1 / 26

Abstract Data Types

Abstract Data Types. Structured (data) objects as terms of a logical language behavior of operations specified by axioms symbolic execution Semantics: Algebraic structures given by equivalence classes of variable free terms (freely) generated structures

cosima
Download Presentation

Abstract Data Types

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Abstract Data Types • Structured (data) objects as terms of a logical language • behavior of operations specified by axioms • symbolic execution • Semantics: Algebraic structures given by equivalence classes of variable free terms • (freely) generated structures • constructors, selectors, recursively defined functions • Proof (tool) support • deduce properties of algebraic structures • induction on the structure of data types

  2. Abstract Data Types : Language • Formal language: First Order (Predicate) Logic (FOL) • (user defined) predicates • boolean connectives: AND (Æ), OR (Ç), NOT (:), -> (!) … • equality (=) between terms over user defined (typed) function symbols • universal, existential quantification : ALL (8), EX (9) • types for quantified variables • (outer) universal quantifiers sometimes omitted • + (other) auxiliary symbols • ASCII versus Latex symbols • uppercase / lowercase letters not relevant (here)

  3. Abstract Data Types : Natural Numbers • Natural numbers: • Defines theory NATBASIC introducing the type NAT. • Constructor symbols: NULL (nullary), SUCC (unary) • Selector symbol: PRED • Cases enumerated by | : • disjoint union (sum) • possibly also test predicates • see exercise below

  4. Abstract Data Types : Example • Axioms (generated from the specification) • 8 x: NAT. NULL  SUCC(x) • 8 x,y: NAT. ( SUCC(x) = SUCC(y) ! x=y ) • 8 x: NAT. PRED(SUCC(x)) = x • Are these axioms independent ?

  5. Abstract Data Types : Semantics • Semantics: Set of equivalence classes of (closed) terms { {NULL, PRED(SUCC(NULL)), PRED(PRED(SUCC(SUCC(NULL)))), … }, {SUCC(NULL), PRED(SUCC(SUCC(NULL))), … }, {SUCC(SUCC(NULL))), … }, … } • Freely generated by NULL and SUC: There is a unique representation of each element (equivalence class) by SUC and NULL. • « PRED ¬ ({SUCC(SUCC(NULL))), … }) = {SUCC(NULL), PRED(SUCC(SUCC(NULL))), … }

  6. Abstract Data Types : Extending Theories • Extending the theory by additional functions and predicates:

  7. Abstract Data Types : Extending Theories

  8. Abstract Data Types : Recursion and Induction • Recursive axiomatizations • intended as definitions • like addition above • well definedness: • existence (of a solution) ) consistency • uniqueness ) “termination” according to some well-founded order necessary for inductive proofs (following the recursion structure) • often fixed definition schemes

  9. Abstract Data Types : Recursion and Induction • Proof of inductive properties • like 8 x,y: NAT. x+y = y+x • induction schemes critical for consistency • well-founded order • not user defined • for (freely) generated structures: structural induction • size function: reduction (for example) to (complete induction for) natural numbers ) size function itself has to be well defined • complete induction (scheme) on the structure of NAT-terms: ( (NULL) Æ8 y:NAT. ( (y) !(SUCC(y)) ) ) !8 x: NAT. (x) .

  10. Abstract Data Types : Recursion and Induction • Prove: 8 x: NAT. ( x = NULL Ç9 y:NAT. x = SUCC(y) ) • What does this mean? • Disjointness?

  11. Inductive Protocol Verification • Use these techniques for Protocol Verification ! • Steps: • Define data types for agents, keys, messages, and appropriate auxiliary notions (lists). • Define the attacker model (knowledge and abilities) in terms of parts, analz, and synth. • Define events and execution traces (for a given protocol): • events caused by normal participants • events caused by the attacker (or spy) • Formalize security properties (confidentiality, authentication). • Prove security properties by induction on the (structure) length of traces.

  12. Step1: Agents • Secure agents are servers. • NAT parameter allows for arbitrary many agents. • Additional test predicates (is… ): • Give the axiom(s) for the predicate isFriend !

  13. Step1: Keys • Formalizes the notions used so far.

  14. Step1: Messages • What is the (formal) characteristics of atomic messages? atomic messages

  15. Step1: Lists • Use (finite) lists instead of (finite) sets. • Size function used for induction schemes.

  16. Step1: Lists • Additional notions for lists (of messages).

  17. Step1: Lists • Analogous to lists of messages.

  18. Step2: Decomposition of Messages • The function parts computes (the list of) all sub-messages • of messages given by a list (mL).

  19. Step2: Decomposition of Messages • What about hashing?

  20. Step2: Analysis of Messages(by the spy) • The function analz makes explicit the knowledge • (as a list of messages) the spy is able to obtain (infer) from • a given list of messages.

  21. Step2: Analysis of Messages(by the spy) • Uses the auxiliary function hAnalz that takes as arguments two lists of messages. • A new round is started with an extended list.

  22. Step2: Analysis of Messages(by the spy) decryption • Why does analz terminate?

  23. Step2: Synthesis of Messages (by the spy) • isSynth(msg,mL) : msg is in the set of messages that can be generated (by the spy) from the list mL.

  24. Step2: Synthesis of Messages (by the spy) • synth is given by a predicate. Why?

  25. Step3: Protocol Events • Says-events have been used so far: a message is sent. • Gets-events explicitly model that a message is actually received. • Notes events model (internal) state transitions • spy learns a key (independently of protocol steps) • setting an internal clock

  26. Step3: Protocol Traces • Analogous to lists of messages and keys. • Again: size function for inductive proofs.

More Related