synthesis of non interferent systems
play

Synthesis of non-interferent systems Gilles Benattar Franck Cassez - PowerPoint PPT Presentation

Nov 09, 2023 •325 likes •753 views

Introduction Definitions Results Conclusion Synthesis of non-interferent systems Gilles Benattar Franck Cassez Didier Lime Olivier H.Roux IRCCyN/CNRS UMR 6597, Nantes, France CNRS and National ICT Australia, Sydney,

  1. Introduction Definitions Results Conclusion Synthesis of non-interferent systems Gilles Benattar † Franck Cassez ‡ Didier Lime † Olivier H.Roux † † IRCCyN/CNRS UMR 6597, Nantes, France ‡ CNRS and National ICT Australia, Sydney, Australia Formal Modelling and Analysis of Timed Systems 2009 (FORMATS09) 1

  2. Introduction Definitions Results Conclusion Introduction 1 Studies of information flow security properties has been a very active domain. 2 Information flow analysis defines secrecy as: “high level information never flows into low level channels” i.e. , non-interference . 3 There are many results on model checking of non-interference properties. 4 We consider the problem of the synthesis of non-interferent systems for timed and untimed automata. 2

  3. Introduction Definitions Results Conclusion Introduction 1 Definitions 2 Preliminaries Non-interference Control problem Results 3 SNNI verification problem SNNI control problem SNNI control synthesis problem Conclusion 4 3

  4. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Restriction definition h 1 l 1 0 1 2 h 2 l 1 l 2 3 4 5 Figure: B 4

  5. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Restriction definition h 1 l 1 h 1 l 1 0 1 2 0 1 2 h 2 l 1 l 1 l 2 3 4 5 3 (a) Automaton B (b) B\{ h 2 } 4

  6. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Abstraction (hiding) definition h 1 l 1 0 1 2 h 2 l 1 l 2 3 4 5 Figure: B 5

  7. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Abstraction (hiding) definition h 1 l 1 h 1 l 1 0 1 2 0 1 2 h 2 ε l 1 l 1 l 2 l 2 3 4 5 3 4 5 (a) Automaton B (b) B / { h 2 } 5

  8. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Strong Non-deterministic Non-Interference (SNNI) 1/4 1 The systems is defined by an automaton A over an alphabet Σ divided into two sub-alphabets : Σ h the high level actions and Σ l the low level actions 2 A system defined by an automaton A is non-interferent if the low level user cannot distinguish A / Σ h from A\ Σ h . Definition (SNNI) A TA A has the strong non-deterministic non-interference property (in short “ A is SNNI”) if A / Σ h ≈ L A\ Σ h , where A 1 ≈ L A 2 mean that A 1 and A 2 are language equivalent . 6

  9. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI finite automata example 1/2 h 1 l 1 0 1 2 h 2 l 1 l 2 3 4 5 Figure: B that is not SNNI L ( B / { h 1 , h 2 } ) = { l 1 , l 2 } L ( B\{ h 1 , h 2 } ) = { l 1 } 7

  10. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI finite automata example 2/2 h 1 l 1 0 1 2 h 2 l 1 3 4 Figure: C that is SNNI L ( C / { h 1 , h 2 } ) = { l 1 } L ( C\{ h 1 , h 2 } ) = { l 1 } 8

  11. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI timed automata example [ x 1 ≤ 4] h , x 1 ≥ 1 A 0 A 2 l , x 1 ≥ 2 l A 1 A 3 Figure: Timed Automaton A 9

  12. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI timed automata example h A 0 A 2 l l A 1 A 3 Figure: Finite Automaton A � = untimed ( A ) L ( A � / { h } ) = { l } L ( A � \{ h } ) = { l } 9

  13. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI timed automata example [ x 1 ≤ 4] h , x 1 ≥ 1 A 0 A 2 l , x 1 ≥ 2 l A 1 A 3 Figure: Timed Automaton A ρ = ( A 0 , 0) 1 . 1 → ( A 0 , 1 . 1) h → ( A 2 , 0) 0 . 5 l − − − − − → ( A 2 , 1 . 6) − → ( A 3 , 1 . 6) ∈ Runs ( A ) 9

  14. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI timed automata example [ x 1 ≤ 4] h , x 1 ≥ 1 A 0 A 2 l , x 1 ≥ 2 l A 1 A 3 Figure: Timed Automaton A ρ = ( A 0 , 0) 1 . 1 → ( A 2 , 0) 0 . 5 → ( A 0 , 1 . 1) h l − − − − − → ( A 2 , 1 . 6) − → ( A 3 , 1 . 6) ∈ Runs ( A ) (1 . 1 , h ) . (0 . 5 , l ) ∈ L ( A ) 9

  15. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI timed automata example [ x 1 ≤ 4] h , x 1 ≥ 1 A 0 A 2 l , x 1 ≥ 2 l A 1 A 3 Figure: Timed Automaton A ρ = ( A 0 , 0) 1 . 1 → ( A 2 , 0) 0 . 5 → ( A 0 , 1 . 1) h l − − − − − → ( A 2 , 1 . 6) − → ( A 3 , 1 . 6) ∈ Runs ( A ) (1 . 1 , h ) . (0 . 5 , l ) ∈ L ( A ) ⇒ (1 . 6 , l ) ∈ L ( A / { h } ) 9

  16. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion SNNI timed automata example [ x 1 ≤ 4] h , x 1 ≥ 1 A 0 A 2 l , x 1 ≥ 2 l A 1 A 3 Figure: Timed Automaton A ρ = ( A 0 , 0) 1 . 1 → ( A 2 , 0) 0 . 5 → ( A 0 , 1 . 1) h l − − − − − → ( A 2 , 1 . 6) − → ( A 3 , 1 . 6) ∈ Runs ( A ) (1 . 1 , h ) . (0 . 5 , l ) ∈ L ( A ) ⇒ (1 . 6 , l ) ∈ L ( A / { h } ) ⇒ A is not SNNI 9

  17. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Control problem 1/2 The SNNI Verification Problem (SNNI-VP) for a system S asks the following: is S SNNI ? The Control Problem (SNNI-CP) for a system S asks the following: Is there a controller C s.t. C ( S ) is SNNI ? The Controller Synthesis Problem (SNNI-CSP) asks to compute a witness controller C . 10

  18. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Control problem 2/2 Let Σ c ⊆ Σ = Σ h ∪ Σ l a set of controllable actions , let λ �∈ Σ the waiting action . Definition (Controller) A controller C for A is a partial mapping C : Runs ( A ) → 2 Σ c ∪{ λ } . After each run ρ ∈ Runs ( A ), the controller chose a set C ( ρ ) of actions that are not disabled. 11

  19. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Control problem 2/2 Let Σ c ⊆ Σ = Σ h ∪ Σ l a set of controllable actions , let λ �∈ Σ the waiting action . Definition (Controller) A controller C for A is a partial mapping C : Runs ( A ) → 2 Σ c ∪{ λ } . After each run ρ ∈ Runs ( A ), the controller chose a set C ( ρ ) of actions that are not disabled. If λ ∈ C ( ρ ), the system may wait, otherwise, a controllable action must be done by one of the users. 11

  20. Introduction Preliminaries Definitions Non-interference Results Control Problem Conclusion Introduction 1 Definitions 2 Preliminaries Non-interference Control problem Results 3 SNNI verification problem SNNI control problem SNNI control synthesis problem Conclusion 4 12

  21. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Verification Problem (SNNI-VP) Untimed Automata Timed Automata Deterministic A \ Σ h PTIME PSPACE-Complete Non-deterministic A \ Σ h PSPACE-Complete Undecidable [1] Table: Results for the SNNI-VP 13

  22. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Control Problem (SNNI-CP) for finite automata 1/2 Theorem For finite automata, the SNNI-CP is PSPACE-Complete. 14

  23. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Control Problem (SNNI-CP) for finite automata 2/2 For finite automata, we can easily check if SNNI is controllable by cutting all the controllable actions and checking if the obtained system is SNNI. h 1 l 1 0 4 5 l 1 l 2 3 2 1 h 2 Figure: Automaton D Σ c = { l 1 } 15

  24. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Control Problem (SNNI-CP) for finite automata 2/2 For finite automata, we can easily check if SNNI is controllable by cutting all the controllable actions and checking if the obtained system is SNNI. h 1 0 4 Figure: Automaton D\ Σ c Σ c = { l 1 } 15

  25. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Control Problem (SNNI-CP) for timed automata This does not work in the timed case : h , x 1 ≥ 5 0 2 a , x 1 > 1 b 1 3 Figure: Timed Automaton E Σ c = { a } 16

  26. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Control Problem (SNNI-CP) for timed automata This does not work in the timed case : h , x 1 ≥ 5 h , x 1 ≥ 5 0 2 0 2 a , x 1 > 1 b b 1 3 3 (a) Timed Automaton E (b) Timed Automaton E\ Σ c Σ c = { a } 16

  27. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Control Problem (SNNI-CP) for timed automata This does not work in the timed case : [ x 1 ≤ 4] h , x 1 ≥ 5 0 2 0 a , x 1 > 1 a , x 1 > 1 b 1 3 1 (c) Automaton E (d) Timed Automaton C ( E ) Σ c = { a } 16

  28. Introduction SNNI-VP Definitions SNNI-CP Results SNNI-CSP Conclusion SNNI Controller Synthesis Problem (SNNI-CSP) Theorem If A is a finite automaton, we can compute the most permissive controller C s.t. C ( A ) is SNNI. Theorem If A is a timed automaton and A\ Σ h is deterministic, we can compute the most permissive controller C s.t. C ( A ) is SNNI. 17

Recommend

Co-synthesis techniques for embedded systems embedded systems Kelvin Yuk June 5, 2002 EEC282 -

Co-synthesis techniques for embedded systems embedded systems Kelvin Yuk June 5, 2002 EEC282 -

Co-synthesis techniques for embedded systems embedded systems Kelvin Yuk June 5, 2002 EEC282 - Akella Introduction Co-synthesis of high-level systems Approaches to co-synthesis 1. Architectural Co-synthesis Algorithm 2. Process

257 views • 10 slides
Precise Parameter Synthesis for Stochastic Biochemical Systems Milan ska 1 , 2 , Frits

Precise Parameter Synthesis for Stochastic Biochemical Systems Milan ska 1 , 2 , Frits

Introduction Problem Formulation Parameter Synthesis Case Studies Conclusion Precise Parameter Synthesis for Stochastic Biochemical Systems Milan ska 1 , 2 , Frits Dannenberg 2 , Marta Kwiatkowska 2 , Nicola Paoletti 2 Ce Faculty of

579 views • 28 slides
Formal Synthesis of Stabilizing Controllers for Switched Systems Pavithra Prabhakar & Miriam

Formal Synthesis of Stabilizing Controllers for Switched Systems Pavithra Prabhakar & Miriam

Formal Synthesis of Stabilizing Controllers for Switched Systems Pavithra Prabhakar & Miriam Garca Soto Kansas State University & IMDEA Software Institute HSCC17 Pittsburgh, PA, USA April, 2017 1 Switching logic synthesis

447 views • 19 slides
Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Lecture 1: Overview of System Synthesis A. Pnueli Lectures Outline Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli Fair Discrete Systems and their Computations. Model Checking Invariance and

309 views • 19 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Distributed synthesis for synchronous systems 1 Paul Gastin LSV ENS de Cachan & CNRS

Distributed synthesis for synchronous systems 1 Paul Gastin LSV ENS de Cachan & CNRS

Distributed synthesis for synchronous systems 1 Paul Gastin LSV ENS de Cachan & CNRS Paul.Gastin@lsv.ens-cachan.fr Dec 6th, 2006 1 Joint work with Nathalie Sznajder and Marc Zeitoun 1 / 41 Outline Synthesis and control for sequential

1.04k views • 100 slides
Controller Synthesis for Linear Hybrid Systems SynCoP and PV April 14th, 2018 Marco Faella

Controller Synthesis for Linear Hybrid Systems SynCoP and PV April 14th, 2018 Marco Faella

Controller Synthesis for Linear Hybrid Systems SynCoP and PV April 14th, 2018 Marco Faella Universit di Napoli Federico II, Italy Summary Hybrid systems Controller synthesis safety control reachability control Tool

1.06k views • 74 slides
Logic synthesis for post-CMOS technologies Eleonora Testa Integrated Systems Laboratory EPFL,

Logic synthesis for post-CMOS technologies Eleonora Testa Integrated Systems Laboratory EPFL,

Logic synthesis for post-CMOS technologies Eleonora Testa Integrated Systems Laboratory EPFL, Lausanne, Switzerland Joint work with Mathias Soeken and Giovanni De Micheli February, 2017 Logic synthesis HDL module function ( Translate a,

578 views • 23 slides
Genie Distributed Systems Synthesis and Verification Marc Rosen EN.600.667: Advanced Distributed

Genie Distributed Systems Synthesis and Verification Marc Rosen EN.600.667: Advanced Distributed

Genie Distributed Systems Synthesis and Verification Marc Rosen EN.600.667: Advanced Distributed Systems and Networks May 1, 2017 1 / 35 Outline Introduction Problem Statement Prior Art Demo How does it work? Code Generation How does it

504 views • 35 slides
Symbolic Encodings of Bounded Synthesis Saarland University Peter Faymonville 1 , Bernd Finkbeiner

Symbolic Encodings of Bounded Synthesis Saarland University Peter Faymonville 1 , Bernd Finkbeiner

Symbolic Encodings of Bounded Synthesis Saarland University Peter Faymonville 1 , Bernd Finkbeiner 1 , Markus N. Rabe 2 , Leander Tentrup 1 1 Reactive Systems Group 2 UC Berkeley Reactive synthesis Synthesis realizable unrealizable bound

468 views • 33 slides
Architectural Synthesis and Exploration using Term Rewriting Systems Arvind James C. Hoe

Architectural Synthesis and Exploration using Term Rewriting Systems Arvind James C. Hoe

Architectural Synthesis and Exploration using Term Rewriting Systems Arvind James C. Hoe Laboratory for Computer Science Massachusetts Institute of Technology http:/ /www.csg.lcs.mit.edu Outline u Introduction u Term Rewriting Systems (TRS)

425 views • 30 slides
Synthesis of Carbon Synthesis of Carbon Nanotubes Nanotubes Polina Shifrina Supervisors: Dr.

Synthesis of Carbon Synthesis of Carbon Nanotubes Nanotubes Polina Shifrina Supervisors: Dr.

Synthesis of Carbon Synthesis of Carbon Nanotubes Nanotubes Polina Shifrina Supervisors: Dr. Stephanie Reich, Heiko Dumlich 12.05.2011 Synthesis of CNT s Synthesis of CNT s Arc Discharge (1991) Laser Ablation (1995) Chemical

414 views • 17 slides
Synthesis of Embedded Control Software Ufuk Topcu Caltech, Control and Dynamical Systems

Synthesis of Embedded Control Software Ufuk Topcu Caltech, Control and Dynamical Systems

Synthesis of Embedded Control Software Ufuk Topcu Caltech, Control and Dynamical Systems Papers, slides, notes, software tools at www.cds.caltech.edu/~UTopcu CMACS, CMU, Fall 2010 Synthesis of Embedded Control Software Joint work with N.

628 views • 52 slides
Computable analysis and control synthesis over complex dynamical systems via formal verification

Computable analysis and control synthesis over complex dynamical systems via formal verification

Computable analysis and control synthesis over complex dynamical systems via formal verification Alessandro Abate Department of Computer Science, University of Oxford Delft Center for Systems and Control, TU Delft September 25, 2013

575 views • 42 slides
Testing Database Management Systems via Pivoted Query Synthesis Manuel Rigger Oct 18., 2019

Testing Database Management Systems via Pivoted Query Synthesis Manuel Rigger Oct 18., 2019

Testing Database Management Systems via Pivoted Query Synthesis Manuel Rigger Oct 18., 2019 Workshop on Dependable and Secure Software Systems 2019 @RiggerManuel @ast_eth Database Management Systems PostgreSQL 2 Database Management Systems

1.54k views • 121 slides
Automated synthesis of reliable and efficient systems through game theory: a case study Mickael

Automated synthesis of reliable and efficient systems through game theory: a case study Mickael

Automated synthesis of reliable and efficient systems through game theory: a case study Mickael Randour UMONS - University of Mons 03.09.2012 European Conference on Complex Systems Context Case study Final words Background I must confess.

606 views • 56 slides
Why Again Logic Synthesis Giovanni De Micheli Why again logic synthesis? Strong

Why Again Logic Synthesis Giovanni De Micheli Why again logic synthesis? Strong

Why Again Logic Synthesis Giovanni De Micheli Why again logic synthesis? Strong intellectual value associated with logic synthesis and optimization Problems are far from being solved Current methods and tools grew out of control

372 views • 24 slides
Two Synthesis Approaches for CTL* Roderick Bloem 1 , Ayrat Khalimov 1 , Sven Schewe 2 2 1 1

Two Synthesis Approaches for CTL* Roderick Bloem 1 , Ayrat Khalimov 1 , Sven Schewe 2 2 1 1

Two Synthesis Approaches for CTL* Roderick Bloem 1 , Ayrat Khalimov 1 , Sven Schewe 2 2 1 1 Rigorous Systems Engineering LTL/CTL* synthesis problem Specification: LTL formula: ( ) Inputs: , outputs: Find

207 views • 17 slides
High Level Synthesis of GALS Systems Mahdi Jelodari Mamaghani

High Level Synthesis of GALS Systems Mahdi Jelodari Mamaghani

High Level Synthesis of GALS Systems Mahdi Jelodari Mamaghani and Jim D. Garside School of Computer Science University of Manchester, UK 17 th March

594 views • 20 slides
A General Approach for Synthesis of Supervisors for Partially-Observed Discrete-Event Systems

A General Approach for Synthesis of Supervisors for Partially-Observed Discrete-Event Systems

A General Approach for Synthesis of Supervisors for Partially-Observed Discrete-Event Systems Xiang Yin and Stphane Lafortune EECS Department, University of Michigan 19th IFAC WC, August 24-29, 2014, Cape Town, South Africa 1/18 X.Yin &

1.02k views • 47 slides
Analysis and Synthesis of Communication-Intensive Heterogeneous Real-Time Systems Paul Pop

Analysis and Synthesis of Communication-Intensive Heterogeneous Real-Time Systems Paul Pop

Analysis and Synthesis of Communication-Intensive Heterogeneous Real-Time Systems Paul Pop Computer and Information Science Dept. Linkpings universitet 1 of 14 1 Outline Introduction System-level design and modeling Conditional

723 views • 39 slides
On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis

On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis

On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis Xiang Yin and Stphane Lafortune EECS Department, University of Michigan 13th WODES, May 30-June 1, 2016 , Xian, China 0/14 X.Yin &

760 views • 55 slides
Synthesis, Formulation, and Testing of 3,4-DNP *Dr. Jacob Morris, Jim Phillips, Dr. Neil Tucker,

Synthesis, Formulation, and Testing of 3,4-DNP *Dr. Jacob Morris, Jim Phillips, Dr. Neil Tucker,

1 Synthesis, Formulation, and Testing of 3,4-DNP *Dr. Jacob Morris, Jim Phillips, Dr. Neil Tucker, Robyn Wilmoth BAE Systems Ordnance Systems Inc. Holston Army Ammunition Plant, Kingsport TN, USA Not Export Controlled per PS-2019-DR-1383

645 views • 21 slides
Parameter Synthesis with IC3 A. Cimatti, A. Griggio , S. Mover, S. Tonetta FBK, Trento, Italy

Parameter Synthesis with IC3 A. Cimatti, A. Griggio , S. Mover, S. Tonetta FBK, Trento, Italy

FMCAD 2013 Parameter Synthesis with IC3 A. Cimatti, A. Griggio , S. Mover, S. Tonetta FBK, Trento, Italy Motivations and Contributions Parametric descriptions of systems arise in many domains E.g. software, cyber-physical systems, task

375 views • 23 slides

More recommend