Elements of Security

1
Elements of Security

• Presented By
• Raquel Whittlesey-Harris
• 12/04/02

2
Contents

• Introduction
• Definitions
• Security Against an Adversary
• Example
• Theorems
• References

3
Introduction

• Stabilization Theory was introduced by Edsger
  Dijkstra in 1974
• Two building blocks of stabilization theory was
  introduced in 1991, by Anish Arora and Mohamed
  Gouda
• The two elements can adequately explain
  fault-tolerant computing
• Closure
• Convergence

4
Introduction

• The third element, protection, is introduced here
• The three adequately explain system security

5
Definitions

• Computing System, Consist of
• Nonempty set of variables with values from
  predefined domains, and
• Nonempty set of actions that can be executed to
  update the values of the variables
• ltguardgt ? ltstatementgt
• ltguardgt is a Boolean expression over the system
  variables
• ltstatementgt is a sequence of assignment
  statements over the system variables

6
Definitions

• State of system S
• Triple (p,c,p) where,
• States of S, p (tail state) and p (head state)
• c guard is true at state p
• Computation of system S
• An infinite sequence of transitions of S where
  the following hold,
• Order head state of each transition is the same
  as the tail state of the next transition
  in the sequence

7
Definitions

• Fairness if a sequence has a transition where
  action c of system S is enabled at p, then c is
  executed or the sequence has a later transition
  where c is executed or where c is not enabled at
  p
• The starting state of the computation,
• Is the tail state, p, of the 1st transition in a
  computation
• A computation is said to reach state p if a
  transition has a state, p, as the tail or head
  state of that transition

8
Definitions

• State Predicate of System S
• A function that has a Boolean value at each state
  of S
• P is a state predicate of system S
• A state is called a P-state iff the value of P is
  true at that state
• P is closed in S iff for each transition (p,c,p)
  of S, if p is a P-state, then p is a P-state
• P and Q are two state predicates of system S
• P implies Q, P ? Q, iff for every state p
  of S, if p is a P-state, then p is a Q-state

9
Definitions

• V is a subset of variables of a system S and P
  and Q are state predicates of S
• S is called V-safe from P to Q iff the following
  conditions hold,
• Closure P and Q are closed in S and Q ? P in S
• Convergence Every computation of S that starts
  at a P-state reaches a Q-state every computation
  that starts at an illegitimate state eventually
  reaches a legitimate state

10
Definitions

• Protection No variable in V is written in any
  transition (p,c,p) of S where p is a P-state but
  no a Q-state no transition of S that starts at
  an illegitimate stat can affect the critical
  variables in V
• P identifies all reachable states of S that can
  be reached under any interleaving of system
  execution and adversary interference
• Q identifies all legitimate states of system S
  that can be reached under system execution only

11
Security Against an Adversary

• An Adversary, D, of system is a set of actions of
  the form
• ltguardgt ? ltstatementgt
• Transition of D is a triple (p,d,p) where,
• p and p are states of S,
• d is an action of D,
• guard of D is true at p

12
Security Against an Adversary

• Execution of d when S is in p yields S in p
• P is a state predicate of S and D is an adversary
  of S
• P is closed in D iff for each transition (p,d,p)
  of D, if p is a P-state, then p is a P-state

13
Security Against an Adversary

• V is a subset of variables of S and P and Q are
  state predicates of S
• System P is called V-secure from P to Q against D
  iff the following hold,
• Safety S is V-safe from P to Q
• Adversary Closure P is closed in D
• Adversary will maintain the system within the
  reachable states
• Adversary cannot corrupt the critical variables
  in V

14
Security Against an Adversary

• Adversary Protection No variable in V is written
  in any transition (p,d,p) of D where p is a
  P-state
• If S is V-secure from P to Q against D, then all
  computations, C, that start at a Q-state and
  consist of an infinite of S transitions and a
  finite of D transitions, satisfies,
• Computation C has an infinite suffix whose
  transitions are all S transitions and whose
  states are all Q-states

15
Security Against an Adversary

• Every transition in C that updates the variables
  in V is an S transition whose tail and head
  states are Q-states

16
Example

• Secure Data xfer
• System S
• Sender process sends a continuous stream of data
  items to a receiver process via three shared
  variables that are written by the sender and read
  by the receiver
• Shared var seq, data, chk integer
• seq contains the sequence number of the current
  data item
• data contains the current data item

17
Example

• chk contains an integrity check for the current
  values of seq and data
• chk H.(ssseqdata) a secure hash function
  applied to the concatenation of a secret value ss
  and the current values of seq and data
• ss is known to only the sender and receiver
• Sender has the following variables
• local var sent array integer of integer,
• x integer
• sent is an infinite array containing all of the
  data items to be sent by the sender
• x is an index of sent

18
Example

• Sender contains action,
• true ? seq x data sentseq
• chk H.(ssseqdata) x x1
• Receiver contains the following local variables,
• local var rcvd arrayinteger of integer,
• y, z integer
• rcvd is an infinite array containing all data
  items received by the receiver
• z is an index of array rcvd
• y contains the sequence of the last data item
  received by the receiver

19
Example

• Receiver has one action,
• true ? if seq gt y ?H.(ssseqdata) chk ?
• y,rcvdz, z seq, data, z1
• seq ? y ?H.(ssseqdata) ?chk ?
• skip
• fi
• Set V of critical variables is,
• V rcvd, z

20
Example

• P and Q are state predicates,
• P defines the set of reachable states
• Q defines the set of legitimate states

21
Example

• S is V-safe from P to Q can be shown by showing
  that the 3 conditions hold
• P Q are closed in S Q ? P in S closure
• Sender action is continuously enabled any
  execution of this action starting from a P-state
  leads S to a Q-state convergence

22
Example

• Neither variable in V is updated in any S
  transition that starts at a (P ? not Q)-state
  protection
• Adversary D has one action,
• Q ? seq any value in the range 0..x-1 data
  
• sentseq
• chk H.(ssseqdata) x x1
• D attacks S only when S is at a Q-state
• By replaying old messages
• Closure and protection hold
• S is V-secure from P to Q against D

23
Theorems

• Base Theorem
• If P is closed in S,
• Then S is V-secure from P to P against E
• Union Theorem
• if S is V-secure from P to Q against D and
• S is V-secure from P to Q against D,
• then S is (V?V)-secure from P to Q against D

24
Theorems

• Adversary Union Theorem
• If S is V-secure from P to Q against D and
• S is V-secure from P to Q against D
• then S is V-Secure from P to Q against (D?D)
• Junctivity Theorem
• If S is V-secure from Q to P against D and
• S is V-secure from Q to P against D,
• then S is V-secure from Q ? Q to P ? P against
  D, and
• S is V-secure from Q ? Q to P ? P against D

25
Theorems

• Transitivity Theorem
• If S is V-secure from P to Q against D and
• S is V-secure from Q to R against D,
• Then S is V-secure from P to R against D

26
Theorems

• Weakening Theorem
• If S is V-secure from P to Q against D,
• V is a subset of V,
• P is closed and P ? P in S,
• Q is closed and Q ? Q and Q ? P in S, and
• D is a subset of D and P is closed in D,
• Then S is V-secure from P to Q against D

27
Theorems

• Proof of the weakening theorem
• From the antecedent of the weakening theorem, the
  
• following 5 assertions hold
• S is V-secure from P to Q against D
• V is a subset of V
• P is closed and P ? P in S
• Q is closed and Q ? Q Q ? P in S
• D is a subset of D and P is closed in D
• From (1), the following five assertions hold
• S, P, Q satisfy the closure condition
• S, P, Q satisfy the convergence condition
• S, P, Q, V satisfy the protection condition
• D P satisfy the adversary closure condition
• D, P, V satisfy the adversary protection
  condition

28
Theorems

• From assertions (2) through (9), the following
  are concluded
• From (3), (4), (6), S, P, Q satisfy the
  closure condition
• From (3), (4), and (6), S, P, Q satisfy the
  convergence condition
• From (2), (3),(4), and (8), S, P, Q, V
  satisfy the protection condition
• From (5), D P satisfy the adversary closure
  condition
• From (2), (3), (5), (10), D, P, V satisfy
  the adversary protection condition
• From assertions (11) through (15), it is
  concluded that S is V-secure from P to Q
  against D

29
References

• M. G. Gouda, Elements of Security Closure,
  convergence, and protection, Information
  Processing Letters 77 (2001) 109-114.