Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano - PowerPoint PPT Presentation

Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL – Washington DC http://www.cs.stanford.edu/~iliano/ 2 nd International Workshop on Foundations for Secure/Survivable Tokyo, October 27 th , 2001 Systems and Networks

Work in progress Work in progress Outline Type-confusion attacks Type flaws • Example Positions Contribution MSR 2.0 Example Type-Flaw Attacks in MSR Typing • DAS Execution Intruder Type flaws Simulation Simulation with Dolev-Yao Intruder • DY Intruder Big steps Type flaws Expressing Type-Flaw Attacks in a Strongly Typed Language 2

Type-Flaw Attacks Functionalities seen as “types” • Names  Nonces  Type flaws Keys, … Example  Positions Contribution Violation MSR 2.0 • Simulation Principal misinterprets data  Type flaw/confusion attack • Intruder manipulates message  Principal led to misuse data  Expressing Type-Flaw Attacks in a Strongly Typed Language 3

A → B: {A, n A } kB Example: NSL B → A: {n A , n B , B} kA A → B: {n B } kB [Millen] I B A {A, I} kB Confusion 1: Type flaws name/nonce Example Positions {I, n B ,B} kA {I, n B , B} kA Confusion 2: Contribution MSR 2.0 pair/nonce Simulation {n B ,B, n A , A} kI {n B } kB B is fooled! “Unlikely type violation” Expressing Type-Flaw Attacks in a Strongly Typed Language 4

Advocates Type-flaw attacks are serious threats Type flaws Example Push type-free specifications Positions • Contribution MSR 2.0  Catch all “normal” attacks Simulation  … and type-confusion attacks too  Types are not real! Expressing Type-Flaw Attacks in a Strongly Typed Language 5

Opponents Most type-flaw attacks are unrealistic Type flaws Example Push typed specification languages • Positions Contribution MSR 2.0  Catch “real” attacks Simulation  Types guide search  fast  Type-flaw attacks too low-level anyway Expressing Type-Flaw Attacks in a Strongly Typed Language 6

Prog. Languages vs. Security Types in • programming Exciting Whole World languages Wild Interesting Type flaws World World Example Positions Contribution MSR 2.0 Types in Simulation • security Desired World Symbolic Ugh! Tolerated World World Expressing Type-Flaw Attacks in a Strongly Typed Language 7

… in Reality Type discriminants  Data length Type flaws  Redundancy Example Positions  Explicit checks Contribution MSR 2.0 Simulation Resolve many situations … • … but not all • “I so far found only one realistic type-flaw attack” [Meadows] Expressing Type-Flaw Attacks in a Strongly Typed Language 8

Contribution Reconcile •  Typed languages Type flaws  Type violations Example Positions Contribution User specifies confusable types MSR 2.0 • Simulation  Flexible  Abstract Support efficient simulation • Expressing Type-Flaw Attacks in a Strongly Typed Language 9

MSR Follows the Dolev-Yao abstraction • Based on • Multiset rewriting, linear logic, type theory  Type flaws Used to prove MSR 2.0 • Example Undecidability of protocol verification Typing  DAS Completeness of Dolev-Yao intruder Execution  Intruder Related to • Type flaws Simulation strands  CIL  spi-calculus, …  Expressing Type-Flaw Attacks in a Strongly Typed Language 10

What’s in MSR 2.0 ? Multiset rewriting with existentials • Type flaws New Dependent types w/ subsorting • MSR 2.0 Example Typing DAS New Memory predicates • Execution Intruder Type flaws Simulation New Constraints • Expressing Type-Flaw Attacks in a Strongly Typed Language 11

The Dolev-Yao Model of Security Symbolic data • 01001011010… k a No bits  Black-box cryptography Type flaws • MSR 2.0 No guessing of keys Example  Typing DAS Execution Partially abstract data access • Intruder Type flaws s Knowledge soup Simulation  a k a k b Found in most protocol analysis tools  Tractability • Expressing Type-Flaw Attacks in a Strongly Typed Language 12

Role state pred. Roles var. declarations ∀ A ∃ L : τ ’ 1 x … x τ ’ n (x 1 ) (x n ) Generic • … roles Type flaws ∀ x : τ . lhs rhs ∃ y : τ ’ . → MSR 2.0 … … … Example ∀ x : τ . lhs ∃ y : τ ’ . rhs → Typing DAS Role Role Execution Intruder owner owner Type flaws Simulation A Anchored 1 ) x … x τ ’ n ∃ L : τ ’ 1 • (x (x n ) … roles ∀ x : τ . lhs ∃ y : τ ’ . rhs → … … … ∀ x : τ . lhs ∃ y : τ ’ . rhs → Expressing Type-Flaw Attacks in a Strongly Typed Language 13

Rules ∀ x 1 : τ 1 . ∃ y 1 : τ ’ 1 . … lhs … rhs → Type flaws ∀ x n : τ n . ∃ y n’ : τ ’ n’ . MSR 2.0 Example Typing DAS Execution Intruder • N (t) Network Type flaws • N (t) Network Simulation • L (t, …, t) Local state • L (t, …, t) Local state • M A (t, …, t) Memory • M A (t, …, t) Memory Constraints • χ Expressing Type-Flaw Attacks in a Strongly Typed Language 14

A → B: {A, n A } kB NSL Initiator B → A: {n A , n B , B} kA A → B: {n B } kB ∀ A ∃ L : princ x princ (B) x pubK B x nonce. Type flaws MSR 2.0 L (A,B,k B ,n A ) ∀ B: princ Example ∃ n A :nonce. → • ∀ k B : pubK B N ({A, n A } kB ) Typing DAS Execution Intruder … ∀ Type flaws ∀ k A : pubK A L (A,B,k B ,n A ) Simulation N ({n B } kB ) → k’ A : privK k A N ({n A ,n B ,B} kA ) ∀ ∀ n A ,n B : nonce Expressing Type-Flaw Attacks in a Strongly Typed Language 15

A → B: {A, n A } kB NSL Responder B → A: {n A , n B , B} kA A → B: {n B } kB ∀ B ∃ L : princ (B) x pubK B (kB) x privK k B x nonce. Type flaws MSR 2.0 ∀ k B : pubK B Example ∀ k’ B : privK k B Typing :nonce. L (B,k B ,k’ B ,n B ) DAS N ({A,n A } kB ) → ∃ n B ∀ A: princ Execution N ({n A ,n B ,B} kA ) ∀ n A : nonce Intruder ∀ k A : pubK A Type flaws Simulation L (B,k B ,k’ B ,n B ) … ∀ → • N ({n B } kB ) ∀ n B : nonce Expressing Type-Flaw Attacks in a Strongly Typed Language 16

Types of Terms A: A: A: princ princ princ • • • n: nonce n: nonce n: nonce • • • Type flaws Types can depend MSR 2.0 k: k: shK shK A B A B • • Example Typing on term DAS k: k: pubK pubK A A • • Execution Intruder • Captures relations Type flaws k’: privK k k’: privK k • • between objects Simulation … (definable) • Expressing Type-Flaw Attacks in a Strongly Typed Language 17

Subtyping princ :: msg nonce :: msg pubK A :: msg Type flaws MSR 2.0 Allows atomic terms in messages • Example Typing DAS Execution Definable • Intruder Type flaws  Non-transmittable terms Simulation  Sub-hierarchies Expressing Type-Flaw Attacks in a Strongly Typed Language 18

New Type Checking |— P Σ |— t : τ Γ t has type in Γ τ P is well- typed in Σ Type flaws Catches: • MSR 2.0 Encryption with a nonce Example  Typing DAS Transmission of a long term key  Execution Intruder Circular key hierarchies, …  Type flaws Simulation Static and dynamic uses • Decidable • Expressing Type-Flaw Attacks in a Strongly Typed Language 20

New Data Access Specification ‖ — P Σ r is DAS-valid for A in Γ ‖ — A r Γ P is DAS- Catches Type flaws • valid in Σ MSR 2.0 A signing/encrypting with B’s key  Example Typing A accessing B’s private data, …  DAS Execution Static & Decidable Intruder • Type flaws Simulation Gives meaning to Dolev-Yao intruder • Completeness  Reconstructibility  Expressing Type-Flaw Attacks in a Strongly Typed Language 21

Configurations Active role set C = [S] R Type flaws Σ MSR 2.0 Example Typing DAS Execution State Signature Intruder Type flaws • a : τ Simulation •N (t) • L l : τ • L l (t, …, t) • M _ : τ • M A (t, …, t) Expressing Type-Flaw Attacks in a Strongly Typed Language 22

Execution Model 1-step firing P C → C’  Type flaws Activate roles MSR 2.0 • Example Typing Generates new role state pred. names • DAS Execution Instantiate variables Intruder • Type flaws Simulation Apply rules • Skips rules • Expressing Type-Flaw Attacks in a Strongly Typed Language 23

Variable Instantiation |— t : Σ τ Type flaws MSR 2.0 [S] R ( ∀ x: τ .r, ρ ) A [S] R ([t/x]r, ρ ) A Example Σ → Typing Σ DAS Execution Intruder Type flaws Type checking guarantees proper usage Simulation Expressing Type-Flaw Attacks in a Strongly Typed Language 24

Rule Application r = F, χ → ∃ n : τ . G( n ) Constraint check • Type flaws |= (constraint handler) Σ χ MSR 2.0 Example Typing DAS Firing • Execution Intruder Type flaws [S 2 ] R ρ A [S 1 ] R(r, ρ ) A → c not in S 1 Simulation Σ, c : τ Σ S, F S, G( c ) Expressing Type-Flaw Attacks in a Strongly Typed Language 25

Execution with an Attacker P, P I C → C’  Type flaws Selected principal(s): I • MSR 2.0 Example Typing Generic capabilities: P I DAS • Execution  Well-typed Intruder Type flaws  DAS-valid Simulation Modeled completely within MSR • Expressing Type-Flaw Attacks in a Strongly Typed Language 26