CSP Semantics

1
CSP Semantics

• ISA 763
• Security Protocol Verification

We thank Professor Csilla Farkas of USC for
providing some transparencies that were used to
construct this transparency
2
References

• The Theory and Practice of Concurrency by A. W.
  Roscoe, available at web.comlab.ox.ac.uk/oucl/work
  /bill.roscoe/publications/68b.pdf
• Chapters 4 and 5 of Modeling and analysis of
  security protocols by Peter Ryan and Steve
  Schneider.
• The FDR2 User Manual available at
  http//www.fsel.com/documentation/fdr2/html/fdr2ma
  nual.htmlSEC_Top
• Formal Systems, FDR download, http//www.fsel.com/
  
• M. Morgenthal Design and Validation of Computer
  Protocols, http//wwwtcs.inf.tu-dresden.de/morgen
  /sem-ws02.html

3
CSP Semantics - 1

• Operational Semantics
• Interprets the language on an (abstract) machine
• such as the ones used in imperative languages
  using a program counter, next instruction stack
  etc.
• Denotational Semantics
• The language is translated to another abstract
  domain
• Translate the basic constructs
• Translate the combinators to constructs in the
  target domain
• Use a compositionality principle to construct the
  denotation of the whole program from translated
  parts
• Algebraic Semantics
• Translate the language into a normal from by
  rewriting all programs in that form
• Describe how to execute the program in normal form

4
CSP Semantics - 2

• Operational Semantics
• Interprets the language on an (abstract) machine
• Construct a labeled transition system (LTS)
• Denotational Semantics
• The language is translated to another abstract
  domain
• Trace semantics, Failure Divergence Semantics
• Algebraic Semantics
• Translate the language into a normal from by
  rewriting all programs in that form
• Proof rules

5
Operational Semantics

• Labeled transition system (LTS)
• Nodes state of the process
• Directed edges events
• Visible events
• Internal transitions
• Recall Trace Refinement
• S ?T T iff trace(T) ? trace(S)

6
An example LTS
Image from M. Morgenthal
7
Another LTS Example
Image from M. Morgenthal
8
Connection between LTS Examples

• An Implementation of S as
• A B where
• AB a ? b ? AB and
• AC a ? c ? AC
• where
• AA corresponds to AB AC
• BA corresponds to b? AB AC
• AC corresponds to AB (c ? AC)
• BC corresponds to b ? AB (c ? AC)

9
AA corresponds to AB AC BA corresponds to
b? AB AC AC corresponds to AB (c ?
AC) BC corresponds to b ? AB (c ? AC)
10
Traces Refinement Check
Image from M. Morgenthal
11
Trace Refinements

• An implementation refines the trace of a process
• Hence we would like an implementation to satisfy
  the specification
• Which properties?
• For his class, those trace properties used to
  specify security properties.

12
Denotational Semantics

• Recall Trace Semantics for CSP processes
• Could not reason the difference between external
  choice and internal choice
• Example consider Sa,b and
• Q1 (a?STOP) ? (b?STOP)
• Q1 (a?STOP) ? (b?STOP)
• Q3 STOP ?(a?STOP) ?(b?STOP)
• Refusal set of Q1
• Q2 can refuse a and b but not a,b
• Q3 can refuse any subset of S.

13
Refusal Sets
P1 c
P2 c
a
b
t
b
a, c
b, c
b, c
b
a
t
a
a, b, c
a, b, c
a, b, c
a, b, c
P4 c
P3 c
c
c
t
t
b, c
a, c
b, c
a, c
a
b
a
b
a, b, c
a, b, c
a, b, c
a, b, c
14
Refusal Sets

• P1 (a ? b? STOP) ? (b ? a ? STOP)
• (a ? STOP) (b ? STOP)
• Failure Sets (ltgt,), (ltgt,c),
• (ltagt, a,c), (ltbagt,a,b,c)
• P2 (c?a?STOP)?(b?c?STOP)\ c
• Failure sets (ltgt,X X ? b,c U
• (ltagt,X),(ltbgt,X) X ? a,b,c
• Internal actions introduce nondterminism

15
Refusal Sets

• P3 (a ? STOP) ? (b ? STOP)
• Must accept one of a or b if both a,b are
  offered
• Different from
• P1 - must accept either
• P2 - must accept a
• P4 (c?a?STOP)?(c?b?STOP)
• After ltcgt refuses Xa,b?X
• Failure allows us to distinguish between internal
  and external choice traces could not do this!

16
Failure Semantics

• failure(P) (s,X) s?S and P/s does not
  accept any x?X
• Failure Refinement P?FQ (read Q failure refines
  P) iff
• trace(Q) ? trace(P) and
• failure(Q) ? failure(p)

17
Divergence

• p(mp.a?p)\a
• Cannot observe a externally.
• Diverges i.e. looks like a t-loop
• We do not care what happens after a process
  diverges

t
a
S
S
18
Failure and Divergence

• Add extra symbol ? to S to indicate that the
  process has terminated
• Interpretation ? is emitted by the process to
  the environment to indicate normal termination
• P ?s? Q means process P becomes Q
• Stable State a state that does not accept t

19
Failure and Divergence

• trace(P)s? SU? ?Q.P ?s? Q
• trace?(P)s (t,X)?F is a prefix closed set
• diveregnce(P)sts? S,t? SU?
• ?Q.P ?s? Q, Q div
• Extension closed sets of traces that has an
  infinite set of t actions
• failure?(P)(s,X) s is a trace and X is set of
  actions that can be refused in a stable state of
  P

20
The Failures Divergence Model

• ?N(SU? x P(SU?), SU? )
• Refers to ( (s, actions D) Failure,
• strings Divergent string )
• Any non-empty subset S of N has an infimum given
  by
• ? S (?F(F,D)?S, ? D (F,D)?S)
• Supremum of a directed set ? is given by
• ?S (nF(F,D)? ?, nD (F,D)? ?)
• Theorem If S is finite then (N, ?FD, ?, ?) is a
  complete partial order

21
Computing the FD Semantics-1

• failures?(STOP)(ltgt,X)X?SU?
• divergences(STOP)
• failures?(SKIP)(ltgt,X)X?SU?
• divergences(SKIP)
• failures?(a?p)(ltgt,X)a?X U
• (ltagts,X)a? failures?(P)
• divergences(a?p) (ltagts,X)s?divergence(P)

22
Computing the FD Semantics-2

• failures?(?xA?p)(ltgt,X)XnA U
• (ltagts,X)a? failures?(P)
• divergences(?xA?p) (ltagts,X)s?divergence(Pa/x
  )
• failures?(P?Q)failures?(P) U failures?(Q)
• divergences(P?Q)
• divergence(P) U divergence(Q)

23
Computing the FD Semantics-3

• divergences(P?Q)
• divergence(P) U divergence(Q)
• failures?(P?Q)
• (ltgt,x) (ltgt,x)? failures?(P)nfailures?(Q)
• U (s,X) s?ltgt,(s,X)?failures?(P)Ufailures?(Q)
• U (s,X)ltgt?diveregence(P)Udiveregence(Q)
• U (s,X)X X?S, lt?gt )?trace?(P)U trace?(Q)

24
Computing the FD Semantics-4

• divergences(PXQ) uv?s? trace?(P),
  ?t?trace?(Q), u?(sXt)n S,
• s?divergence(P) or t?divergence(Q)
• failures?(PXQ)(u,YUZ) u? sXt
• Y\(XU ?) Z\(XU ?) /\
• ?s,t (s,Y)?failures?(P), (t,Z)?failures?(Q)
• (u,Y)u?diveregence(PXQ)

25
Computing the FD Semantics-5

• divergences(P\X)
• (s\X)t s?divergence(P) U
• (u\X)t u?Sw /\ (u\x) is finite /\
• ?slt u, s?trace?(P)
• failures?(P\X)
• (s\X,Y) (s,YUX)?failures?(P) U
• (s,X)s?diveregence(P\X)

26
Deterministic Processes

• A process is said to be deterministic if
• tltagt?trace(P) ? (t,a)?failure(P)
• divergence(P)
• That is, never diverges and do not have the
  choice of accepting and refusing an action
• Deterministic processes are the maximal elements
  under ?FD
• Example (a?STOP)?(a?a?STOP) is non-deterministic

27
Deterministic Processes and LTS
a
a
a
a

• Two nondeterministic LTS whose behavior is
  deterministic

28
Abstraction - 1

• Abstraction hide details
• Example many-to-one renaming
• (a?c?STOP)?(b?d?STOP) b/a
• (a?c?STOP) ?(a?d?STOP)
• a?( (c?STOP)?(d?STOP) )
• Eager abstraction hiding operator
• EH(P)p\H assumes that events in H pass out of
  sight

29
Abstraction - 2

• Lazy abstraction Projection of P into L
• LH(P) P_at_L
• (s\H,X)(s,XnL)? failures?(P)
• Example Ll1,l2, Hh
• P (l1?P) ? (l2?h?P) ? (h?P)
• LH(P) Q (l1?Q) ? l2?(STOP?Q)
• Finite traces of LH(P) are precisely s\H s ?
  traces(P)

30
Casper

• Compiler
• Easy to specify protocols and security properties
• E.g., Yahalom protocol
• Input 1 page protocol and security spec.
• Output (CSP) 10 pages

31
Casper

• Protocol Definition
• protocol operation, including
• messages between the agents,
• tests performed by the agents,
• types of data,
• initial knowledge,
• specification of the protocols goals,
• algebraic equivalences over the types
• Components
• Protocol description
• Free variables
• Processes
• Specification

32
Casper

• System definition actual system to be checked,
  including agents, their roles, actual data types,
  intruders abilities
• Components
• Actual variables
• Functions
• System
• Intruder information

33
Protocol Description
Image from M. Morgenthal
34
Free Variables
Image from M. Morgenthal
35
Processes
Image from M. Morgenthal
36
Specification
Image from M. Morgenthal
37
System specs Variables
Image from M. Morgenthal
38
System specs Functions
Image from M. Morgenthal
39
System specs The System
Image from M. Morgenthal
40
System specs The Intruder
Image from M. Morgenthal