UCDavis SecLab - PowerPoint PPT Presentation

About This Presentation
Title:

UCDavis SecLab

Description:

Issues in the Verification of Systems Tao Song, Jim Alves-Foss, Karl Levitt Computer Security Lab Computer Science Department University of California, Davis – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 27
Provided by: tso50
Category:

less

Transcript and Presenter's Notes

Title: UCDavis SecLab


1
Issues in the Verification of Systems
  • Tao Song, Jim Alves-Foss, Karl Levitt
  • Computer Security Lab
  • Computer Science Department
  • University of California, Davis

2
Index
  • Background of verification
  • Security of systems
  • Verification of systems

3
Background of verification
  • What is verification?
  • Existing artifact
  • Formalization
  • Mathematical proof

4
Background of verification
  • Usage of verification
  • Hardware verification
  • e.g. ACL2 lt-gt AMD K5 chipset
  • Protocol verification
  • e.g. SMV lt-gt Security protocol
  • System verification
  • e.g. ACL lt-gt Kit

5
Background of verification
  • Why verification?
  • Complexity of today's systems
  • Increasing error costs
  • Commonality in reasoning frameworks.

6
Background of verification
  • Formal methods in verification
  • Theorem Prover
  • e.g. HOL, PVS, Coq, and ACL2 etc
  • Model Checking
  • e.g. COSPAN, SPIN, Mocha and SMV etc

7
Security of systems
  • Basic Concepts of security
  • Security policy and mechanism
  • Specifications
  • e.g. specification of program finger
  • Assumptions

8
Security of systems
  • Example Specification of the program ftpd
  • SPEC in.ftpd (lt?, ?, in.ftpd, ?, OPS1gt)
  • SE ltproggt
  • ltproggt -gt ltvalidopgt
  • ltvalidopgt
  • -gt (OPEN_RD, WorldReadable(F.mode))
  • (OPEN_RD, CreatedByProc(P.pid, F))
  • (OPEN_RD, F.ouid S.uid)
  • (OPEN_WR, CreatedByProc(P.pid, F))
  • (OPEN_WR, F.path "/var/log/wtmp")
  • (CHMOD, CreatedByProc(P.pid, F))
  • (CHOWN, CreatedByProc(P.pid, F))
  • (EXEC, path "/bin/tar" path
    "/bin/compress"
  • path "/bin/ls" path "/bin/gzip")

9
Security of systems
Hierarchical model of system
Security Policy
System
Programs and Network Protocols
Specifications for Programs and Protocols
Valid Operations of Specifications
System Calls
10
Security of systems
  • Important issues of systems
  • Access control
  • Access triple (uid, pid, fid)
  • Setuid programs
  • e.g. Passwd, ftpd, sendmail, etc.
  • System calls
  • Important system calls open, chown, execve,
    symlink, chmod, fork, etc.

11
Security of systems
  • Hard issues in building model of security of
    systems
  • Define the security policy
  • Describe behaviors of systems
  • Classify objects of systems
  • Prove security

12
System verification
  • An idea of the system verification
  • Use specification to monitor systems
  • Formalize behaviors of systems according to
    specifications
  • Formalize security policy and assumptions
  • Formal proof of security

13
System verification
  • Approach of the system
  • Using specification to monitor the behavior of
    privileged programs
  • Using ACL2 to formalize and prove security
    features of systems

14
System verification
  • Specification model

System-wide Top Level
System Services
Host Programs and Network Protocols
Applications
15
System verification
  • Specification for ARP (Address Resolution
    Protocol)

ARP Request
i
reply_wait
cached
ARP Request
ARP Response
ARP cache timeout
16
Other Protocol Specifications
  • Domain Name System (DNS)
  • Network File System (NFS)
  • Distributed Host Configuration Protocol (DHCP)
  • TCP
  • FTP
  • RIP routing protocol
  • OSPF routing protocol

17
System verification
  • Requirement of verification
  • Formal statements of security policy
  • Formal statements of specifications of privileged
    programs and protocols
  • Formal statements of assumptions

18
System verification
  • Formal statements of security policy
  • (defun policy()
  • ( and policy_read(pid, fid)
  • policy_write(pid,fid)
  • policy_create(pid,fid)
  • policy_exec(pid, fid)
  • )
  • )

19
System verification
  • Formal statements of security policy
  • (defun policy_read( pid, fid)
  • ( or IsRoot(pid) userid of process is
    root
  • Readable(pid, fid) the file is
    readable
  • WorldReadable(fid)
  • )
  • )

20
System verification
  • Formal statements of specifications
  • (defun spec()
  • ( and spec_standard(pid, fid)
  • standard specification of
    programs
  • spec_passwd(pid, fid)
  • specification of the program
    passwd
  • spec_ARP()
  • specification of the ARP protocol
  • ) )

21
System verification
  • Formal statements of specifications
  • (defun spec_chage(pid, fid)
  • ( and WorldReadable(fid)
  • WriteInPath(fid,
    /var/spool/at/.SEQ)
  • CreatedByProc(chmod,pid,fid)
  • )
  • )

22
System verification
  • Formal statements of assumptions
  • (defun assumption()
  • ( and assum_sys_1()
  • assum_sys_2()
  • assum_verify_1()
  • assum_verify_2()
  • ))

23
System verification
  • An example of assumptions
  • (defun assum_sys_n( pid )
  • ( imply ( pid.setuid 0)
  • true
  • )
  • )

24
System verification
  • Prototype of verification
  • (defthm verify()
  • ( imply ( and assumption()
  • spec())
  • policy()
  • )
  • )

25
System verification
  • Ongoing work
  • Build security model of a system
  • Classify the subjects, objects and operations
  • Define security states and state transitions
  • Extend the model to cover network protocol
  • Automatic verification
  • Analysis the assumption of the security of a
    system
  • Refine formal statements of specifications

26
Thank you
Write a Comment
User Comments (0)
About PowerShow.com