Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka - PowerPoint PPT Presentation

Hyperproperties Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka Mondal October 7, 2017

Hyperproperties Correctness Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety Hyperliveness To prove the correctness of a system, one must prove two essentially different types of properties about it, which we call safety and liveness properties. [LESLIE LAMPORT]

Hyperproperties Trace Property Presenter: Priyanka Mondal Correctness Trace property Defn Hyperproperty Hypersafety A set of infinite traces which satisfies some property. Hyperliveness Properties ◮ Safety Property: Proscribes “ bad things “ ◮ Liveness Property: Prescribes “ good things “ Intersection of a safety property and a liveness property.

Hyperproperties Trace Property Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety Hyperliveness Think a trace property T as a system, and each trace as its execution.

Hyperproperties Trace Property Presenter: Priyanka Mondal Correctness Traces may be finite or infinite sequences of states. Trace property t = s 0 s 1 ... Hyperproperty Hypersafety Ψ fin � Σ ∗ , Hyperliveness Ψ inf � Σ ω , Ψ � Ψ inf ∪ Ψ fin t[i] � s i , t [ i .. ] � s i s i +1 ..., t [ .. i ] � s 0 ... s i − 1 s i Prop � P (Ψ inf ) = P � T ⊆ P T |

Hyperproperties Hyperproperty Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety Hyperliveness ◮ Mean response time. ◮ Noninterference.

Hyperproperties Hyperproperty Presenter: Priyanka Mondal Correctness Trace property Defn Hyperproperty Hypersafety Set of trace properties. Hyperliveness Properties ◮ Hypersafety ◮ Hyperliveness Intersection of a hypersafety and a hyperliveness.

Hyperproperties Hyperproperty Presenter: Priyanka Mondal Correctness Trace property HP � P ( P (Ψ inf )) Hyperproperty Hypersafety = H � T ∈ H T | Hyperliveness Additional level of sets means that hyperproperties can be more expressive than trace properties For every trace property P there exixts a unique hyperproperty called lift of P or [P]. [P] is powerset of P.

Hyperproperties Hypersafety Presenter: Priyanka Mondal ◮ finitely observable Correctness ◮ irremediable Trace property A trace property S is a safety property iff Hyperproperty ⇒ ( ∃ m ∈ Ψ fin : m � t ∧ ( ∀ t ′ ∈ Ψ inf : Hypersafety ( ∀ t ∈ Ψ inf : t / ∈ S = m � t ′ = ⇒ t ′ / Hyperliveness ∈ S ))) A bad thing is a finite trace that cannot be a prefix of any execution satisfying the safety property. A hyperproperty S is a hypersafety iff ⇒ ( ∃ M ∈ Obs : M � T ∧ ( ∀ T ′ ∈ ( ∀ T ∈ Prop : T / ∈ S = Prop : M � T ′ = ⇒ T ′ / ∈ S ))) ◮ Noninterference is hypersafety.

Hyperproperties Hypersafety Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety Hyperliveness ( ∀ S ∈ Prop : S ∈ SP ⇐ ⇒ [ SP ] ∈ SHP )

Hyperproperties k-safety Hyperproperty Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety ◮ One more conjunct added to the definition of hypersafety : Hyperliveness | M | ≤ k ◮ Think of a system with secret split into k shares. ◮ KSHP(1) = { [S] | S ∈ SP } ◮ SecS � ∪ k SecS k

Hyperproperties Hyperliveness Presenter: Priyanka Mondal ◮ Always possible Correctness Trace property ◮ Possibly infinite Hyperproperty A trace property L is a liveness property iff Hypersafety ( ∀ t ∈ Ψ fin : ( ∃ t ′ ∈ Ψ inf : t � t ′ ∧ t ′ ∈ L )) Hyperliveness A good thing is an infinite suffix of a finite trace. A hyperproperty L is a hyperliveness iff ( ∀ T ∈ Obs : ( ∃ T ′ ∈ Prop : T � T ′ ∧ T ′ ∈ L )) ◮ Mean-response time is hyperliveness.

Hyperproperties Hyperliveness Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety Hyperliveness ( ∀ L ∈ Prop : L ∈ LP ⇐ ⇒ [ LP ] ∈ LHP )

Hyperproperties ... Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety ◮ Confidentiality: Hypersafety in case of OD and Hyperliveness hyperliveness in case of noninterference ◮ Availability: Maximum response time is hypersafety (also a safety property) and mean response time is hyperliveness. ◮ Integrity:

Hyperproperties ... Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hypersafety Hyperliveness ◮ Set of all safety properties SP is not hypersafety. ◮ LP ?