Internet Security Internet Security CSCE 813CSCE 813
Communicating Sequential Communicating Sequential ProcessesProcesses
CSCE 813 - Farkas 2
ReadingReading
Today: – Modelling and analysis of security protocols:
Chapter 1
Next Class: – Modelling and analysis of security protocols:
Chapter 1 and 2
CSCE 813 - Farkas 3
CSP ObjectivesCSP Objectives
Model dynamicsModel and analyze concurrency
– E.g., calculation intensive systems, distributed applications
Support parallelism
CSCE 813 - Farkas 4
CSPCSPNotation for describing systems of parallel
agents that communicate by passing messages between them
Formal study of systems– Concurrency– Security
Mathematical notation for describing interaction– Different components influence each other
CSCE 813 - Farkas 5
CSP ComponentsCSP Components
Processes Operators Communication: visible events:
Invisible (internal) event: CSP: allows to describe the states in which
processes might be allows to work out what actions are immediately possible for the process and what the result states of the actions are
CSCE 813 - Farkas 6
Message PassingMessage Passing
Synchronous: both processes MUST be ready to communicate
Non-buffered sends and receivesExplicit naming of source and destination
processes
CSCE 813 - Farkas 7
MessagesMessages
Process A Process B
Send (B, message) Receive (A, message)
Input command: <source-process> ?<target value>e.g., keyboard?m
Output command: <destination process>!<target value>e.g., screen?average
CSCE 813 - Farkas 8
CommunicationCommunication
Process P executes and input command specifying process Q as its source AND
Process Q executes an output command specifying process P as its destination AND
The target variable in the input statement matches the value in the output statement
CSCE 813 - Farkas 9
Program EquivalenceProgram Equivalence
Two programs P1 and P2 are equivalent if they produce patterns of visible actions that cannot be distinguished by an observer.
Only the communications of a program matters!
CSCE 813 - Farkas 10
CommunicationCommunicationPrefix: given a process P and a
communication a in , a → P is a program that– Performs a then– Behaves as P
Given in, out in what is – in → out → P
Process Stop: no visible or non-visible action– Given a in what is a → Stop
CSCE 813 - Farkas 11
Build ProcessesBuild Processes
Consider: Given a,b,c in – Proc = a → b → c → Stop– Proc: finite succession of choices before
stopping – Proc’s environment might choose not to
accepted any of a,b,c, so it might get stuck before Stop
CSCE 813 - Farkas 12
Build ProcessesBuild Processes
Recursion: processes “go on forever” Looping back to a state they have been before
1. Alt = to → fro → Alt
2. Dalt = to → fro → to → fro → Dalt
3. Malt1 = to → Malt2
4. Malt2 = fro → Malt1
5. Nalt = to → fro → Dalt
1. 1, 2, 5, and (3,4) are equivalent programs
CSCE 813 - Farkas 13
PrefixPrefix
Offering a single action Offering of choice: any set of visible actions
– If A , ?x : A → P(x) represent all the actions in A– x is the parameter of P -- parameters can be used in
events or manipulated– When a A is chosen, it behaves like P(a)
Example: always prepared to offer any event from A – RUNA = ?x : A → RUNA
CSCE 813 - Farkas 14
Compound eventsCompound events
Coding Machine example– CM1(s) = ?x : L {off} → CM1’ (s,x)– CM1’(s,off) = Stop– CM1’(s,x) = crypt(s,x) → CM1(newstate(s,x)) (x L)
Action: channel name followed by zero or more data components
Coding Machine example without off– CM2(s) = in?x → out!crypt(s,x) → CM2(newstate(s,x))
CSCE 813 - Farkas 15
Choice OperatorsChoice Operators
Deterministic finite state machine over finite
– e.g., Pi = ? X : Ai → Pi’(x)
Choice operator: – Gives the option between the actions of two
processes then– Behaves like the one chosen
CSCE 813 - Farkas 16
Choice OperatorChoice Operator
Example Choice– if A = B C then
?x : A → P(x) = (?x : B → P(x)) (?x : C → P(x) )
Stop and equivalence – if A = A Ø then
?x : A → P(x) = (?x : A → P(x)) Stop that is P P Stop
– If B= Ø then ?x : B → P(x) Stop
CSCE 813 - Farkas 17
Choice OperatorChoice Operator
Revisit: if A = B C then?x : A → P(x) = (?x : B → P(x)) (?x : C → P(x) )
If B and C are disjoint: together they give all the choices in A
What happens if B and C overlap?– Given processes P and Q, what does P Q mean? – Choosing an action x B C what is the result of
(?x : B → P(x)) (?x : C → Q(x) )– CSP allows the implementor to make a choice between the
two sides– After action x, the process may behave as P(x) or Q(x), the
environment has no control over it.
CSCE 813 - Farkas 18
Non-determinismNon-determinism
Program acts nondeterministically if it is unpredictable
The program is allowed to make internal decision that affect how it behaves as viewed from the outside
Implementation is allowed to chooseE.g.,
(a → a → Stop) (a → b → Stop)
CSCE 813 - Farkas 19
Non-Deterministic Non-Deterministic ChoiceChoice
P Q – behaves like P or like Q– User has no control over which– Can be implemented using two internal actions– Implementer is not required to implement this way (can
choose either P or Q or (P or Q))
Useful for model degree of unpredictability, like communication medium that transmits data correctly or loose it.
CSCE 813 - Farkas 20
Non-Deterministic Non-Deterministic ChoiceChoice
P Q and P Q have identical traces: sequences of visible communications
In most circumstances it cannot be told whether a non-deterministic choice was made by observing the process.
What is the difference between
(a → P) Stop and (a → P) Stop ?
CSCE 813 - Farkas 21
Parallel OperatorsParallel Operators
Put sequential processes parallelSystem state: state of each component
– Number of possible states increases exponentially with the size of the network
How to put processes together for parallel network?
How to check whether such a network satisfies a specification?
CSCE 813 - Farkas 22
Parallel CombinationParallel Combination
Just an other process to which any of the previous operators can be applied.
Each parallel process is equivalent to a sequential one (with infeasibly large number of states)
CSP processes influence each other by affecting what communications they can perform.
CSCE 813 - Farkas 23
Parallel CombinationParallel Combination
Synchronize all visible actions– P || Q can perform a only when P and Q can – (?x : A → P(x)) || (?x : B → Q(x)) =
?x : A B → (P(x) || Q(x))
CSCE 813 - Farkas 24
Parallel CombinationsParallel Combinations
Interfaces parallel operator: P ||X Q– Synchronize all events in X
Example: – P = ?x : A → P’(x)– Q = ?x : B → Q’(x)
– P ||X Q = ?x : X A B → (P’(x) || Q’(x))
?x : A \ X → (P’(x) ||X Q)
?x : B \ X → (P||X Q’(x))
CSCE 813 - Farkas 25
Alphabet ControlledAlphabet Controlled
P X ||Y Q
Each process is given control of a particular set of events
No process is ever permitted to communicate outside of its own alphabet
Interface between two processes: intersection of their alphabet
CSCE 813 - Farkas 26
CSP OperatorsCSP Operators
Stop process does nothing a → P event prefix ?x:A → P event prefix choice P Q choice between two processes P Q nondeterministic choice P || Q lockstep parallel P ||X Q interface parallel P X ||Y Q synchronizing parallel
CSCE 813 - Farkas 27
Next Class: Next Class: CSP CH 1 finishCSP CH 1 finish
Modeling security protocols in CSPModeling security protocols in CSP