formal methods
play

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd - PowerPoint PPT Presentation

Jun 23, 2023 •279 likes •911 views

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

  1. Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1

  2. Outline • Formal verification techniques • Design verification languages • Bell-LaPadula and SPECIAL • Current verification systems • Functional programming languages • Formally verified products Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-2

  3. Formal Verification Techniques • Formal specification languages for specifying requirements and systems • Well-defined semantics, syntax • Based on mathematical logic systems • Mathematically-based automated formal methods for proving properties of specifications and programs • Inductive verification techniques • Model checking techniques Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-3

  4. Inductive Verification vs. Model Checking Classification criteria: • Proof-based vs. model-based techniques : • premises embody system description • conclusion represents properties to be proved • Proof-based: derive intermediate formulae that go from premises to conclusion • Model-based: establish that premises, conclusion have same truth table values • Degree of automation : fully manual to fully automatic, with everything in between Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-4

  5. Inductive Verification vs. Model Checking Classification criteria: • Full vs. property verification : • System specification may describe entire system or part of system • Property specification may be single property or many properties • Predevelopment vs. postdevelopment : may be design aid or for verification after system design is complete • Intended domain of application : hardware or software, sequential or concurrent, non-terminating (like an operating system) or terminating, and so forth Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-5

  6. Example: HDM • Developed at SRI • Began as proof-based formal verification methodology • Covers design through implementation • Automated, general-purpose methodology • Used specification languages, implementation languages • Provided model checking with its multilevel security tool • Input is formal specification in language SPECIAL • Theorem prover uses proof-based technique; fully automated property- oriented verification system Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-6

  7. Example: HDM • Tool uses SRI model (interpretation of Bell-LaPadula model) • Given a SPECIAL specification • Verification condition generator creates formulae that assert specification correctly implements SRI model • Boyer-Moore theorem prover processes these formulae • Output is list of the formulae that were satisfied and those that were not Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-7

  8. Formal Specification • A specification written in a formal language with restricted syntax, well-defined semantics, based on well-established mathematical concepts • Precise semantics avoids ambiguity • Languages support exact descriptions of system function behavior • Generally eliminate implementation details • Automated tools support verification of syntax, semantics Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-8

  9. Example Language: SPECIAL • First-order logic-based language • Nonprocedural, strongly typed • Specification in SPECIAL represents module • Specifier defines module scope • Systems described in terms of modules • Function representation in modules • VFUN: describe variable data • OFUN: describe state transitions • OVFUN: describe state transitions and changes in VFUN values Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-9

  10. Bell-LaPadula Model and SPECIAL MODULE Bell_LaPadula_Model give-access TYPES Subject_ID: DESIGNATOR ; Object_ID: DESIGNATOR ; Access_Mode: {OBSERVE_ONLY, ALTER_ONLY, OBSERVE_AND_ALTER}; Access: STRUCT_OF ( Subject_ID subject; Object_ID object; Access_Mode mode); Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-10

  11. Comments • Subject_ID, Object_ID types described at lower level of abstraction • The DESIGNATOR indicates this • Access_Mode types have 3 possible values • Access type is structure with 3 fields of types shown Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-11

  12. Bell-LaPadula Model and SPECIAL FUNCTIONS VFUN active (Object_ID object) -> BOOLEAN active: HIDDEN ; INITIALLY TRUE ; VFUN access_matrix () -> Access accesses: HIDDEN ; INITIALLY FORALL Access a: a INSET accesses => active(a.object); Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-12

  13. Comments • VFUN active ( object ) defines the state variable active for the object and sets it to TRUE initially • So state variable for that object is true if the object exists • VFUN access_matrix() defines the state variable access_matrix to be set of triples ( subject , object , right ) • This is simply the current set of access rights in the system Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-13

  14. Bell-LaPadula Model and SPECIAL OFUN give-access(Subject_ID giver; Access access); ASSERTIONS active(access.object) = TRUE ; EFFECTS access_matrix() = access_matrix() UNION (access); END_MODULE Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-14

  15. Comments • OFUN access_matrix () defines state transition when new object added to matrix • State variable active for object must be true • See in the ASSERTIONS sections • Value of state variable access_matrix after transition is value before transition and additional access rights for the new object Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-15

  16. Hierarchical Development Methodology (HDM) • General-purpose methodology Requirements Analyze, accept requirements for design, implementation • Goal was to automate and Model proven internally consistent, Model formalize development process used as basis for verifying lower AMs • System design specification is External Interfaces First AM is usually external interface, AM 1 called Formal Top Level Specification hierarchy of a series of abstract machines at increasing level of Abstract Machine Each AM mapped to next lower detail AM 1 AM, which represents lower levels of system specification Primitive Machine Some combination of hardware and AM n software that runs verified system Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-16

  17. Specifications • Hierarchical specification identifies abstract machines (AMs) making up hierarchy • Each AM a set of modules written in SPECIAL • Modules could be reused in more than one AM • Mapping specifications define functions of one AM in terms of next higher AM • Hierarchy consistency checker: ensured consistency among hierarchy specs, associated module specs for AMs, mapping specs between AMs Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-17

  18. Design Hierarchy • Look at each pair of consecutive AMs, mappings between them • For each function in higher AM, write programs to show how it was implemented in terms of lower-level AM • Written in high-order language • Translator mapped program into common internal form that HDM tools used • Specs mapped into intermediate language; this and common internal form generated verification conditions • Sent to Boyer-Moore theorem prover • If lower-level AM correct, then higher-level AM verified to work correctly Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-18

  19. Verification in HDM • Approach: prove the FTLS correctly implemented predefined properties within a model • Used to verify design of a multi-level security (MLS) tool implementing a version of Bell-LaPadula model (called SRI model ) Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-19

  20. SRI Model • Some SRI model entities had no corresponding Bell-LaPadula features • Visible function references and results (VFUN, OVFUN) • Defined subjects implicitly (function callers) • *-property addresses downward flow of information • Bell-LaPadula model had features SRI model did not • Discretionary access control, current access triples • Defined subjects explicitly • *-property addressed allowable downward access Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-20

  21. Properties of SRI Model in MLS Tool • Information returned by specific function invocation to subject can depend only on information with security levels no greater than subject • Information flowing into state variable (ie, VFUN) can depend only on other state variables with security levels no greater than that of first state variable • If value of state variable modified, only function invocation with security level no greater than level of state variable can do the modification Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-21

  22. MLS Tool • Processed SPECIAL specification describing external interfaces to SPECIAL model • One AM represented, so no mappings • Could be multiple modules in specification; each module had to be verified, and then the set verified using hierarchy consistency tool Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-22

Recommend

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal Methods Symposium NASA HQ, Washington DC 14th April 2010 (09:0010:00) 0 Table of contents Intels diverse verification problems Verifying

834 views • 45 slides
A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004 Purpose of the Course - Giving some insights about Formal Methods - Showing that Formal Methods can be made practical - Illustrating Formal Methods

1.25k views • 112 slides
Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

F F F Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T M&&T June 27, 03 Formal Methods && Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in

Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in

Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in Mathematics January 8, 2020 1 / 35 marijn@cmu.edu Computer-Aided Mathematics Chromatic Number of the Plane Clausal Proof Optimization

634 views • 52 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam

Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam

Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam preparation 4. Course evaluation Concluding Lecture 1. Course Summary Formal Verification Formal methods : Two possibilities : correctness by

498 views • 3 slides
Procurement Plan Formal Procurement Formal Procurement Methods Invitation for Bid (IFB)

Procurement Plan Formal Procurement Formal Procurement Methods Invitation for Bid (IFB)

Procurement Plan Formal Procurement Formal Procurement Methods Invitation for Bid (IFB) Competitive Proposal (RFP) Advertising the Procurement The announcement of an IFB or RFP must be announced in ways that do not restrict free

995 views • 46 slides
Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking, Theorem Proving SMT Solving, Abstraction, and Static Analysis With SAL, PVS, and Yices, and more John Rushby Computer Science Laboratory SRI

1.89k views • 161 slides
Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science

Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science

Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I CAL Inauguration Seminar: 1 Formal Methods These are ways for exploring properties

740 views • 45 slides
1 FM does not replace testing! Why Use Formal Methods Reduces burden on testing phases to

1 FM does not replace testing! Why Use Formal Methods Reduces burden on testing phases to

Topics Introduction and terminology Overview of Formal Methods FM and Software Engineering Applications of FM Propositional and Predicate Logic Program derivation Intuitive program verification Algebraic Specifications

174 views • 5 slides
Numerical Computations and Formal Methods Guillaume Melquiond Proval, Laboratoire de Recherche en

Numerical Computations and Formal Methods Guillaume Melquiond Proval, Laboratoire de Recherche en

Program verification Formal arithmetic Decision procedures Numerical Computations and Formal Methods Guillaume Melquiond Proval, Laboratoire de Recherche en Informatique INRIA SaclayIdF, Universit e Paris Sud, CNRS October 28, 2009

1.07k views • 77 slides
Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department -- RATP/ING/STF/QS/AQL Evguenia DMITRIEVA / Oct 16 2014, Toulouse Plan 1. Industrial Context 2. Formal methods for software safety assessment : PERF 3.

498 views • 32 slides

More recommend