Upload
rainoftime
View
221
Download
0
Embed Size (px)
Citation preview
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Logic for Computer Security
Jack Yao
HKUST
December 20, 2015
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Overview
1 Introduction
2 ApproachesModel checkingInductive ProofType theorySAT and SMT
3 ApplicationsSecurity ProtocolsOS SecuritySoftware Model Checking
4 Specialized LogicModel Logic and its variantsLinear LogicBunched logicOthers
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Areas of Applications
Computer Security
Multilevel Operating System
Access Control Policies
Network Security
Public-Key Infrastructure and Trust Management
Cryptographic Authentication Protocols
Other areas: databases, firewalls, routers, intrusion detection
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Contribution of Logic
Undecidability or complexity Results
Safety problem for discretionary access control
Cryptographic protocol analysis
Theorem Proving Environments
Verifying correctness of formal OS specifications
Inductive proofs of cryptographic protocols
Logic Programming
Prolog programs for cryptographic protocol analysis, etc
Model Checking
Cryptographic protocol analysis
More and more work on software model checking
Specialized Logics
Linear Logic, Separation Logic, Affine Logic, etc
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Roles of Logic
Model theory
Study semantic
What does the the assertion language mean?
Proof theory
Formally proving security properties
Automatic or Interactive?
Recursion(Computability) theory
Is it possible to verify something?
If yes, what’s the price?
Specialized logic
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Proof Systems
Goals: formally prove propertiesAxioms
Formulas predefined in the certain logic
Or simple formulas proved by hand and used as axioms.
Inference rules
Proof steps
Theorem
Formula obtained from axioms by application of inference rules
Techniques
Hilbert-frege style(e.g, originally, Hoare logic used this)
Gentzen’s Natural deduction and sequent calculi
Nested sequent, labeled sequent, display calculi, etc.
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Other tools for modeling and proving
Tree Automata, Graph Automata..
Graph based IR and program analysis
Pushdown system(PDS), WSTS(e.g, petri net)
Term rewriting system
Algebra and calculus(CSP, CCS, pi calculus..)
...
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Model checking
Developed independently by Clarke and Emerson and byQueille and Sifakis in early 80s
Originally, temporal logic model checking(specifications arewritten in propositional temporal logic)
Verification procedure is an intelligent exhaustive search of thestate space of the design
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Advantages and Disadvantage
Advantages:
No proofs!!(Algorithmic rather than Deductive)
Diagnostic counterexamples
Allow partial specification
Flow and path sensitive, but fast(compared to theoremproving)
Disadvantages:
State explosion!!
Development: symbolic MC, bounded MC(usually with SATsolver), CEGAR..
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Model checking Tools
State-space search for reachability of insecure states
History: back to 1984, Interrogator program in Prolog
General-purpose model-checkers
Search automatically given initial conditions, bounds
Roscoe and Lowe, FDR(model-checker for CSP), 1995
Clarke et al, SMV, 1998
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Software model checking
Tools for verifying source code combine many techniques
Program analysis techniques such as slicing, range analysis
Abstraction: e.g, abstract interpretation
Model checking, SAT and SMT solving...
Refinement from counter-examples(CEGAR)
New challenges for MC(beyond finite-state reachability analysis)
Recursion gives pushdown control: pushdown system, higherorder MC..
Pointers, dynamic objects, inheritence...
A very active and emerging area
Abstraction-based tools: SLAM, BLAST
Direct state encoding: CBMC, CheckFence
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Inductive Proofs
Application of general-purpose specification and verification toolsInfluential Examples:
L.Paulson, ”The inductive approach to verifying cryptographicprotocols”, J. Comp. Sec.98(used Isabelle)
L.Beringer et al, ”Verified Correctness and Security ofOpenSSL HMAC”, Usenix Sec.15
Tools: Coq, Isabelle, PVS, Automath, Agda...
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Types and security
We want to check specification vs. the code; Types can bespecification.Type system is
Part of nearly all mainstream languages
Usually flow-insensitive, thus efficient
Relation with proof theory(for some functional language andtheorem provers)
C-H isomorphism: proposition as type, and proving as typechecking
Essentially, it is a natural deduction style proof.
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Substructural type
Borrow the ideas from substructural logic
Affine logic, linear logic, relevant logic...
Key insights:
Restrict the use of resource: number, ordering, etc.
Examples:
Linear Type system.
Affine Type, Turner et al.
Hoare Type, David Walker and G.Morrisett
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Flow sensitive type
Extending standard type systems with flow-sensitive type qualifiers.Used to ”encode” flow information
J.Foster, Flow-Sensitive Type Qualifiers, PLDI 02
S.Hunt, On Flow-Sensitive Security Types, POPL 06
...
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
Dependent type
Foundations for many theorem provers, and integrated into generalprogramming lang
Theorem proving: Coq, Agda, F star,...
General programming lang: Lightweight support in Haskell,and full in Idris..
Some variants:
Refinement type Studied intensively in recent years. Andusually implemented with SMT solver.
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model checkingInductive ProofType theorySAT and SMT
The Story of SAT
Propositional Satisfiability: Given a formula over Boolean variables,is there an assignment of 0 or 1s to vars which makes the formulatrue?
Canonical NP-hard problem (Cook 1971)
Enormous progress in tools that can solve instances with1000s of variables and millions of clauses
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Security ProtocolsOS SecuritySoftware Model Checking
Security Protocol
Applications
military communications, business communications, electroniccommerce, privacy
Examples
Kerberos: MIT protocol for unitary login to network services
SSL (Secure Socket Layer, used in Web browsers)
IPSec: standard suite of Internet protocols due to the IETF
SET (Secure Electronic Transaction) protocol
PGP (Pretty Good Privacy)
Verification of security protocols has been and is still a very activeresearch area
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Security ProtocolsOS SecuritySoftware Model Checking
Solutions to undecidability
Abstraction
Tree automata(TA4SP)
Horn clauses(ProVerif)
User help
Logics(BAN, PCL,...)
Even use iteractive proving
Decidable subclass
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Security ProtocolsOS SecuritySoftware Model Checking
File systems
File systems are complex and have bugsResearch on finding bugs:
Crash injection(e.g, EXPLODE, OSDI 06)
Symbolic execution(e.g., EXE, Okaland 06)
...
Elimination of bugs by proving:
BilbyFS, Keller 14
UBIFS, Ernst et al. 13
FSCQ(with Hoare Crash Logic),SOSP 15
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Security ProtocolsOS SecuritySoftware Model Checking
Software model checking
Active area of researchExamples of tools:
Bandera[Dwyer]: Java to SPIN/SMV/* using user-guidedabstraction mapping and slicing/abstract interpretation
SLAM[Tom Ball]: C to ”Boolean programs”, automaticabstraction refinement using predicate abstraction
JavaPathFinder: Java model-checking using special JVM andmodel-checker...
SAGE: random testing.
Challenges:
Language features: function pointers, higher order function...
Scalability: modular, incremental, parallel?
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Security ProtocolsOS SecuritySoftware Model Checking
Two main approaches in Software MC
Systematic software testing
Idea: control the execution of concurrent processes byintercepting systems calls related to communication, andautomatically drive the entire system through many scenarios
Flexible and scalable approach (code independent)
Counterexamples arise from code execution (sound)
Provide complete state-space coverage up to some depth only(incomplete)
Static analysis for automatic model extraction
Idea: parse code to generate an abstract model which is thenanalyzed by model-checker; abstraction may/must be guidedby the user
Coverage can be exhaustive (can be complete)
Abstraction may cause spurious counterexamples(unsound)
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Security ProtocolsOS SecuritySoftware Model Checking
Software MC and logic
Key insights:
Let A be an abstract domain for static analysis. The elementsof A act both as computational values and as logic assertions!
Data flow analysis, predicate abstraction, and CEGAR-basedmodel checking all exploit this coincidence!
Unify different approaches: deductive proving, SAT/SMT, abstractinterpretation, model checking...
Symbolic abstract interpretation, Thakur and Reps
Abstract interpretation as automatic deduction..(working onit..)
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
Temporal Logic
Recall model checking section..
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
Belief Logics: BAN Logic
The BAN (Burrows, Abadi, and Needham)logic
Modal logic of belief plus specialized predicates and inferencerules
Protocol messages are idealized into logical statements
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
Linear Logic
J.-Y. Girard, ”Linear logic”, Theoretical Comp. Sci, 1987
Used to model state-transition systems, inspire other logic
Great impact on logic(proof theory) and cs(verification)community.
Application to security
Model-checking with linear-logic symbolic search tool LLF,LICS 96
A Linear Logic for Authorization and Knowledge, ESORICS 06
...
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
Bunched logic
By Ohearn and Pym, and has many variants(BI, CBI,BBI..etc)
Bunched logics extend classical or intuitionistic logic withvarious ”linear” or multiplicative connectives(borrow fromlinear logic)
Formulas can be understood as sets of ”worlds” (often”resources”) in an underlying model
Boolean BI(BBI) is the foundation of Separation Logic!
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
Affine Logic
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
Region Logic
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
The End
Jack Yao Logic4Sec
. . . . . .
IntroductionApproachesApplications
Specialized Logic
Model Logic and its variantsLinear LogicBunched logicOthers
Reference
Jonathan Millen
Rajeev Alur
Bruno Blanchet
Jack Yao Logic4Sec