one picture is worth a thousand words couple dozen
play

One Picture is Worth a Thousand Words Couple Dozen Connectives - PowerPoint PPT Presentation

Feb 16, 2024 •33 likes •253 views

Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://theory.stanford.edu/~iliano Joint work with Cathy

  1. Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://theory.stanford.edu/~iliano Joint work with Cathy Meadows ONR IPCS meeting Harpers Ferry, WV September 23-25, 2003

  2. How this work came about Analysis of GDOI group protocol  Requirements expressed in NPATRL Novel group properties  Medium size specifications  – Dozen operators Lots of fine-tuning   Difficult to read and share specs.  Informal use of fault trees Intuitive visualization medium  Became favored language   Formal relation with NPATRL Fault Tree Representation of Security Requirements 1

  3. Security Requirements Describe what a protocol should do Verified by • Model checking  Mathematical proof  Pattern-matching (in some cases)  Expressed • Informally  Semi-formally  Formal language  Adequate for toy protocols • BUT, do not scale to real protocols Fault Tree Representation of Security Requirements 2

  4. Example: Kerberos 5 [CSFW’02] Semi-formal •  But very precise Bulky and unintuitive •  Requires several readings to grasp Fault Tree Representation of Security Requirements 3

  5. Example: GDOI [CCS’01] Formal •  NPATRL protocol spec. language Ok for a computer • Bulky and unintuitive for humans •  About 20 operators Fault Tree Representation of Security Requirements 4

  6. Example: Authentication [Lowe, CSFW’97] Informal •  Made precise as CSP expressions Simple, but … •  … many very similar definitions Fault Tree Representation of Security Requirements 5

  7. The Problem Desired properties are difficult to •  Phrase & get right  Explain & understand  Modify & keep right Examples •  Endless back and forth on GDOI Are specs. right now?   K5 properties read over and over Fault Tree Representation of Security Requirements 6

  8. Dealing with Textual Complexity HCI response: graphical presentation • Our approach: Dependence Trees •  Re-interpretation of fault trees  2D representation of NPATRL  Intuitive for medium size specs. Fault Tree Representation of Security Requirements 7

  9. Example: Kerberos 5 Excises the gist • of the theorem Highlights • dependencies Fairly intuitive • … in a minute …  Fault Tree Representation of Security Requirements 8

  10. Example: GDOI Isomorphic to NPATRL specifications • Much more intuitive • … in a minute …  Fault Tree Representation of Security Requirements 9

  11. Example: Authentication Formalize definitions • Easy to compare … •  … and remember … Fault Tree Representation of Security Requirements 10

  12. Rest of this Talk Logic for protocol specs •  NPATRL Logic  NRL Protocol Analyzer fragment  Model checking Precedence trees •  Fault trees  NPATRL semantics Analysis of an example • Future Work • Fault Tree Representation of Security Requirements 11

  13. NPATRL Formal language for protocol requirements •  Simple temporal logic Designed for NRL Protocol Analyzer •  Simplify input of protocol specs Sequences of events that should not occur   Applies beyond NPA Used for many protocols •  SET, GDOI, … Fault Tree Representation of Security Requirements 12

  14. NPATRL Logic Events • initiator_accept_key( A, (B,S), (K AB ,n A ), N) name actuator other agents terms round Classical connectives: ∧ , ∨ , ¬ , … • “Previously”: # ( ) • initiator_accept_key(A, (B,S), (K AB ,n A ), N) server_sent_key(S, (A,B), (K AB ), _)  # Fault Tree Representation of Security Requirements 13

  15. R ::= a  F F ::= E | ¬ E | F 1 F 2 | F 1 F 2 NPA Fragment ∧ ∨ E ::= # a | # (a ∧ F) NPA uses a small fragment of NPATRL R ::= a  F F ::= E | ¬ E | F 1 F 2 | F 1 F 2 ∧ ∨ E ::= # a | # (a ∧ F) Efficient model checking • Fault Tree Representation of Security Requirements 14

  16. Fault Trees Safety analysis of system design •  Root is a failure situation Extended to behavior descriptions   Inner nodes are conditions enabling fault Events  Combinators (logical gates)  canBoard Example •  A passenger needs a ticket and a photo ID hasTicket hasID to board a plane, but should not carry a weapon carriesWeapon Fault Tree Representation of Security Requirements 15

  17. R ::= a  F F ::= E | ¬ E | F 1 F 2 | F 1 F 2 Precedence Trees ∧ ∨ E ::= # a | # (a ∧ F) Fault tree representation of NPATRL NPA •  Isomorphism a a R E ::= ::= a F F F ::= E E F 1 F 2 F 1 F 2 Fault Tree Representation of Security Requirements 16

  18. “Recency Freshness” in GDOI if a member accepts a key from the controller in a protocol run, no newer key should have been distributed prior to the mem- ber's request member_accept_key(M,G,(K GM ,K old ),N)  gcks_loseparwisekey(G,(),(M,K GM ),_) # ∨ ¬ ( # ( member_requestkey(M,G,(),N) # gcks_createkey(G,(),K new ,K old ),_))) ∧ Fault Tree Representation of Security Requirements 17

  19. “Sequential Freshness” in GDOI if a member accepts a key from the group controller in a proto- col run, then it should not have previously accepted a later key member_accept_key(M,G,(K GM ,K old ),_)  gcks_loseparwisekey(G,(),(M,K GM ),_) # ∨ ¬ ( # (member_acceptkey(M,G,(K GM ,K new ),_) #( gcks_createkey(G,(),K new ,K ’ ),_) ∧ # gcks_createkey(G,(),K old ,K ’’ ),_)))) ∧ Fault Tree Representation of Security Requirements 18

  20. Conclusions Explored tree representation of protocol reqs. • Promising initial results  Complex requirements now intuitive  Precedence trees • Draw from fault trees research  Specialized to NPATRL and NPA  NPATRL semantics  Better understanding of NPATRL  Papers • “A Fault-Tree Representation of NPATRL Security  Requirements”, with Cathy Meadows WITS’03  TCS (long version, submitted)  Fault Tree Representation of Security Requirements 19

  21. Future Work – Theory What properties can be expressed? •  All of safety?  Liveness? Graphical equivalence of requirements? • Expressive power •  Recursive trees?  More complex quantifier patterns? Graphical gist of theorems •  Useful classes?  Proofs? Fault Tree Representation of Security Requirements 20

  22. Future Work – Practice Gain further experience •  Can they be used for other requirements? Scaling up •  When are trees so big they are non-intuitive? Existing requirements?   Modularity Interaction with fault tree community •  Broader applications of dependence trees?  Tools we can use? NPATRL <-> dependence trees  Fault Tree Representation of Security Requirements 21

Recommend

They say a picture is worth a thousand words so why are some people still using text?

They say a picture is worth a thousand words so why are some people still using text?

THE CHALLENGE They say a picture is worth a thousand words so why are some people still using text? Photos have always been used to save important memories and life moments, but thanks to the advent of smartphone cameras, now they are

425 views • 28 slides
A picture is worth a thousand words Where are we going? Poor Geographical Footprint

A picture is worth a thousand words Where are we going? Poor Geographical Footprint

A picture is worth a thousand words Where are we going? Poor Geographical Footprint Poor System Brand Recognition Paying For Brick &amp; Mortar Many Wrong Doors Virtually No Co Location of WIA Partners

160 views • 11 slides
Motion Graphs It is said that a picture is worth a thousand words. The same can be said for a

Motion Graphs It is said that a picture is worth a thousand words. The same can be said for a

Motion Graphs It is said that a picture is worth a thousand words. The same can be said for a graph. Once you learn to read the graphs of the motion of objects, you can tell at a glance if the object in question was moving toward you, away

879 views • 64 slides
COMPSCI 111 / 111G Mastering Cyberspace: One picture is worth more than ten thousand words

COMPSCI 111 / 111G Mastering Cyberspace: One picture is worth more than ten thousand words

COMPSCI 111 / 111G Mastering Cyberspace: One picture is worth more than ten thousand words An introduction to practical computing Anonymous Digital Images Vector Graphics Learning Outcomes What is a Digital Ima mage? Students

431 views • 9 slides
A Picture is Worth A Thousand Words The Use of Infographics in School Nursing Kim Ragan, RN, BSN,

A Picture is Worth A Thousand Words The Use of Infographics in School Nursing Kim Ragan, RN, BSN,

10/2/2015 A Picture is Worth A Thousand Words The Use of Infographics in School Nursing Kim Ragan, RN, BSN, NCSN 32 Annual NC School Nurse Conference October 15 16, 2015 Presenter Disclosure I disclose the absence of personal financial

381 views • 16 slides
Fault Tree Represent at ion of Securit y Requirement s 0 Work in progress Work in progress

Fault Tree Represent at ion of Securit y Requirement s 0 Work in progress Work in progress

Fault Tree Represent at ion of Securit y Requirement s 0 Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives I liano Cer vesat o iliano@itd.nrl.navy.mil I TT I ndust r ies, inc @ NRL Washingt

618 views • 23 slides
A Picture Is Worth A Thousand Words An Application Of Knowledge Graph To Electronic Records

A Picture Is Worth A Thousand Words An Application Of Knowledge Graph To Electronic Records

A Picture Is Worth A Thousand Words An Application Of Knowledge Graph To Electronic Records Systems Shin-Chung Shao, Infodoc Technology Corporation Cheng-Wei Tsai, Infodoc Technology Corporation Contents Research Motivation Storyboard

243 views • 12 slides
Introduction: Chunks on the Scaffold of Child and Youth Development A picture is worth a

Introduction: Chunks on the Scaffold of Child and Youth Development A picture is worth a

Introduction: Chunks on the Scaffold of Child and Youth Development A picture is worth a thousand words Working with children and youth who are at risk poses many challenges. Child, and Youth Workers or other child/youth serving

403 views • 23 slides
A Picture Tells A Thousand Words How to use images to tell your organizations story and

A Picture Tells A Thousand Words How to use images to tell your organizations story and

A Picture Tells A Thousand Words How to use images to tell your organizations story and create stronger engagement with supporters The Power of Images When people hear information, they're likely to remember only 10% of that information

409 views • 21 slides
Learning to Detect Activity in Untrimmed Video Prof. Bernard Ghanem An image is worth a thousand

Learning to Detect Activity in Untrimmed Video Prof. Bernard Ghanem An image is worth a thousand

Learning to Detect Activity in Untrimmed Video Prof. Bernard Ghanem An image is worth a thousand words A video is worth a million words Source: YouTube Image: a tiger attacking a person on a grass field Video: the tiger is being

337 views • 30 slides
By Twine Bananuka Although it is commonly held that a picture speaks more than a thousand

By Twine Bananuka Although it is commonly held that a picture speaks more than a thousand

By Twine Bananuka Although it is commonly held that a picture speaks more than a thousand words, It is equally true that a picture speaks more about the photographer than the person or image photographed (Silverman, 2005). Wade

205 views • 20 slides
Video Team Why and How Use Videos? WHY? Because video Marketing is on the rise: By

Video Team Why and How Use Videos? WHY? Because video Marketing is on the rise: By

Boost up your event with a Video Team Why and How Use Videos? WHY? Because video Marketing is on the rise: By 2020, 83% of the web traffic will be for video content. If a picture is worth a thousand words, a video is worth 1.8 million

389 views • 12 slides
Mobile Reader A Picture Becomes a Thousand Words. Mobile Reader Introduction Mobile

Mobile Reader A Picture Becomes a Thousand Words. Mobile Reader Introduction Mobile

Mobile Reader A Picture Becomes a Thousand Words. Mobile Reader Introduction Mobile Reader History Mobile Reader Demonstration Questions Introduction Introduction: Sensotec Founded in 1986 as innovative company Roots in

425 views • 25 slides
Today What is this class all about? Why am I here? Prerequisites You must be a strong

Today What is this class all about? Why am I here? Prerequisites You must be a strong

Today What is this class all about? Why am I here? Prerequisites You must be a strong object-oriented programmer. iOS Overview What s in iOS? Show me! A demo with a thousand words is worth tens of thousands of words. CS193p Fall 2017-18

717 views • 9 slides
COMPSCI 111 / 111G Mastering Cyberspace: An introduction to practical computing Digital Images

COMPSCI 111 / 111G Mastering Cyberspace: An introduction to practical computing Digital Images

COMPSCI 111 / 111G Mastering Cyberspace: An introduction to practical computing Digital Images Vector Graphics One picture is worth more than ten thousand words Anonymous Learning Outcomes Students should be able to: Understand

452 views • 34 slides
Frequent Pattern Mining How Many Words Is a Picture Worth? E. Aiden and J-B Michel: Uncharted.

Frequent Pattern Mining How Many Words Is a Picture Worth? E. Aiden and J-B Michel: Uncharted.

Frequent Pattern Mining How Many Words Is a Picture Worth? E. Aiden and J-B Michel: Uncharted. Reverhead Books, 2013 Jian Pei: CMPT 741/459 Frequent Pattern Mining (1) 2 Burnt or Burned? E. Aiden and J-B Michel: Uncharted. Reverhead Books,

420 views • 28 slides
1 2 Analysis Modeling Review Chapters 12 3 Analysis Modeling A Picture is worth a

1 2 Analysis Modeling Review Chapters 12 3 Analysis Modeling A Picture is worth a

1 2 Analysis Modeling Review Chapters 12 3 Analysis Modeling A Picture is worth a 1000 Words!!! Helps better understand the requirements Data Function and Behavior Analysis modeling helps validate the

1.33k views • 88 slides
Designing Impactful Data Visualization By Thomas Portolano 1 UIUX Conf China 2018 Impactful

Designing Impactful Data Visualization By Thomas Portolano 1 UIUX Conf China 2018 Impactful

UIUX Conf China 2018 Impactful Dataviz Designing Impactful Data Visualization By Thomas Portolano 1 UIUX Conf China 2018 Impactful Dataviz Workshop agenda A picture is worth a thousand words 3 But not any picture 12 Our ambition 12

648 views • 40 slides
Computer Vision CSPP 56553 Artificial Intelligence March 3, 2004 Roadmap Motivation

Computer Vision CSPP 56553 Artificial Intelligence March 3, 2004 Roadmap Motivation

Computer Vision CSPP 56553 Artificial Intelligence March 3, 2004 Roadmap Motivation Computer vision applications Is a Picture worth a thousand words? Low level features Feature extraction: intensity, color High

1.06k views • 48 slides
Jeanette Bautista Perceptual

Jeanette Bautista Perceptual

Jeanette Bautista Perceptual enhancement: text or diagrams? Why a Diagram is (Sometimes) Worth Ten Thousand Words Larkin, J. and Simon, H.A Structural object perception: 2D or

836 views • 81 slides
Informatics Practices Class XII ( As per CBSE Board) Visit : python.mykvs.in for regular updates

Informatics Practices Class XII ( As per CBSE Board) Visit : python.mykvs.in for regular updates

New syllabus 2020-21 Chapter 2 Data Visualization Informatics Practices Class XII ( As per CBSE Board) Visit : python.mykvs.in for regular updates Data visualization &quot;A picture is worth a thousand words&quot;. Most of us are familiar

952 views • 18 slides
Splines linear non-linearity September 9, 2019 Splines linear non-linearity September 9,

Splines linear non-linearity September 9, 2019 Splines linear non-linearity September 9,

Splines linear non-linearity September 9, 2019 Splines linear non-linearity September 9, 2019 1 / 26 Motto A picture is worth a thousand words Splines linear non-linearity September 9, 2019 2 / 26 Fitting a non-linear

734 views • 23 slides
1 You may have noticed that the first section of this week's problem is devoted to defining

1 You may have noticed that the first section of this week's problem is devoted to defining

1 You may have noticed that the first section of this week's problem is devoted to defining exactly what it is we're working with. For what it's worth, it's a lot simpler to explain with a couple pictures. All of those extra words we used to

321 views • 13 slides
Meet Magento GR 2019 E-Commerce trends For 2020 A couple of words about our company

Meet Magento GR 2019 E-Commerce trends For 2020 A couple of words about our company

Meet Magento GR 2019 E-Commerce trends For 2020 A couple of words about our company Steficon Steficon 360, dig igital marketi ting &amp; &amp; communication ag agency

789 views • 54 slides

More recommend