Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSC-8022 SOURCE:TSACC TITLE:Formal Methods for Quality of Standards, Conformity Assessment and Security AGENDA ITEM:GTSC-1 8.1 Formal Methods for Quality.

Published byAubrie McGee Modified over 8 years ago

Similar presentations

Presentation on theme: "GSC-8022 SOURCE:TSACC TITLE:Formal Methods for Quality of Standards, Conformity Assessment and Security AGENDA ITEM:GTSC-1 8.1 Formal Methods for Quality."— Presentation transcript:

1 GSC-8022 SOURCE:TSACC TITLE:Formal Methods for Quality of Standards, Conformity Assessment and Security AGENDA ITEM:GTSC-1 8.1 Formal Methods for Quality of Standards, Conformity Assessment and Security O. Monkewich, Ph.D., P.Eng. OMC International Phone:+1 613 836-4406 Fax:+1 613 836-5430 E-mail:os.monkewich@sympatico.ca

2 17 October 2015GSC-8, OTTAWASlide 2 Formal Methods and Security Error-free, unambiguous standards specified using SDL, MSC, ASN.1 and TTCN with formal syntax and semantics Tools based on formal syntax and semantics are certifiable as trusted tools by accredited organizations Machine-generated, tool-specific source code is difficult to understand or modify by attackers Source descriptions in SDL are easy to review by non- programmers – benefit from “many eyes” reviews Conformity assessment can find malicious content and vulnerabilities – test suites can be widely available Manual work offloaded to trusted tools.

3 17 October 2015GSC-8, OTTAWASlide 3 Understandability of open source code Figure 1 – (a) Illustrates an SDL process which adds two numbers, a and b, and return their sum. (b) is the corresponding hand-written code in the C programming language. The examples illustrate language readability characteristics from the point of view of the non-programmer. #include void main() { int x, y, sum; int calc(int, int); puts("\nPlease enter two integers:\n"); scanf("%d", &x); scanf("%d", &y); sum = calc(x,y); printf("\nThe sum of the two numbers you entered is: %d", sum); } int calc(m,n) int m, n; { int s; s = m + n; return (s); } number1, number2 DCL a,b,sum Integer; WaitForNumber1 number1(a) WaitForNumber2 number2(b) sum := CALL Add(a, b) result(sum) sum Add sum := a + b sum (a)(b)

4 17 October 2015GSC-8, OTTAWASlide 4 A common vulnerability can be detected with conformance testing (a) ANY WEB SITE VICTIMATTACKER SYN/ACK RESET SYN 10.1.1.30 10.1.1.20 10.1.1.10 Figure 2 – A common attack method using TCP/IP SYN packets to transfer a covert program one ASCII character at a time. Figure 2 (a) shows how packets can be bounced off any Web site to make detection of the attacker more difficult; Figure 2 (b) represents the TCP packet format showing the Sequence Number field. (b)

5 17 October 2015GSC-8, OTTAWASlide 5 TCP Packet Sequence Number Conformance Test in TTCN Figure 3 - a test case in TTCN derived from SDL to test the value of the Sequence Number field in the TCP SYN packet.

6 17 October 2015GSC-8, OTTAWASlide 6 TCP Packet in ASN.1 and Constraint Figure 4 - ASN.1 representation of the TCP packet named TCP_SYN and the corresponding TCP_SYN1 with the field values filled in.

7 17 October 2015GSC-8, OTTAWASlide 7 Buffer Overflow Figure 5 – The normal program memory stack with two buffers intended to accept user input, such as credit card number, can be overwritten with attacker’s code. For attacker’s code to work, the attacker must know and understand the victim’s code. This is difficult for the attacker to achieve due to the nature of machine-generated code and the need for special tools to change the code. Formalisms that define language syntax and semantics makes it possible to prove the correctness of the language typing rules so that no data can flow into places not capable of holding it. Buffer 2 Buffer 1 Return Pointer............ Buffer 2 Attacker’s Machine Code New Return Pointer............ Fill Direction Memory Pointer (a)(b)

8 17 October 2015GSC-8, OTTAWASlide 8 ASN.1 code portability and Trusted Tools What is placed on the wire to transmit “John Smith”? Inside the protocol, define the variable type “Name” in ASN.1: Name := SEQUENCE { FirstName PrintableString, LastName PritnableString } Assign values to the variables FirstName and LastName: FirstName := ‘John’ LastName := ‘Smith’ The variable “Name” encoded as BER sequence in Hex: 00101000 00010101 00010011 00000100 01001010… 0000110 0000101… J o … S m Converted into a binary stream of zeros and ones: (Seq_Class) (No_Bytes) (Printable_Str) (No_bytes) (John) (Printable_Str) (No_bytes) (Smith) 28 15 13 04 4A 6F 68 6E 13 05 53 6D 69 74 68 Figure 6 – Using ASN.1 and Basic Encoding Rules (BER) to encode “John Smith” for transmission. This is done using trusted tools – no errors due to manual coding.

9 17 October 2015GSC-8, OTTAWASlide 9 RFC Data Format This non-standard data format is dominant in the Internet literature today. It is changed in arbitrary ways by authors, usually to fit the page. This format cannot be compiled or validated. ASN.1 can be compiled and validated. Figure 7 – The tabular form of specifying packet structure and content is dominant in the literature today, but, machines cannot understand it.

10 17 October 2015GSC-8, OTTAWASlide 10 Conclusions Several aspects of network security can be improved through the use of –Higher quality protocol and test suite Recommendations specified in SDL, ASN.1, MSC and TTCN –Trusted tools based on SDL, ASN.1, MSC and TTCN for specification, validation, code generation and testing –Machine-generated code is error-free and difficult to modify by intruder –Conformance tests traceable to specification can detect malicious code

11 17 October 2015GSC-8, OTTAWASlide 11 Resolution That ITU-T Study Groups will apply Recommendation A.3 Supplement 1, Guidelines on the Quality Aspects of Protocol Related Recommendations, when developing new protocol related recommendations That ITU-T TSB will provide technical support and tools for the development and maintenance of complex Recommendations That companies that participate in GSC member organizations will make use of commercial tools based on formal methods in their reviews of draft Recommendations That companies that participate in GSC member organizations will promote the use of formal languages and tools in IETF

Download ppt "GSC-8022 SOURCE:TSACC TITLE:Formal Methods for Quality of Standards, Conformity Assessment and Security AGENDA ITEM:GTSC-1 8.1 Formal Methods for Quality."

Similar presentations

C++ Introduction.

C++ Introduction.
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Software & Services Group, Developer Products Division Copyright© 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.

Software & Services Group, Developer Products Division Copyright© 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.
IT253: Computer Organization Lecture 6: Assembly Language and MIPS: Programming Tonga Institute of Higher Education.

IT253: Computer Organization Lecture 6: Assembly Language and MIPS: Programming Tonga Institute of Higher Education.
 2005 Pearson Education, Inc. All rights reserved. 1 1 1 Introduction.

 2005 Pearson Education, Inc. All rights reserved Introduction.
Tam Vu (tvu@mail.eecis.udel.edu) Remote Procedure Call CISC 879 – Spring 03 Tam Vu (tvu@mail.eecis.udel.edu) March 06, 03.

Tam Vu Remote Procedure Call CISC 879 – Spring 03 Tam Vu March 06, 03.
CS 355 – Programming Languages

CS 355 – Programming Languages
Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.

Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
1 Static Testing: defect prevention SIM3302. 2 objectives Able to list various type of structured group examinations (manual checking) Able to statically.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
1 ICS103 Programming in C Lecture 3: Introduction to C (2)

1 ICS103 Programming in C Lecture 3: Introduction to C (2)
Chapter3: Language Translation issues

Chapter3: Language Translation issues
Three types of computer languages

Three types of computer languages
CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
EE 4272Spring, 2003 EE4272: Computer Networks Instructor: Tricia Chigan Dept.: Elec. & Comp. Eng. Spring, 2003.

EE 4272Spring, 2003 EE4272: Computer Networks Instructor: Tricia Chigan Dept.: Elec. & Comp. Eng. Spring, 2003.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Systems Engineering Project: System Validation and Verification Using SDL Ron Henry ENSE 623 November 30, 2004.

Systems Engineering Project: System Validation and Verification Using SDL Ron Henry ENSE 623 November 30, 2004.
Testing a program Remove syntax and link errors: Look at compiler comments where errors occurred and check program around these lines Run time errors:

Testing a program Remove syntax and link errors: Look at compiler comments where errors occurred and check program around these lines Run time errors:

Similar presentations

Ads by Google