Symbolic Partial Model Checking for Security Analysis - Computer Network Security

Information Technology Reference

In-Depth Information

Table 2. Symbolic operational semantics, where the symmetric rules for | 1 , | 2 , \ 1

are

omitted

(! s )

(? s )

( c ! m.A ) φ true : c ! m

( c ? x.A ) φ true : c ? x

−→ s

( A ) φ

−→ s

( A ) φ∪{x}

( A 1 ) φ∪{x} M : α

−→ s ( A 1 ) φ

([ m 1 ...m n r x ] A 1 ) φ

(

D s )

N = constr( r, ( m 1 ,...,m n ) ,x )

M,N : α

−→ s

( A 1 ) φ

( | 2s ) S M : c ! m

S 1 N : c ? x

S M : α

S 1

( \ 1s ) S M : c ! m

−→ s S

−→ s

c∈ L

( | 1s )

M : α

−→ s S | S 1

S | S 1 M,N,x∈m : τ

S \ L M : c ! m

S | S 1

S \ L

S | S 1

−→ s

x ∈ D R (

{t 1 ,...,t n }

) to express that x can be deduced by applying the rules in R

{t 1 ,...,t n }

from the messages

. Such contraints on variables may be extended to

constraints on terms, i.e. we may require that F ( x )

∈ D R (

{t 1 ,...,t n }

) ,G ( z )

∈ y

and so on.

The lists of constraints on the set of possible substitutions, ranged over by

M,N,... , may be defined as follow:

M ::= C, M |

C ::= false

| t ∈ t | t ∈ D R (

true

{t 1 ,...,t n }

)

where t, t ,t 1 ,...,t n are messages (possibly open). Lists of constraints are used

to represents (possibly infinite) sets of substitutions from variables to closed

messages. Let Substs be such set of substitutions. The semantics [[ M ]] of list of

constraints M is defined as follows:

[[ ]] . = Substs,

[[ C, M ]] . = [ C ]]

[[ true ]] . = Substs,

[[ false ]] . =

∩

[[ M ]] ,

∅

[[ t ∈ t ]] . =

{σ | tσ ∈{t σ}}

))]] . =

D R (

{σ | tσ ∈D R (

[[ t ∈

(

{t 1 ,...,t n }

{t 1 σ,...,t n σ}

)

}

The symbolic semantics for Crypto-CCS is given in Table 2, where S M : α

−→ s S

means that S may evolve through an action α in S when the constrains in M

are satisfied. The function constr ( r, ( m 1 ,...,m n ) ,x ), with r . = m 1 ...m n m 0 ,

defines the list of constraints imposed by the rule r and is defined as:

m 1 ∈ m 1 ,...,m n ∈ m n ,x∈ m 0

where m i

= m i σ and σ is a renaming of the variables in the terms m i with

totally fresh ones (we omit here the technical details for the sake of clarity).

As a notation we also use S C,γ

→ s S if γ is a finite sequence of actions α i , 1

≤

is a list of constraints s.t. S = S 0 M 1 : α 1

... M n : α n

i ≤ n and C = M 1 ,...,M n

−→ s

S n = S .

2.4 Symbolic Analysis

In order to develop a decidable verification theory, we need to compute when

a list of constraints is consistent or not, i.e. there exists a substitution σ which

Computer Network Security

Search WWH ::

Custom Search

Home