Semantic Consistency in Information Exchange

1
Semantic Consistency in Information Exchange
Pleiades Project

• Dwork, Kannan, Lee, Lincoln, Mitchell, Rubinfeld,
  Scedrov
• Cervesato, Ergun, Stern

2
Background

• Project Organization
• Target Applications
• Basic Techniques
• Heterogenous approach
• Modular systems
• Next four
  slides ?

3
MURI Multidisciplinary Project
Cornell
Stanford
Penn
SRI
IBM

• Pleiades Constellation of 7 members
• Logic and languages Algorithms and
  complexity
• Model checking and real-time systems

4
Monitor computation, Check new code on the fly
5
Consistency of Modular Systems
Network Update

• Heterogeneous approach
• Formal proof
• Model checking
• On-line check/correct
• Update from network
• Specify requirements
• Guarantee acceptable risk

6
Technical threads

• Specification and static code analysis
• Temporal specifications, other logics
• Type systems, linear and modal concepts
• Run-time system monitoring
• Numeric functions
• Real-time, security properties
• Mobile code
• Java bytecode studies (static, dynamic check)
• Protocol and security analysis

7
Gravitational Attraction
Project trend
Year 1
Year 2
Year 3
8
Progress

• Converging toward coherent project
• Two joint problems
• Experimental study of run-time monitoring
• Analysis of probabilistic protocols
• Moving toward standard architecture
• Investigation of application scenarios
• Advances in specific areas
• Report by technical area, not sub-team

9
Collaborative Projects

• Compositional Run-time Monitoring
• Can function checkers and correctors be applied
  to system modules?
• Experiment division errors in exp calculation
• Probability/Bandwidth Tradeoff
• PCC transmit code with assurance proof
• Can we reduce bandwidth requirements using
  probabilistic proof-game protocols?

10
Tool and Instrumentation Architecture
Design
Model-check
System Decomposition
Requirement
Thm Prover
Abstraction
I mplement
Implementation Code
Enforcement Policy
Compile
Execute
Running System
Run-time Monitor
Filter
Compiler balances static, dynamic checking
11
Outline of Presentations

• Statics and logical techniques
• Two talks
• plus demo
• Dynamic montoring and checking
• Two talks
• plus demo
• Environment modeling and threats
• Two talks
• plus demo
• Presentation by topic instead of subcontract

Linear logic for real time Abstraction for model
checking Compositional checking demo
Spot checking algorithms Run-time
monitoring Monitoring Java demo
Probabilistic protocols Probabilistic threat
models Finite-state security analysis
12
Explore External Connections

• MAV work at NRL
• Teleconference and exchange of slides
• Good exercise partial fit
• Command and control systems
• Visit to PRC, Philadelphia
• Too few system requirements?
• Java security environment
• Lora Kassab, NRL
• Close match ...

13
Architecture for static/dynamic assurance
Design
Model-check
System Decomposition
Requirement
Thm Prove
I mplement
Implementation
Enforcement Policy
Execute
Running System
Monitor
14
Statics

• Real-time
• Abstraction for Monitoring and Checking
• Demo

15
Probabilistic Protocols
16
General framework under study
17
Trichotomy

• Systems are designed and implemented
• Analyze specification, design, and actual code
• Software determines operation of system
• Monitor run-time behavior
• Systems operate in some environment
• Model threats posed by hostile environment

18
Three basic scientific areas

• System design and analysis (before execution)
• Specification languages and system design
• Logical methods for program analysis
• Monitor and check run-time behavior
• Program environment and threat models

19
Help from our sponsor

• Diana Gordon's slide format
• Title slide
• Scientific objectives
• Assumptions
• Prior related research
• New results
• Future work
• MAV scenario