Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maude Implementation of MSR Demo Mark-Oliver Stehr Stefan Reich University of Illinois, Urbana-Champaign (Iliano Cervesato) ITT NRL

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "Maude Implementation of MSR Demo Mark-Oliver Stehr Stefan Reich University of Illinois, Urbana-Champaign (Iliano Cervesato) ITT NRL"— Presentation transcript:

1 Maude Implementation of MSR Demo Mark-Oliver Stehr Stefan Reich University of Illinois, Urbana-Champaign (Iliano Cervesato) ITT Industries @ NRL http://theory.stanford.edu/~iliano/ Protocol eXchange - UMBCSeptember 21, 2004 Customer Analyst Programmer Cast

2 MSR in Maude1/22 What the customer explained What the project manager understood What the analyst designed What the programmer delivered What the consultant defined What was documented What was installed What the client was charged How it was maintained What the client needed From http://muetze.net/links/fun/kundenprojekte-e.html

3 MSR in Maude2/22 Big Picture  MSR  Protocol specification language  Multiset rewriting  Dependent types  Existentials  Maude  Flexible specification framework  Rewriting logic  Equational reasoning  Reflection MSRMaude Protocol specs. Security goals

4 MSR in Maude3/22 Implemented Architecture MSR Maude MSR- OCC RWLDT OCC prototype This work Security Goal Simulation - Execution Analysis - Search engine - Model checker - Theorem provers Parsing Type checking DAS? Analysis

5 MSR in Maude4/22 Bestiary  MSR-  MSR (2) with some restrictions  RWLDT  Rewriting Logic with Dependent Types  Typed version of Maude  OCC  Open Calculus of Constructions  Mark-Oliver’s thesis (589 pages)  Prototype implemented in Maude

6 MSR in Maude5/22 Advantages over MSR  Maude  Separation of concerns  MSR -> RWLDT  Preserves terms and types  Maps operations  RWLDT: takes care of type checking  Maude: untyped execution  Abstraction  MSR and RWLDT have similar types and terms  Emulate MSR execution in RWLDT  Shallow encoding  Reasoning  Express verification tasks in OCC [future work]

7 MSR in Maude6/22 MSR  MSR- Small changes to simplify encoding  Work-arounds  Subtyping  Coercions  Omissions  Data Access Specification  Additions  Equations Emulated via pre-processing Future work Beta version

8 MSR in Maude7/22 Supported Operations  Parsing for MSR-  Minor limitations (currently worked on)  Type reconstruction  Rule-level missing (currently worked on)  Type checking  Simulation  Indirect via OCC (currently worked on)  search [n] (goal)  rew [n] (goal)  choose n

9 MSR in Maude8/22 Example: Otway-Rees Protocol  A, B, C, … have keys to S  A and B want to talk  Use S to get common key  Key distribution  Authentication 1. A -> B: n A B {n A n A B} KAS 2. B -> S: n A B {n A n A B} KAS {n B n A B} KBS 3. S -> B: n {n A k AB } KAS {n B k AB } KBS 4. B -> A: n {n A k AB } KAS A B C S …

10 MSR in Maude9/22  Types  Subsorting  Constructors  Predicates  Roles for  S  A, B  Principals and keys msg, princ, nonce: type. shK, stK, ltK: princ -> princ -> type. princ, nonce, stK A B <: msg. stK A B, ltK A B <: shK A B. _ _: msg -> msg -> msg. {_} _ : msg -> shK A B -> msg. S : princ. N: msg -> state.... Next slide 1. A -> B: n A B {n A n A B} KAS 2. B -> S: n A B {n A n A B} KAS {n B n A B} KBS 3. S -> B: n {n A k AB } KAS {n B k AB } KBS 4. B -> A: n {n A k AB } KAS MSR Spec.

11 MSR in Maude10/22  B:princ.  L:  B:princ. nonce * nonce * ltK B S -> state. 1. A -> B: n A B X 2. B -> S: n A B X {n B n A B} KBS 3. S -> B: n Y {n B k AB } KBS 4. B -> A: n Y  A:princ.  n:nonce.  k BS :ltK B S.  X:msg. N(n A B X)   n B :nonce. N(n A B X {n b n A B}k BS ), L(A, B, n, n B, k BS )  A:princ.  n, n B :nonce.  k BS :ltK B S.  Y:msg.  k AB :stK A B. N (n Y {n B k AB } kBS ), L(A, B, n, n B, k BS )  N (n Y) B’s Role

12 MSR in Maude11/22 Main Features of MSR  Open signatures  Multiset rewriting  Msets of F.O. formulas  Rules  (LHS   n: . RHS)  Existentials  Roles  A.  L: . r  Types  Possibly dependent  Subsorting  Type reconstruction  More  Constraints  Modules  Equations  Static checks  Type checking  Data access spec.  Execution Black = implemented Brown = work-around Red = future work

13 MSR in Maude12/22 Rewriting Logic with Dep. Types  Combination of methodologies  Conditional rewriting modulo equations   x:S. A = B if C(generalizes equational logic)   x:S. A => B if C(generalizes rewriting logic)  Dependent type theory  x:S. M :  x:S T(generalizes simple types) Fragment of Open Calculus of Constructions  Features  Open computation system  Proposition-as-types interpretation   x:S. P(x) interpreted as  x:S. P(x) –Expressive higher-order logic  Model-theoretic semantics

14 MSR in Maude13/22 Example: Commutative Monoid state: Type. empty: state. union: state -> state -> state. state_comm: || {s 1,s 2 : state} (union s 1 s 2 ) = (union s 2 s 1 ). state_assoc: || {s 1,s 2,s 3 : state} (union s 1 (union s 2 s 3 )) = (union s 1 (union s 2 s 3 )). state_id: || {s : state} (union s empty) = s.  This implements MSR’s state  s:state. … Structural equality

15 MSR in Maude14/22 Encoding Strategy  Types and terms  Homomorphic mapping  Subsorting via coercions  States  RWLDT terms  Roles  Add 1 RWLDT rewrite axiom for role instantiation  Simulate  using counters  Rules  Mapped to RWLDT rewrite axioms  Simulate  using counters Optimizations [not implemented]  Reduce non-determinism

16 MSR in Maude15/22 Representing Fresh Objects  In rules  nonce : nat -> nonce is an injection  In roles  L i : nat ->  i -> state are injections  L 1,L 2. (... (…, L 1 t ..., L 2 t’),...) nextL(c) ..., T j ( t. L 1 c t, t. L 2 (c+1) t),..., nextL(c+2) T j (L 1,L 2 ),..., L 1 t ..., L 2 t’... (…)   n,n’:nonce. (... n... n’ …) (…), next(c)  (... nonce(c)... nonce(c+1) …), next(c+2) Rule j (done using conditional rewriting)

17 MSR in Maude16/22 Representing Roles Enhancement  Force rule application upon activation  princ(A), nextL(c), lhs i  T 1 (A,Ls),..., rhs i..., T n (A,Ls), princ(A), nextL(c’)  T i (A,Ls), lhs i  rhs i  A:princ.  Ls. (lhs 1  rhs 1, …, lhs n  rhs n ) princ(A), nextL(c)  T 1 (A,Ls),..., T n (A,Ls), princ(A), nextL(c’) T 1 (A,Ls), lhs 1  rhs 1... T n (A,Ls), lhs n  rhs n

18 MSR in Maude17/22 Representing Rules  Handles x’s occurring only in rhs  Allows encoding to untyped rewrite systems  Types  must be finite and enumerated in state  Enhancement  Limit to x’s occurring only on rhs  x: . lhs  rhs  (x),..., …, lhs   (x),..., rhs

19 MSR in Maude18/22 Optimizations [not implemented]  Use single counter   A.  L. (lhs   n. rhs)  Minimal control-flow analysis  Trace uses of L’s  Do not generate unreachable rules  T’s often duplicates L’s Substantial code reduction  Could be further improved

20 MSR in Maude19/22 Trivia  Versions  Alpha (this)  Partial reconstruction  Non-integrated search (exit MSR; call OCC)  No equations  Not-so-pretty-printing  Beta (mid-October – already working, mostly)  Space and Time  3,700 lines of Maude (1,300 for testing)  6 months designing, 3 months coding  Examples  Otway-Rees  Needham-Schroeder PK  Kerberos (abstract, full, cross-realm – soon)  … more soon …

21 MSR in Maude20/22 Wanna Play?  Download  Currently alpha-release  Soon beta-release  Papers  News http://formal.cs.uiuc.edu/stehr/msr.html http://theory.stanford.edu/~iliano/MSR/

22 MSR in Maude21/22 Future Work  Short-term  Complete beta-released  Get degree (Stefan)  Medium term – language  Library of protocols  Data Access Specification  MSR 3  Embedded rules and more  Medium/long-term – Verification  Implement various methodologies  MSR as verification middleware

23 MSR in Maude22/22 Demo Time!!!

Download ppt "Maude Implementation of MSR Demo Mark-Oliver Stehr Stefan Reich University of Illinois, Urbana-Champaign (Iliano Cervesato) ITT NRL"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.
Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)

Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.
A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,

A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
MSR 3: One Year Later Iliano Cervesato ITT Industries, NRL Washington, DC Protocol eXchange.

MSR 3: One Year Later Iliano Cervesato ITT Industries, NRL Washington, DC Protocol eXchange.
MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato ITT Industries, NRL Washington,

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato ITT Industries, NRL Washington,
December 7, 2001DIMI, Universita’ di Udine, Italy Graduate Course on Computer Security Lecture 9: Automated Verification Iliano Cervesato

December 7, 2001DIMI, Universita’ di Udine, Italy Graduate Course on Computer Security Lecture 9: Automated Verification Iliano Cervesato
Fault Tree Representation of Security Requirements0.

Fault Tree Representation of Security Requirements0.
Chair of Software Engineering 1 Concurrent Object-Oriented Programming Arnaud Bailly, Bertrand Meyer and Volkan Arslan.

Chair of Software Engineering 1 Concurrent Object-Oriented Programming Arnaud Bailly, Bertrand Meyer and Volkan Arslan.
Type Inference David Walker COS 441. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.

Type Inference David Walker COS 441. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
Type Inference David Walker CS 510, Fall 2002. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs.

Type Inference David Walker CS 510, Fall Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs.

Similar presentations

Ads by Google