Internet Security CSCE 813 Communicating Sequential Processes.

Internet Security Internet Security CSCE 813CSCE 813

Communicating Sequential Communicating Sequential ProcessesProcesses

CSCE 813 - Farkas 2

ReadingReading

Today: – Modelling and analysis of security protocols:

Chapter 1

Next Class: – Modelling and analysis of security protocols:

Chapter 1 and 2

CSCE 813 - Farkas 3

CSP ObjectivesCSP Objectives

Model dynamicsModel and analyze concurrency

– E.g., calculation intensive systems, distributed applications

Support parallelism

CSCE 813 - Farkas 4

CSPCSPNotation for describing systems of parallel

agents that communicate by passing messages between them

Formal study of systems– Concurrency– Security

Mathematical notation for describing interaction– Different components influence each other

CSCE 813 - Farkas 5

CSP ComponentsCSP Components

Processes Operators Communication: visible events:

Invisible (internal) event: CSP: allows to describe the states in which

processes might be allows to work out what actions are immediately possible for the process and what the result states of the actions are

CSCE 813 - Farkas 6

Message PassingMessage Passing

Synchronous: both processes MUST be ready to communicate

Non-buffered sends and receivesExplicit naming of source and destination

processes

CSCE 813 - Farkas 7

MessagesMessages

Process A Process B

Send (B, message) Receive (A, message)

Input command: <source-process> ?<target value>e.g., keyboard?m

Output command: <destination process>!<target value>e.g., screen?average

CSCE 813 - Farkas 8

CommunicationCommunication

Process P executes and input command specifying process Q as its source AND

Process Q executes an output command specifying process P as its destination AND

The target variable in the input statement matches the value in the output statement

CSCE 813 - Farkas 9

Program EquivalenceProgram Equivalence

Two programs P1 and P2 are equivalent if they produce patterns of visible actions that cannot be distinguished by an observer.

Only the communications of a program matters!

CSCE 813 - Farkas 10

CommunicationCommunicationPrefix: given a process P and a

communication a in , a → P is a program that– Performs a then– Behaves as P

Given in, out in what is – in → out → P

Process Stop: no visible or non-visible action– Given a in what is a → Stop

CSCE 813 - Farkas 11

Build ProcessesBuild Processes

Consider: Given a,b,c in – Proc = a → b → c → Stop– Proc: finite succession of choices before

stopping – Proc’s environment might choose not to

accepted any of a,b,c, so it might get stuck before Stop

CSCE 813 - Farkas 12

Build ProcessesBuild Processes

Recursion: processes “go on forever” Looping back to a state they have been before

1. Alt = to → fro → Alt

2. Dalt = to → fro → to → fro → Dalt

3. Malt1 = to → Malt2

4. Malt2 = fro → Malt1

5. Nalt = to → fro → Dalt

1. 1, 2, 5, and (3,4) are equivalent programs

CSCE 813 - Farkas 13

PrefixPrefix

Offering a single action Offering of choice: any set of visible actions

– If A , ?x : A → P(x) represent all the actions in A– x is the parameter of P -- parameters can be used in

events or manipulated– When a A is chosen, it behaves like P(a)

Example: always prepared to offer any event from A – RUNA = ?x : A → RUNA

CSCE 813 - Farkas 14

Compound eventsCompound events

Coding Machine example– CM1(s) = ?x : L {off} → CM1’ (s,x)– CM1’(s,off) = Stop– CM1’(s,x) = crypt(s,x) → CM1(newstate(s,x)) (x L)

Action: channel name followed by zero or more data components

Coding Machine example without off– CM2(s) = in?x → out!crypt(s,x) → CM2(newstate(s,x))

CSCE 813 - Farkas 15

Choice OperatorsChoice Operators

Deterministic finite state machine over finite

– e.g., Pi = ? X : Ai → Pi’(x)

Choice operator: – Gives the option between the actions of two

processes then– Behaves like the one chosen

CSCE 813 - Farkas 16

Choice OperatorChoice Operator

Example Choice– if A = B C then

?x : A → P(x) = (?x : B → P(x)) (?x : C → P(x) )

Stop and equivalence – if A = A Ø then

?x : A → P(x) = (?x : A → P(x)) Stop that is P P Stop

– If B= Ø then ?x : B → P(x) Stop

CSCE 813 - Farkas 17

Choice OperatorChoice Operator

Revisit: if A = B C then?x : A → P(x) = (?x : B → P(x)) (?x : C → P(x) )

If B and C are disjoint: together they give all the choices in A

What happens if B and C overlap?– Given processes P and Q, what does P Q mean? – Choosing an action x B C what is the result of

(?x : B → P(x)) (?x : C → Q(x) )– CSP allows the implementor to make a choice between the

two sides– After action x, the process may behave as P(x) or Q(x), the

environment has no control over it.

CSCE 813 - Farkas 18

Non-determinismNon-determinism

Program acts nondeterministically if it is unpredictable

The program is allowed to make internal decision that affect how it behaves as viewed from the outside

Implementation is allowed to chooseE.g.,

(a → a → Stop) (a → b → Stop)

CSCE 813 - Farkas 19

Non-Deterministic Non-Deterministic ChoiceChoice

P Q – behaves like P or like Q– User has no control over which– Can be implemented using two internal actions– Implementer is not required to implement this way (can

choose either P or Q or (P or Q))

Useful for model degree of unpredictability, like communication medium that transmits data correctly or loose it.

CSCE 813 - Farkas 20

Non-Deterministic Non-Deterministic ChoiceChoice

P Q and P Q have identical traces: sequences of visible communications

In most circumstances it cannot be told whether a non-deterministic choice was made by observing the process.

What is the difference between

(a → P) Stop and (a → P) Stop ?

CSCE 813 - Farkas 21

Parallel OperatorsParallel Operators

Put sequential processes parallelSystem state: state of each component

– Number of possible states increases exponentially with the size of the network

How to put processes together for parallel network?

How to check whether such a network satisfies a specification?

CSCE 813 - Farkas 22

Parallel CombinationParallel Combination

Just an other process to which any of the previous operators can be applied.

Each parallel process is equivalent to a sequential one (with infeasibly large number of states)

CSP processes influence each other by affecting what communications they can perform.

CSCE 813 - Farkas 23

Parallel CombinationParallel Combination

Synchronize all visible actions– P || Q can perform a only when P and Q can – (?x : A → P(x)) || (?x : B → Q(x)) =

?x : A B → (P(x) || Q(x))

CSCE 813 - Farkas 24

Parallel CombinationsParallel Combinations

Interfaces parallel operator: P ||X Q– Synchronize all events in X

Example: – P = ?x : A → P’(x)– Q = ?x : B → Q’(x)

– P ||X Q = ?x : X A B → (P’(x) || Q’(x))

?x : A \ X → (P’(x) ||X Q)

?x : B \ X → (P||X Q’(x))

CSCE 813 - Farkas 25

Alphabet ControlledAlphabet Controlled

P X ||Y Q

Each process is given control of a particular set of events

No process is ever permitted to communicate outside of its own alphabet

Interface between two processes: intersection of their alphabet

CSCE 813 - Farkas 26

CSP OperatorsCSP Operators

Stop process does nothing a → P event prefix ?x:A → P event prefix choice P Q choice between two processes P Q nondeterministic choice P || Q lockstep parallel P ||X Q interface parallel P X ||Y Q synchronizing parallel

CSCE 813 - Farkas 27

Next Class: Next Class: CSP CH 1 finishCSP CH 1 finish

Modeling security protocols in CSPModeling security protocols in CSP