. . . . . .

IntroductionApproachesApplications

Specialized Logic

Logic for Computer Security

Jack Yao

HKUST

rainoftime@gmail.com

December 20, 2015

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Overview

1 Introduction

2 ApproachesModel checkingInductive ProofType theorySAT and SMT

3 ApplicationsSecurity ProtocolsOS SecuritySoftware Model Checking

4 Specialized LogicModel Logic and its variantsLinear LogicBunched logicOthers

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Areas of Applications

Computer Security

Multilevel Operating System

Access Control Policies

Network Security

Public-Key Infrastructure and Trust Management

Cryptographic Authentication Protocols

Other areas: databases, firewalls, routers, intrusion detection

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Contribution of Logic

Undecidability or complexity Results

Safety problem for discretionary access control

Cryptographic protocol analysis

Theorem Proving Environments

Verifying correctness of formal OS specifications

Inductive proofs of cryptographic protocols

Logic Programming

Prolog programs for cryptographic protocol analysis, etc

Model Checking

Cryptographic protocol analysis

More and more work on software model checking

Specialized Logics

Linear Logic, Separation Logic, Affine Logic, etc

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Roles of Logic

Model theory

Study semantic

What does the the assertion language mean?

Proof theory

Formally proving security properties

Automatic or Interactive?

Recursion(Computability) theory

Is it possible to verify something?

If yes, what’s the price?

Specialized logic

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Proof Systems

Goals: formally prove propertiesAxioms

Formulas predefined in the certain logic

Or simple formulas proved by hand and used as axioms.

Inference rules

Proof steps

Theorem

Formula obtained from axioms by application of inference rules

Techniques

Hilbert-frege style(e.g, originally, Hoare logic used this)

Gentzen’s Natural deduction and sequent calculi

Nested sequent, labeled sequent, display calculi, etc.

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Other tools for modeling and proving

Tree Automata, Graph Automata..

Graph based IR and program analysis

Pushdown system(PDS), WSTS(e.g, petri net)

Term rewriting system

Algebra and calculus(CSP, CCS, pi calculus..)

...

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Model checking

Developed independently by Clarke and Emerson and byQueille and Sifakis in early 80s

Originally, temporal logic model checking(specifications arewritten in propositional temporal logic)

Verification procedure is an intelligent exhaustive search of thestate space of the design

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Advantages and Disadvantage

Advantages:

No proofs!!(Algorithmic rather than Deductive)

Diagnostic counterexamples

Allow partial specification

Flow and path sensitive, but fast(compared to theoremproving)

Disadvantages:

State explosion!!

Development: symbolic MC, bounded MC(usually with SATsolver), CEGAR..

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Model checking Tools

State-space search for reachability of insecure states

History: back to 1984, Interrogator program in Prolog

General-purpose model-checkers

Search automatically given initial conditions, bounds

Roscoe and Lowe, FDR(model-checker for CSP), 1995

Clarke et al, SMV, 1998

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Software model checking

Tools for verifying source code combine many techniques

Program analysis techniques such as slicing, range analysis

Abstraction: e.g, abstract interpretation

Model checking, SAT and SMT solving...

Refinement from counter-examples(CEGAR)

New challenges for MC(beyond finite-state reachability analysis)

Recursion gives pushdown control: pushdown system, higherorder MC..

Pointers, dynamic objects, inheritence...

A very active and emerging area

Abstraction-based tools: SLAM, BLAST

Direct state encoding: CBMC, CheckFence

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Inductive Proofs

Application of general-purpose specification and verification toolsInfluential Examples:

L.Paulson, ”The inductive approach to verifying cryptographicprotocols”, J. Comp. Sec.98(used Isabelle)

L.Beringer et al, ”Verified Correctness and Security ofOpenSSL HMAC”, Usenix Sec.15

Tools: Coq, Isabelle, PVS, Automath, Agda...

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Types and security

We want to check specification vs. the code; Types can bespecification.Type system is

Part of nearly all mainstream languages

Usually flow-insensitive, thus efficient

Relation with proof theory(for some functional language andtheorem provers)

C-H isomorphism: proposition as type, and proving as typechecking

Essentially, it is a natural deduction style proof.

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Substructural type

Borrow the ideas from substructural logic

Affine logic, linear logic, relevant logic...

Key insights:

Restrict the use of resource: number, ordering, etc.

Examples:

Linear Type system.

Affine Type, Turner et al.

Hoare Type, David Walker and G.Morrisett

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Flow sensitive type

Extending standard type systems with flow-sensitive type qualifiers.Used to ”encode” flow information

J.Foster, Flow-Sensitive Type Qualifiers, PLDI 02

S.Hunt, On Flow-Sensitive Security Types, POPL 06

...

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

Dependent type

Foundations for many theorem provers, and integrated into generalprogramming lang

Theorem proving: Coq, Agda, F star,...

General programming lang: Lightweight support in Haskell,and full in Idris..

Some variants:

Refinement type Studied intensively in recent years. Andusually implemented with SMT solver.

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model checkingInductive ProofType theorySAT and SMT

The Story of SAT

Propositional Satisfiability: Given a formula over Boolean variables,is there an assignment of 0 or 1s to vars which makes the formulatrue?

Canonical NP-hard problem (Cook 1971)

Enormous progress in tools that can solve instances with1000s of variables and millions of clauses

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Security ProtocolsOS SecuritySoftware Model Checking

Security Protocol

Applications

military communications, business communications, electroniccommerce, privacy

Examples

Kerberos: MIT protocol for unitary login to network services

SSL (Secure Socket Layer, used in Web browsers)

IPSec: standard suite of Internet protocols due to the IETF

SET (Secure Electronic Transaction) protocol

PGP (Pretty Good Privacy)

Verification of security protocols has been and is still a very activeresearch area

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Security ProtocolsOS SecuritySoftware Model Checking

Solutions to undecidability

Abstraction

Tree automata(TA4SP)

Horn clauses(ProVerif)

User help

Logics(BAN, PCL,...)

Even use iteractive proving

Decidable subclass

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Security ProtocolsOS SecuritySoftware Model Checking

File systems

File systems are complex and have bugsResearch on finding bugs:

Crash injection(e.g, EXPLODE, OSDI 06)

Symbolic execution(e.g., EXE, Okaland 06)

...

Elimination of bugs by proving:

BilbyFS, Keller 14

UBIFS, Ernst et al. 13

FSCQ(with Hoare Crash Logic),SOSP 15

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Security ProtocolsOS SecuritySoftware Model Checking

Software model checking

Active area of researchExamples of tools:

Bandera[Dwyer]: Java to SPIN/SMV/* using user-guidedabstraction mapping and slicing/abstract interpretation

SLAM[Tom Ball]: C to ”Boolean programs”, automaticabstraction refinement using predicate abstraction

JavaPathFinder: Java model-checking using special JVM andmodel-checker...

SAGE: random testing.

Challenges:

Language features: function pointers, higher order function...

Scalability: modular, incremental, parallel?

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Security ProtocolsOS SecuritySoftware Model Checking

Two main approaches in Software MC

Systematic software testing

Idea: control the execution of concurrent processes byintercepting systems calls related to communication, andautomatically drive the entire system through many scenarios

Flexible and scalable approach (code independent)

Counterexamples arise from code execution (sound)

Provide complete state-space coverage up to some depth only(incomplete)

Static analysis for automatic model extraction

Idea: parse code to generate an abstract model which is thenanalyzed by model-checker; abstraction may/must be guidedby the user

Coverage can be exhaustive (can be complete)

Abstraction may cause spurious counterexamples(unsound)

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Security ProtocolsOS SecuritySoftware Model Checking

Software MC and logic

Key insights:

Let A be an abstract domain for static analysis. The elementsof A act both as computational values and as logic assertions!

Data flow analysis, predicate abstraction, and CEGAR-basedmodel checking all exploit this coincidence!

Unify different approaches: deductive proving, SAT/SMT, abstractinterpretation, model checking...

Symbolic abstract interpretation, Thakur and Reps

Abstract interpretation as automatic deduction..(working onit..)

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

Temporal Logic

Recall model checking section..

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

Belief Logics: BAN Logic

The BAN (Burrows, Abadi, and Needham)logic

Modal logic of belief plus specialized predicates and inferencerules

Protocol messages are idealized into logical statements

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

Linear Logic

J.-Y. Girard, ”Linear logic”, Theoretical Comp. Sci, 1987

Used to model state-transition systems, inspire other logic

Great impact on logic(proof theory) and cs(verification)community.

Application to security

Model-checking with linear-logic symbolic search tool LLF,LICS 96

A Linear Logic for Authorization and Knowledge, ESORICS 06

...

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

Bunched logic

By Ohearn and Pym, and has many variants(BI, CBI,BBI..etc)

Bunched logics extend classical or intuitionistic logic withvarious ”linear” or multiplicative connectives(borrow fromlinear logic)

Formulas can be understood as sets of ”worlds” (often”resources”) in an underlying model

Boolean BI(BBI) is the foundation of Separation Logic!

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

Affine Logic

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

Region Logic

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

The End

Jack Yao Logic4Sec

. . . . . .

IntroductionApproachesApplications

Specialized Logic

Model Logic and its variantsLinear LogicBunched logicOthers

Reference

Jonathan Millen

Rajeev Alur

Bruno Blanchet

Jack Yao Logic4Sec