b 0 1

  47. Computing Summaries: Fixed Point Iteration ◮ Program statement l → µ l ◮ Can be represented efficiently as MTBBDs Stmt 0x2c x Stmt: x = !x x' 0x29 0x2b 0 1 ◮ Compose statements

  48. Computing Summaries: Fixed Point Iteration ◮ Program statement l → µ l ◮ Can be represented efficiently as MTBBDs Stmt 0x2c x Stmt: x = !x x' 0x29 0x2b 0 1 ◮ Compose statements ◮ Arrive at a fixed point (Summary µ )

  49. Min Entropy : Symbolic Algorithm For a program P , with

  50. Min Entropy : Symbolic Algorithm For a program P , with ◮ input set S (uniform distribution),

  51. Min Entropy : Symbolic Algorithm For a program P , with ◮ input set S (uniform distribution), ◮ output set O , and,

Recommend

Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

The Mu-Calculus Model Checking Example Results Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal Papers in Verification March 23, 2012 Andrena Francisco Symbolic Model Checking The Mu-Calculus

196 views • 15 slides
Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

833 views • 61 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute Technical University of Denmark Spring 2020 Model Checking M | = Models M are Kripke structures Formulas are Computational Tree Logic

509 views • 22 slides
On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work:

On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work:

Introduction Noninteference BSPs Results Conclusion On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work: Deepak DSouza, Janardhan Kulkarni, Barbara Sprick, Raveendra Holla Indian Institute of

717 views • 26 slides
Bounded Model Checking Julien Schmaltz Institute for Computing and Information Sciences Radboud

Bounded Model Checking Julien Schmaltz Institute for Computing and Information Sciences Radboud

Bounded Model Checking Julien Schmaltz Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands julien@cs.ru.nl April 15, 2009 J. Schmaltz Bounded Model Checking Agenda coming lectures ... Part I:

954 views • 56 slides
Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 Reuben Rowe 1 1 UCL 2 Middlesex University Australian National University, Canberra, 9 December 2015 1/ 24 Model

1.13k views • 81 slides
Symbolic Model Checking Binary Decision Diagrams 2 Combinatorial Circuits 3 Eight Queen

Symbolic Model Checking Binary Decision Diagrams 2 Combinatorial Circuits 3 Eight Queen

1 Randal Bryant 86 Ken McMillan 90 Symbolic Model Checking Binary Decision Diagrams 2 Combinatorial Circuits 3 Eight Queen Combinatorial Problems Sudoku Control Programs A Train Simulator, visualSTATE (VVS) 1421 machines 11102

993 views • 71 slides
CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of Computer Science and

CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of Computer Science and

CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng ( Department of

660 views • 26 slides
CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of Computer Science and

CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of Computer Science and

CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng ( Department of

511 views • 33 slides
Making TLA + Model Checking Symbolic Igor Konnov Joining Interchain Foundation in August Jure

Making TLA + Model Checking Symbolic Igor Konnov Joining Interchain Foundation in August Jure

Making TLA + Model Checking Symbolic Igor Konnov Joining Interchain Foundation in August Jure Kukovec Thanh-Hai Tran VeriDis + Matryoushka seminar, Amsterdam, June 2019 Why TLA + ? Rich specification language TLA + is used in industry, e.g.,

699 views • 46 slides
Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

3/25/2014 Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING Timers, watchdog processors, error model, control flow checking, memory access and assertion Kewal K.Saluja checking Re-execution for

209 views • 5 slides
Probabilisti tic Model Checking in Practi tice Dave Parker Oxford University

Probabilisti tic Model Checking in Practi tice Dave Parker Oxford University

Probabilisti tic Model Checking in Practi tice Dave Parker Oxford University Computing Laboratory Quantitative Model Checking PhD School, Copenhagen, March 2010 Overview Tool support for probabilistic model checking The PRISM

317 views • 14 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn

Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn

Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn 2019 Section Targets Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn 2019 Chapter 6 Learning

621 views • 47 slides
01/07/2010 Two Parallel Stories Timed and Hybrid Automata Symbolic model checking: Timed and

01/07/2010 Two Parallel Stories Timed and Hybrid Automata Symbolic model checking: Timed and

01/07/2010 Two Parallel Stories Timed and Hybrid Automata Symbolic model checking: Timed and hybrid systems: -abstract data type region algebra yp g g specific region algebra p g g -termination analysis (e.g. clock regions, polyhedra)

807 views • 49 slides
Symbolic Model Checking for Large Software Specifications William Chan Richard Anderson Paul

Symbolic Model Checking for Large Software Specifications William Chan Richard Anderson Paul

Symbolic Model Checking for Large Software Specifications William Chan Richard Anderson Paul Beame Steve Burns Francesmary Modugno David Jones (Boeing) David Notkin Jon D. Reese William Warner (Boeing) Motivation: circa 1998-2000 How

575 views • 44 slides
SC 2 : Satisfiability Checking meets Symbolic Computation: www.sc-square.org James Davenport

SC 2 : Satisfiability Checking meets Symbolic Computation: www.sc-square.org James Davenport

SC 2 : Satisfiability Checking meets Symbolic Computation: www.sc-square.org James Davenport Hebron & Medlock Professor of Information Technology 1 University of Bath (U.K.) 4 August 2016 1 Thanks to John Abbott, Erika Abrah am, Bernd

795 views • 19 slides
SC 2 : Satisfiability Checking and Symbolic Computation: www.sc-square.org James Davenport Hebron

SC 2 : Satisfiability Checking and Symbolic Computation: www.sc-square.org James Davenport Hebron

SC 2 : Satisfiability Checking and Symbolic Computation: www.sc-square.org James Davenport Hebron & Medlock Professor of Information Technology 1 University of Bath (U.K.) Fulbright Scholar (NYU) 12 May 2017 1 Thanks to Erika Abrah

1.5k views • 149 slides
Quantifying Robustness by Symbolic Model Checking S. Baarir C. Braunstein E Encrenaz J-M.

Quantifying Robustness by Symbolic Model Checking S. Baarir C. Braunstein E Encrenaz J-M.

Quantifying Robustness by Symbolic Model Checking S. Baarir C. Braunstein E Encrenaz J-M. Ili T. Li I. Mounier D. Poitrenaud S. Younes HWVW 2010, July 15, 2010 Quantifying Robustness - HWVW 2010 1 / 28 Outline Motivation 1

809 views • 31 slides
COMP4600 Advanced algorithms: Algorithms for verification (3 lectures) Andreas Bauer NICTA

COMP4600 Advanced algorithms: Algorithms for verification (3 lectures) Andreas Bauer NICTA

Introduction LTL model checking CTL model checking Binary decision diagrams Symbolic model checking COMP4600 Advanced algorithms: Algorithms for verification (3 lectures) Andreas Bauer NICTA Software Systems Research Group & The

1.77k views • 160 slides
Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems Informationsteknologi System Description A No! Debugging Information TOOL TOOL Yes, Requirement F Prototypes C T L Executable Code Test sequences Tools:

637 views • 34 slides

More recommend