using data flow analysis for automatic checking of
play

Using Data Flow Analysis for Automatic Checking of Computational - PowerPoint PPT Presentation

Nov 19, 2022 •277 likes •760 views

Using Data Flow Analysis for Automatic Checking of Computational Confidentiality in Cryptographic Protocols Peeter Laud Tartu University and Cybernetica AS (joint work with Michael Backes) Teooriapevad Voorel, 29.0901.10.2006 p. 1/33

  1. Using Data Flow Analysis for Automatic Checking of Computational Confidentiality in Cryptographic Protocols Peeter Laud Tartu University and Cybernetica AS (joint work with Michael Backes) Teooriapäevad Voorel, 29.09–01.10.2006 – p. 1/33

  2. A distributed system. . . . . . can be modeled as application logic protocol logic cryptographic layer and network stack secure authentic insecure A Our task: analyse it! Does it preserve the secrecy of certain data? Teooriapäevad Voorel, 29.09–01.10.2006 – p. 2/33

  3. The simulatable cryptographic library May serve as the cryptographic layer / network stack. Takes API calls from the layer above to generate new encryption/decryption keys, encrypt and decrypt; both symmetrically and asymmetrically generate new signature keys, sign and verify; take and return (unstructured) data; construct and destruct tuples; send messages to other parties. Receives messages from other parties and forwards them to the layer above. The overlying layer accesses all messages through handles. Teooriapäevad Voorel, 29.09–01.10.2006 – p. 3/33

  4. The abstract cryptographic library application logic protocol logic cryptographic layer and network stack messages on insecure and authentic channels A scheduling A monolithic library — consists of a single machine. Cannot be directly implemented. Main part — a database of terms recording their structure and parties that have access to them. Terms in the database ≈ terms in the Dolev-Yao model. Possible operations also similar to the Dolev-Yao model. Teooriapäevad Voorel, 29.09–01.10.2006 – p. 4/33

  5. Terms Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  6. Terms x 1 := nonce () h1 nonce Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  7. Terms x 1 := nonce () x 2 := asymkeypair () h1 h2 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  8. Terms x 1 := nonce () x 2 := asymkeypair () x 3 := pubkey ( x 2 ) h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  9. Terms x 1 := nonce () x 2 := asymkeypair () x 3 := pubkey ( x 2 ) x 4 := store (10110 . . . ) h4 data 10110... h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  10. Terms x 1 := nonce () x 2 := asymkeypair () x 3 := pubkey ( x 2 ) x 4 := store (10110 . . . ) x 5 := ( x 4 , x 1 , x 3 ) h5 (,,) h4 data 10110... h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  11. Terms x 1 := nonce () x 2 := asymkeypair () x 3 := pubkey ( x 2 ) x 4 := store (10110 . . . ) h6 pk x 5 := ( x 4 , x 1 , x 3 ) h5 x 6 := receive (,,) h4 data 10110... h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  12. Terms x 1 := nonce () x 2 := asymkeypair () x 3 := pubkey ( x 2 ) h1 x 4 := store (10110 . . . ) sk pk x 5 := ( x 4 , x 1 , x 3 ) h5 (,,) h4 data y 1 := asymkeypair () 10110... h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  13. Terms x 1 := nonce () x 2 := asymkeypair () x 3 := pubkey ( x 2 ) h1 x 4 := store (10110 . . . ) sk pk x 5 := ( x 4 , x 1 , x 3 ) h2 h5 (,,) h4 data y 1 := asymkeypair () 10110... y 2 := pubkey ( y 1 ) h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  14. Terms x 1 := nonce () x 2 := asymkeypair () x 3 := pubkey ( x 2 ) h1 x 4 := store (10110 . . . ) h6 sk pk x 5 := ( x 4 , x 1 , x 3 ) h2 h5 x 6 := receive (,,) h4 data y 1 := asymkeypair () 10110... y 2 := pubkey ( y 1 ) send y 2 h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  15. Terms x 1 := nonce () h7 enc x 2 := asymkeypair () x 3 := pubkey ( x 2 ) h1 x 4 := store (10110 . . . ) h6 sk pk x 5 := ( x 4 , x 1 , x 3 ) h2 h5 x 6 := receive (,,) x 7 := pubenc ( x 6 , x 5 ) h4 data y 1 := asymkeypair () 10110... y 2 := pubkey ( y 1 ) send y 2 h1 h2 h3 nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  16. Terms x 1 := nonce () h7 enc h3 x 2 := asymkeypair () x 3 := pubkey ( x 2 ) h1 x 4 := store (10110 . . . ) h6 sk pk x 5 := ( x 4 , x 1 , x 3 ) h2 h5 x 6 := receive (,,) x 7 := pubenc ( x 6 , x 5 ) h4 send x 7 data y 1 := asymkeypair () 10110... y 2 := pubkey ( y 1 ) send y 2 h1 h2 h3 y 3 := receive nonce sk pk Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  17. Terms x 1 := nonce () h7 enc h3 x 2 := asymkeypair () x 3 := pubkey ( x 2 ) h1 x 4 := store (10110 . . . ) h6 sk pk x 5 := ( x 4 , x 1 , x 3 ) h2 h5 x 6 := receive (,,) h4 x 7 := pubenc ( x 6 , x 5 ) h4 send x 7 data y 1 := asymkeypair () 10110... y 2 := pubkey ( y 1 ) send y 2 h1 h2 h3 y 3 := receive nonce sk pk y 4 := pubdec ( y 1 , y 3 ) Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  18. Terms x 1 := nonce () h7 enc x 2 := asymkeypair () h3 x 3 := pubkey ( x 2 ) x 4 := store (10110 . . . ) h1 x 5 := ( x 4 , x 1 , x 3 ) h6 sk pk x 6 := receive h2 h5 x 7 := pubenc ( x 6 , x 5 ) (,,) h4 send x 7 h4 y 1 := asymkeypair () data y 2 := pubkey ( y 1 ) 10110... send y 2 y 3 := receive h1 h2 h3 y 4 := pubdec ( y 1 , y 3 ) h5 nonce sk pk y 5 := 2 _ of _ 3( y 4 ) Teooriapäevad Voorel, 29.09–01.10.2006 – p. 5/33

  19. Dolev-Yao vs. simul. cryptolib There exists a large body of work analysing protocols with semantics in the Dolev-Yao model. Our abstract cryptographic library is very similar to it. Some differences: The adversary can learn public key from an asymmetric encryption, the identity of the key from a symmetric encryption. The adversary can create “empty” ciphertexts and garbage terms. The adversary can modify signatures (but cannot change the signed text), empty symmetric ciphertexts — can fix the plaintext. The methods for Dolev-Yao carry over. Teooriapäevad Voorel, 29.09–01.10.2006 – p. 6/33

  20. Simulatability ∃ Sim , such that for all A and almost all H : H A ≈ H Sim A The views of the user H must be indistinguishable. Conditions on H nontrivial, but not too restrictive. Teooriapäevad Voorel, 29.09–01.10.2006 – p. 7/33

  21. A protocol participant Theorem. (B & Pf, S&P ’05) A protocol participant keeps a data item M received from above API calls secret if M is passed downwards only Program as unstructured data. M will not become known to the adversary. API calls M does not affect the control flow of the Program. Simulation also requires No encryption cycles A symmetric key used by a participant does not become known to the adversary Teooriapäevad Voorel, 29.09–01.10.2006 – p. 8/33

  22. Program Language Variables x ∈ Var . Constants / values n, v ∈ Z . Abstract channels c ∈ Chan . Expressions | | ::= symkey ( i ) asymkeypair () e n | | symenc ( e, e ) | asymenc ( e, e ) x | ( e, . . . , e ) | symdec ( e, e ) | asymdec ( e, e ) π j | | | i ( e ) nonce () pubkey ( e ) | | store ( e ) retrieve ( e ) Processes Threads P ::= P act | P inact | Reject receive c x from x ′ .P ::= T P inact ::= T 1 | · · · | T n | ! receive c x from x ′ .P let x := e in P else P ′ P act ::= Program: T 1 | · · · | T n | if e = e then P else P ′ | send c e to e.P inact Teooriapäevad Voorel, 29.09–01.10.2006 – p. 9/33

  23. Processing a message A machine implementing the protocol logic contains a list of threads, each with its own state. When a message M arrives, with the abstract channel C the apparent sender Y then we attempt to give it to the first thread. Teooriapäevad Voorel, 29.09–01.10.2006 – p. 10/33

  24. Giving a message to a thread M Message T 1 T 2 T k − 1 T k T k +1 T n Y Sender S 1 S 2 S k − 1 S k S k +1 S n C Abstr. channel (!) receive c x from x ′ .P Compare c and C . If c = C then. . . Teooriapäevad Voorel, 29.09–01.10.2006 – p. 11/33

  25. Starting the execution of a thread M Message T 1 T 2 T k − 1 T k T k +1 T n Y Sender S 1 S 2 S k − 1 S k S k +1 S n C Abstr. channel (!) receive C x from x ′ .P S k [ x �→ M, x ′ �→ Y ] P Execute: Teooriapäevad Voorel, 29.09–01.10.2006 – p. 12/33

  26. Normal end of execution M Message T 1 T 2 T k − 1 T k T k +1 T n Y Sender S 1 S 2 S k − 1 S k S k +1 S n C Abstr. channel receive C x from x ′ .P S k [ x �→ M, x ′ �→ Y ] P Execute: T ′ 1 | · · · | T ′ S ′ m T ′ T ′ T 1 T 2 T k − 1 T k +1 T n m 1 S ′ S ′ S 1 S 2 S k − 1 S k +1 S n Teooriapäevad Voorel, 29.09–01.10.2006 – p. 13/33

  27. Normal end of execution M Message T 1 T 2 T k − 1 T k T k +1 T n Y Sender S 1 S 2 S k − 1 S k S k +1 S n C Abstr. channel ! receive C x from x ′ .P S k [ x �→ M, x ′ �→ Y ] P Execute: T ′ 1 | · · · | T ′ S ′ m T ′ T ′ T 1 T 2 T k − 1 T k T k +1 T n m 1 S ′ S ′ S 1 S 2 S k − 1 S k S k +1 S n Teooriapäevad Voorel, 29.09–01.10.2006 – p. 14/33

  28. Abnormal end of execution M Message T 1 T 2 T k − 1 T k T k +1 T n Y Sender S 1 S 2 S k − 1 S k S k +1 S n C Abstr. channel (!) receive C x from x ′ .P S k [ x �→ M, x ′ �→ Y ] P Execute: S ′ Reject T 1 T 2 T k − 1 T k T k +1 T n S 1 S 2 S k − 1 S k S k +1 S n Teooriapäevad Voorel, 29.09–01.10.2006 – p. 15/33

  29. Giving a message to a thread M Message T 1 T 2 T k − 1 T k T k +1 T n Y Sender S 1 S 2 S k − 1 S k S k +1 S n C Abstr. channel (!) receive c x from x ′ .P Compare c and C . If c � = C then T 1 T 2 T k − 1 T k T k +1 T n S 1 S 2 S k − 1 S k S k +1 S n Teooriapäevad Voorel, 29.09–01.10.2006 – p. 16/33

Recommend

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful Reading: Sections 1.1-1.5, 2.1 Data-flow analysis (DFA) A framework for statically proving facts about program data. Focuses on simple, finite

1.04k views • 54 slides
1 Ways to improve data-flow analysis efficiency Example (liveness) 1st 2nd 3rd

1 Ways to improve data-flow analysis efficiency Example (liveness) 1st 2nd 3rd

Speeding Up Data-Flow Analysis Solving the Data-flow Equations Last time Algorithm Various optimizations that use data-flow analysis for each node n in CFG initialize solutions in[n] = ; out[n] = Today repeat Speeding up

418 views • 4 slides
Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by

Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by

Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by Erik Stenman and Michael Schwartzbach Data-flow analysis Example: liveness Data-flow analysis is a global analysis framework that can be used to

635 views • 11 slides
1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

Introduction to Data-flow analysis Data-flow Analysis Last Time Idea Undergraduate compilers review Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Assem.Instr data

903 views • 4 slides
Introduction to Data-flow analysis Last Time Implementing a Mark and Sweep GC Today

Introduction to Data-flow analysis Last Time Implementing a Mark and Sweep GC Today

Introduction to Data-flow analysis Last Time Implementing a Mark and Sweep GC Today Control flow graphs Liveness analysis Register allocation CS553 Lecture Introduction to Data-flow Analysis 1 Data-flow

435 views • 15 slides
Model Checking & Program Analysis Markus Mller-Olm Dortmund University Overview

Model Checking & Program Analysis Markus Mller-Olm Dortmund University Overview

Model Checking & Program Analysis Markus Mller-Olm Dortmund University Overview Introduction Model Checking Flow Analysis Some Links between MC and FA Conclusion Apology for not giving proper credit to other

535 views • 41 slides
CMSC 430 Introduction to Compilers Spring 2016 Data Flow Analysis Data Flow Analysis A

CMSC 430 Introduction to Compilers Spring 2016 Data Flow Analysis Data Flow Analysis A

CMSC 430 Introduction to Compilers Spring 2016 Data Flow Analysis Data Flow Analysis A framework for proving facts about programs Reasons about lots of little facts Little or no interaction between facts Works best on

502 views • 35 slides
Chapter 1 Data flow analysis Course Static analysis and all that Martin Steffen INF5906 /

Chapter 1 Data flow analysis Course Static analysis and all that Martin Steffen INF5906 /

Chapter 1 Data flow analysis Course Static analysis and all that Martin Steffen INF5906 / autum 2017 Chapter 1 Learning Targets of Chapter Data flow analysis. various DFAs monotone frameworks operational semantics foundations

1.08k views • 82 slides
Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow

Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow

Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow analysis Today Introduce lattice-theoretic frameworks for data-flow analysis CS553 Lecture Lattice Theoretic Framework for DFA 1 Context

421 views • 15 slides
Generalizing Data-flow Analysis Announcements Read Section 9.3 in the book Today

Generalizing Data-flow Analysis Announcements Read Section 9.3 in the book Today

Generalizing Data-flow Analysis Announcements Read Section 9.3 in the book Today Other types of data-flow analysis Reaching definitions, available expressions, reaching constants Abstracting data-flow analysis

383 views • 9 slides
Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Example How many registers do we need a := 0 1 for the program on the right? L1: b := a + 1 2

408 views • 12 slides
Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems

Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems

Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems Data Flow Abstract Analysis Interpretation Correctness Program Analysis p.1/23 Overview Introduction Data Flow Analysis Control Flow

279 views • 23 slides
Introduction Goal: Use programmers design decisions with automatic checking todetect potential

Introduction Goal: Use programmers design decisions with automatic checking todetect potential

0.5 setgray0 0.5 setgray1 Introduction Goal: Use programmers design decisions with automatic checking todetect potential errors. Extended Static Checking (ESC) tries to prove correctness at compile-time helps finding run-time exceptions

302 views • 11 slides
Compiler Construction Lecture 18: Data flow analysis framework 2020-03-10 Michael Engel

Compiler Construction Lecture 18: Data flow analysis framework 2020-03-10 Michael Engel

Compiler Construction Lecture 18: Data flow analysis framework 2020-03-10 Michael Engel Overview Data-flow analysis partial orders lattices operators Compiler Construction 18: Data flow analysis framework 2 CFGs

360 views • 25 slides
1 CSE Example CSE Approach 1 Before CSE After CSE Notation c := a + b c := a + b

1 CSE Example CSE Approach 1 Before CSE After CSE Notation c := a + b c := a + b

Program Optimizations using Data-Flow Analysis Dead Code Elimination Last time Remove statements that define only one variable and the variable being defined is not in the live out set. Lattice theoretic framework for data-flow analysis

291 views • 7 slides
Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x

CSE340 Principles of Programming Languages Hindley-Milner Type Checking Automatic Type Inference What can be inferred about type of f or x from this definition? f(x) = x Automatic Type Inference f(x) = x f is a function that takes a single

1.31k views • 73 slides
CMSC 430 Introduction to Compilers Fall 2018 Data Flow Analysis Applications and

CMSC 430 Introduction to Compilers Fall 2018 Data Flow Analysis Applications and

CMSC 430 Introduction to Compilers Fall 2018 Data Flow Analysis Applications and Implementations Data Flow Analysis A framework for proving facts about programs Reasons about lots of little facts Little or no interaction between

387 views • 12 slides
More Data Flow Analyses Reading: NNH 2.1 17-654/17-765 Analysis of Software Artifacts Jonathan

More Data Flow Analyses Reading: NNH 2.1 17-654/17-765 Analysis of Software Artifacts Jonathan

More Data Flow Analyses Reading: NNH 2.1 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich General Monotonicity Proofs We proved RD was monotone for data flow equations for a specific program Heres a more general

580 views • 23 slides
Semantic Analysis/Checking Symbol tables Semantic analysis: the final part of analysis half of

Semantic Analysis/Checking Symbol tables Semantic analysis: the final part of analysis half of

Semantic Analysis/Checking Symbol tables Semantic analysis: the final part of analysis half of compilation Key data structure during semantic analysis, code generation afterwards comes synthesis half of compilation Stores info about names

215 views • 5 slides
Dataflow Analysis Iterative Data-flow Analysis and Static-Single-Assignment cs5363 1

Dataflow Analysis Iterative Data-flow Analysis and Static-Single-Assignment cs5363 1

Dataflow Analysis Iterative Data-flow Analysis and Static-Single-Assignment cs5363 1 Optimization And Analysis Improving efficiency of generated code Correctness: optimized code must preserve meaning of the original program

467 views • 31 slides
HW/SW Codesign Analysis of Control & Data Flow I ECE 522 Control and Data Edges C programs

HW/SW Codesign Analysis of Control & Data Flow I ECE 522 Control and Data Edges C programs

HW/SW Codesign Analysis of Control & Data Flow I ECE 522 Control and Data Edges C programs (and pseudo-code) are often used as prototypes because they represent high-level descriptions of system behavior However, C is sequential and cannot

572 views • 15 slides
Automatic Classification of Automatic Classification of Audio Data Audio Data Carlos H. C.

Automatic Classification of Automatic Classification of Audio Data Audio Data Carlos H. C.

Automatic Classification of Automatic Classification of Audio Data Audio Data Carlos H. C. Lopes, Jaime D. Valle Jr. & Alessandro L. Koerich IEEE International Conference on Systems, Man and Cybernetics The Hague, The Netherlands October

1.17k views • 24 slides
Data-flow Analysis for Worst-Case Execution Time Stefan Bygde School of Innovation, Design and

Data-flow Analysis for Worst-Case Execution Time Stefan Bygde School of Innovation, Design and

Introduction Value Analysis APARTS Parametric WCET Analysis Data-flow Analysis for Worst-Case Execution Time Stefan Bygde School of Innovation, Design and Engineering, M alardalen University, Sweden April 14, 2011 Stefan Bygde Flow

874 views • 55 slides

More recommend