CSP Semantics

CSP Semantics ISA 763 Security Protocol Verification We thank Professor Csilla Farkas of USC for providing some transparencies that were used to construct this transparency

References • The Theory and Practice of Concurrency by A. W. Roscoe, available at web.comlab.ox.ac.uk/oucl/work/bill.roscoe/publications/68b.pdf • Chapters 4 and 5 of Modeling and analysis of security protocols by Peter Ryan and Steve Schneider. • The FDR2 User Manual available at http://www.fsel.com/documentation/fdr2/html/fdr2manual.html#SEC_Top • Formal Systems, FDR download, http://www.fsel.com/ • M. Morgenthal: Design and Validation of Computer Protocols, http://wwwtcs.inf.tu-dresden.de/~morgen/sem-ws02.html CSP Semantics

CSP Semantics - 1 • Operational Semantics • Interprets the language on an (abstract) machine: • such as the ones used in imperative languages using a program counter, next instruction stack etc. • Denotational Semantics • The language is translated to another abstract domain • Translate the basic constructs • Translate the combinators to constructs in the target domain • Use a compositionality principle to construct the denotation of the whole program from translated parts • Algebraic Semantics • Translate the language into a normal from by rewriting all programs in that form • Describe how to execute the program in normal form CSP Semantics

CSP Semantics - 2 • Operational Semantics • Interprets the language on an (abstract) machine: • Construct a labeled transition system (LTS) • Denotational Semantics • The language is translated to another abstract domain • Trace semantics, Failure Divergence Semantics • Algebraic Semantics • Translate the language into a normal from by rewriting all programs in that form • Proof rules CSP Semantics

Operational Semantics • Labeled transition system (LTS) • Nodes: state of the process • Directed edges: events • Visible events • Internal transitions • Recall Trace Refinement: S ⊑T T iff trace(T)  trace(S) CSP Semantics

An example LTS Image from M. Morgenthal CSP Semantics

Another LTS Example Image from M. Morgenthal CSP Semantics

Connection between LTS Examples • An Implementation of S as: A ||| B where AB = a  b  AB and AC = a  c  AC where • AA corresponds to AB ||| AC • BA corresponds to b→ AB ||| AC • AC corresponds to AB||| (c → AC) • BC corresponds to b → AB||| (c → AC) CSP Semantics

AA corresponds to • AB ||| AC • BA corresponds to • b→ AB ||| AC • AC corresponds to • AB||| (c → AC) • BC corresponds to • b → AB||| (c → AC) CSP Semantics

Traces Refinement Check Image from M. Morgenthal CSP Semantics

Trace Refinements • An implementation refines the trace of a process • Hence we would like an implementation to satisfy the specification • Which properties? • For his class, those trace properties used to specify security properties. CSP Semantics

Denotational Semantics • Recall Trace Semantics for CSP processes • Could not reason the difference between external choice and internal choice • Example: consider S={a,b} and Q1 ≡(a→STOP) □ (b→STOP) Q1 ≡(a→STOP) Π(b→STOP) Q3 ≡STOP Π(a→STOP) □(b→STOP) • Refusal set of Q1={} • Q2 can refuse {a} and {b} but not {a,b} • Q3 can refuse any subset of S. CSP Semantics

Refusal Sets P1 {c} P2 {c} a b t b {a, c} {b, c} {b, c} b a t a {a, b, c} {a, b, c} {a, b, c} {a, b, c} P4 {c} P3 {c} c c t t {b, c} {a, c} {b, c} {a, c} a b a b {a, b, c} {a, b, c} CSP Semantics {a, b, c} {a, b, c}

Refusal Sets • P1 ≡ (a → b→ STOP) □ (b → a → STOP) ≡ (a → STOP) ||| (b → STOP) Failure Sets = (<>,{}), (<>,c), (<a>, {a,c}), (<ba>,{a,b,c}) • P2 ≡ (c→a→STOP)□(b→c→STOP)\ c • Failure sets ={(<>,X| X  {b,c}} U {(<a>,X),(<b>,X)| X  {a,b,c}} • Internal actions introduce nondterminism CSP Semantics

Refusal Sets • P3 ≡ (a → STOP) Π(b → STOP) • Must accept one of {a} or {b} if both {a,b} are offered • Different from • P1 - must accept either • P2 - must accept a • P4 ≡ (c→a→STOP)□(c→b→STOP) • After <c> refuses {X|{a,b}⊈X} • Failure allows us to distinguish between internal and external choice –traces could not do this! CSP Semantics

Failure Semantics • failure(P) = {(s,X)| s∈Σ* and P/s does not accept any x∈X} • Failure Refinement:P⊑FQ (read Q failure refines P) iff • trace(Q)  trace(P) and • failure(Q)  failure(p) CSP Semantics

Divergence • p≡(mp.a→p)\{a} • Cannot observe a externally. • Diverges – i.e. looks like a t-loop • We do not care what happens after a process diverges t a S S CSP Semantics

Failure and Divergence • Add extra symbol ✔ to Σ to indicate that the process has terminated • Interpretation:✔ is emitted by the process to the environment to indicate normal termination • P ⇒s⇒ Q means process P becomes Q • Stable State: a state that does not accept t CSP Semantics

Failure and Divergence • trace(P)≡{s∈ Σ*U{✔} | ∃Q.P ⇒s⇒ Q} • trace⊥(P)≡{s: (t,X)∈F} is a prefix closed set • diveregnce(P)≡{s^t|s∈ Σ*,t∈ Σ*U{✔} ∃Q.P ⇒s⇒ Q, Q div} Extension closed sets of traces that has an infinite set of t actions • failure⊥(P)={(s,X)| s is a trace and X is set of actions that can be refused in a stable state of P} CSP Semantics

The Failures Divergence Model • ⊥ℕ=(Σ*U{✔} x ℘(ΣU{✔}), Σ*U{✔} ) • Refers to ( (s, actions: D): Failure, strings: Divergent string ) • Any non-empty subset S of ℕ has an infimum given by ⊓ S =(⋃{F|(F,D)∈S}, ⋃ {D |(F,D)∈S}) • Supremum of adirected set △ is given by ⊔S =(∩{F|(F,D)∈ △}, ∩{D |(F,D)∈ △}) • Theorem: IfΣ is finite then(ℕ, ⊑FD,⊓, ⊔) is a complete partial order CSP Semantics

Computing the FD Semantics-1 • failures⊥(STOP)={(<>,X)|XΣ*U{✔} } • divergences(STOP)={} • failures⊥(SKIP)={(<>,X)|XΣ*U{✔} } • divergences(SKIP)={} • failures⊥(a→p)={(<>,X)|a∉X} U {(<a>^s,X):a∈ failures⊥(P)} • divergences(a→p)= {(<a>^s,X):s∈divergence(P)} CSP Semantics

Computing the FD Semantics-2 • failures⊥(?x:A→p)={(<>,X)|X∩A={}} U {(<a>^s,X):a∈ failures⊥(P)} • divergences(?x:A→p)= {(<a>^s,X):s∈divergence(P[a/x])} • failures⊥(P⊓Q)=failures⊥(P) U failures⊥(Q) • divergences(P⊓Q)= divergence(P) U divergence(Q) CSP Semantics

Computing the FD Semantics-3 • divergences(P□Q) = divergence(P) U divergence(Q) • failures⊥(P□Q)= {(<>,x)| (<>,x)∈ failures⊥(P)∩failures⊥(Q)} U {(s,X): s≠<>,(s,X)∈failures⊥(P)Ufailures⊥(Q)} U {(s,X):<>∈diveregence(P)Udiveregence(Q)} U {(s,X):X XΣ, <✔> )∈trace⊥(P)U trace⊥(Q)} CSP Semantics

Computing the FD Semantics-4 • divergences(P||XQ) ={u^v|s∈ trace⊥(P), t∈trace⊥(Q), u∈(s||Xt)∩ Σ*, s∈divergence(P) or t∈divergence(Q) } • failures⊥(P||XQ)={(u,YUZ)| u∈ s||Xt Y\(XU {✔}) = Z\(XU {✔}) /\ s,t (s,Y)∈failures⊥(P), (t,Z)∈failures⊥(Q) {(u,Y)|u∈diveregence(P||XQ)} CSP Semantics

Computing the FD Semantics-5 • divergences(P\X) = {(s\X)^t| s∈divergence(P)} U {(u\X)^t| u∈Σw /\ (u\x) is finite /\ ∀s< u, s∈trace⊥(P)} • failures⊥(P\X)= {(s\X,Y)| (s,YUX)∈failures⊥(P)} U {(s,X)|s∈diveregence(P\X)} CSP Semantics

Deterministic Processes • A process is said to be deterministic if • t^<a>∈trace(P) ⇒ (t,{a})∉failure(P) • divergence(P) ={} • That is, never diverges and do not have the choice of accepting and refusing an action • Deterministic processes are the maximal elements under ⊑FD • Example: (a→STOP)□(a→a→STOP) is non-deterministic CSP Semantics

Deterministic Processes and LTS • Two nondeterministic LTS whose behavior is deterministic a a a a CSP Semantics

Abstraction - 1 • Abstraction = hide details • Example:many-to-one renaming [(a→c→STOP)□(b→d→STOP)] [[b/a]] = (a→c→STOP) □(a→d→STOP)] = a→( (c→STOP)⊓(d→STOP) ) • Eager abstraction: hiding operator • ℰH(P)=p\H – assumes that events in H pass out of sight CSP Semantics

Abstraction - 2 • Lazy abstraction: Projection of P into L • ℒH(P)= P@L= {(s\H,X)|(s,X∩L)∈ failures⊥(P)} • Example: L={l1,l2}, H={h} P ≡ (l1→P) □ (l2→h→P) □ (h→P) ℒH(P)= Q ≡ (l1→Q) □ l2→(STOP⊓Q) • Finite traces of ℒH(P) are precisely {s\H| s ∈ traces(P)} CSP Semantics

Casper • Compiler • Easy to specify protocols and security properties • E.g., Yahalom protocol • Input: 1 page protocol and security spec. • Output (CSP): 10 pages CSP Semantics

Casper • Protocol Definition: • protocol operation, including • messages between the agents, • tests performed by the agents, • types of data, • initial knowledge, • specification of the protocol’s goals, • algebraic equivalences over the types • Components: • Protocol description • Free variables • Processes • Specification CSP Semantics

Casper • System definition: actual system to be checked, including agents, their roles, actual data types, intruder’s abilities • Components: • Actual variables • Functions • System • Intruder information CSP Semantics

Protocol Description Image from M. Morgenthal CSP Semantics

Free Variables Image from M. Morgenthal CSP Semantics

Processes Image from M. Morgenthal CSP Semantics

Specification Image from M. Morgenthal CSP Semantics

System specs: Variables Image from M. Morgenthal CSP Semantics

System specs: Functions CSP Semantics Image from M. Morgenthal

System specs: The System Image from M. Morgenthal CSP Semantics

System specs: The Intruder Image from M. Morgenthal CSP Semantics

CSP Semantics

CSP Semantics

Presentation Transcript

CSP

Semantics

Semantics

CSP Technology

CSP: Examples

CSP

SEMANTICS

SEMANTICS

CSP

SEMANTICS

SEMANTICS

CSP Perspective

Semantics

Semantics

CSP

Semantics

Semantics 1: Lexical Semantics

CSP 1

Semantics

Semantics

Semantics

CSP Program