Presentation is loading. Please wait.

Presentation is loading. Please wait.

Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial."— Presentation transcript:

1 Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial College Birmingham University

2 What can be detected about policy A 0 ? probe observe Infer? e.g. SecPAL, DKAL, Binder, RT,...

3 A simple probing attack No: A 0 ∪ A ⊬ q Yes: A 0 ∪ A ⊢ q SvcAlice Svc says secretAg(Bob)! Alice can detect “Svc says secretAg(Bob)”! A = {Alice says foo if secretAg(Bob)} q = access? Alice says 1 A = {Alice says foo if secretAg(Bob), Alice says Svc cansay secretAg(Bob) } q = access? Svc says secrAg(B)  Alice says secrAg(B) 2 [Gurevich et al., CSF 2008] (There’s also an attack on DKAL2, to appear in: “Information Flow in Trust Management Systems”, Journal of Computer Security.)

4 Challenges 1.What does “attack”, “detect”, etc. mean?* 2.What can the attacker (not) detect? 3.How do we automate? *Based on “Information Flow in Credential Systems”, Moritz Y. Becker, CSF 2010

5

6 probe

7 Available probes

8 Yes, No, Yes, Yes,...!

9 p p p p p p!

10 Yes, No, Yes, Yes,...! p p p p p  p?? 

11 No! Svc says secretAg(B) is detectable in A 0 ! ({A says foo if secrAg(B)}, acc) ({A says Src cansay secAg(B), A says fooif secretAg(B)}, acc) Yes! secretAg(B) Available probes secretAg(B)!

12 Challenges 1.What does “attack”, “detect”, etc. mean? 2.What can the attacker (not) detect?* 3.How do we automate? *Based on “Opacity Analysis in Trust Management Systems”, Moritz Y. Becker and Masoud Koleini (U Birmingham), ISC2011

13

14 Example 1   

15 Example 2    

16 Challenges 1.What does “attack”, “detect”, etc. mean? 2.What can the attacker (not) detect? 3.How do we automate?

17 How do we automate? Previous approach: Build a policy in which the sought fact is opaque. Approach described here: Search for proof to show that a property is detectable.

18 Reasoning framework Policies/credentials, and their properties are mathematical objects Better still, are terms in a logic (object-level) Probes are just a subset of the theorems in the logic. Semantic constraints: Datalog entailment, hypothethical reasoning.

19 Policies Empty policy Fact Rule Policy union

20 Properties “phi holds if gamma”

21 Example 1

22 Example 2

23 Calculus + PL + ML + Hy

24 Reduced calculus (modulo normalisation)

25 Axioms C1 and C2

26 Props 8 and 9

27 Normal form

28 Naïve propositionalisation Normalise the formula Apply Prop9 (until fixpoint) Instantiate C1, C2 and Prop8 for each box-formula Abstract the boxes

29 Improvements Prop9 is very productive – in many cases this can be avoided – so it could be delayed. Axiom C1 can be used as a filter.

30 Summary 1.What does “attack”, “protect”, etc. mean? –Observational equivalence, opacity and detectability 2.What can the attacker (not) infer? –Algorithm for deciding opacity in Datalog policies –Tool with optimizations 3.How do we automate? –Encode as SAT problem

Download ppt "Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial."

Similar presentations

Techniques for Proving the Completeness of a Proof System Hongseok Yang Seoul National University Cristiano Calcagno Imperial College.

Techniques for Proving the Completeness of a Proof System Hongseok Yang Seoul National University Cristiano Calcagno Imperial College.
Lecture 11: Datalog Tuesday, February 6, 2001. Outline Datalog syntax Examples Semantics: –Minimal model –Least fixpoint –They are equivalent Naive evaluation.

Lecture 11: Datalog Tuesday, February 6, Outline Datalog syntax Examples Semantics: –Minimal model –Least fixpoint –They are equivalent Naive evaluation.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.

Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.

UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
1 Logic Logic in general is a subfield of philosophy and its development is credited to ancient Greeks. Symbolic or mathematical logic is used in AI. In.

1 Logic Logic in general is a subfield of philosophy and its development is credited to ancient Greeks. Symbolic or mathematical logic is used in AI. In.
Logic CPSC 386 Artificial Intelligence Ellen Walker Hiram College.

Logic CPSC 386 Artificial Intelligence Ellen Walker Hiram College.
A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)
Artificial Intelligence Chapter 14. Resolution in the Propositional Calculus Artificial Intelligence Chapter 14. Resolution in the Propositional Calculus.

Artificial Intelligence Chapter 14. Resolution in the Propositional Calculus Artificial Intelligence Chapter 14. Resolution in the Propositional Calculus.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Language Specfication and Implementation - PART II: Semantics of Procedural Programming Languages Lee McCluskey Department of Computing and Mathematical.

Language Specfication and Implementation - PART II: Semantics of Procedural Programming Languages Lee McCluskey Department of Computing and Mathematical.
Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.
Trust Management II Anupam Datta Fall 2007-08 18739A: Foundations of Security and Privacy.

Trust Management II Anupam Datta Fall A: Foundations of Security and Privacy.
1 CMSC424, Spring 2005 CMSC424: Database Design Lecture 9.

1 CMSC424, Spring 2005 CMSC424: Database Design Lecture 9.
Dr. Alexandra I. Cristea CS 319: Theory of Databases: C3.

Dr. Alexandra I. Cristea CS 319: Theory of Databases: C3.
Artificial Intelligence Chapter 14 Resolution in the Propositional Calculus Artificial Intelligence Chapter 14 Resolution in the Propositional Calculus.

Artificial Intelligence Chapter 14 Resolution in the Propositional Calculus Artificial Intelligence Chapter 14 Resolution in the Propositional Calculus.
Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.

Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.
SAT Solver Math Foundations of Computer Science. 2 Boolean Expressions  A Boolean expression is a Boolean function  Any Boolean function can be written.

SAT Solver Math Foundations of Computer Science. 2 Boolean Expressions  A Boolean expression is a Boolean function  Any Boolean function can be written.
Propositional Logic Reasoning correctly computationally Chapter 7 or 8.

Propositional Logic Reasoning correctly computationally Chapter 7 or 8.

Similar presentations

Ads by Google