Wp6 static analysis
Download
1 / 13

WP6: Static Analysis - PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on

Presented by Flemming Nielson Informatics and Mathematical Modelling Technical University of Denmark at the 3nd review of DEGAS in April 2005. WP6: Static Analysis. static analysis. security features. class diagrams. sequence diagrams. UML design. activity diagrams. stochastic

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' WP6: Static Analysis' - monet


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Wp6 static analysis

Presented by

Flemming Nielson

Informatics and Mathematical Modelling

Technical University of Denmark

at the 3nd review of DEGAS in April 2005

WP6: Static Analysis


The degas view wp5 wp6

static

analysis

security

features

class

diagrams

sequence

diagrams

UML design

activity

diagrams

stochastic

features

Markov

model

The DEGAS view: WP5, WP6

reflection

fully automatic and

hidden from the user

extraction

model in

process

calculus


Objectives of wp6
Objectives of WP6

  • Comparing and finding new language abstractions to design global applications (D9 month 12)

  • Enhancing understanding and applicability of static analysis for global computing systems (D11 month 24, D14 month 33)

  • New models and techniques for integrated qualitative and security analysis statically

  • Proof-of-concepts implementations to validate the above treatment (D19 month 24).


Language abstractions
Language Abstractions

Within DEGAS we have considered analysis of

  • ambient calculi (for access control)

  • π-calculi (for access control and performance)

  • LySa (network security and performance)

    An overview of language abstractions are in

    D9: Basic Static Mechanisms of Process Algebras for Global Applications


Basics of static analysis

Static analysis

(over-approximation)

Actual behaviour

Model checking /

Theorem Proving

(under-approximation)

Basics of Static Analysis

Characterising the behaviour:


Enhancing static analysis
Enhancing Static Analysis

Network security

  • LySa and its static analysis

    Access control

  • π-calculus and Enhanced Operational Semantics

    Discussed in

  • D11 Models and Techniques for Static Analysis

  • D14 Final Report on Static Analysis


Analysis of lysa
Analysis of LySa

Over-approximation

Attacker

+

Hardest

attacker

Static

analysis

Protocol

Actual behaviour


Prototype the lysatool
Prototype: the LySatool

Constraint

generation

Constraint

solving

LySa

Constraints

Solution

Annotated with authentication properties

Includes violations of authentication properties

In Alternation Free Least Fixed-point logic

  • Details are in D19 Static Analysers

  • The LySatool in integrated in Choreographer

  • The LySatool is available on the internet:

    http://www.imm.dtu.dk/cs_LySa/lysatool


Lysa durring the thrid year
LySa Durring the Thrid Year

  • Developed a technique for tracking replay attacks

  • Implemented analysis of infinite scenarios

  • Improved efficiency of the LySatool to cater for industrial size protocols

  • Improved usability (input/output capabilities of the LySatool)

  • Discovered unknow security issues in

    • Classical security protocols (Beller-Chang-Yacobi ’93, Bauer-Bereson-Feiertag ’83)

    • Modern protocol standards (OASIS)

    • Case studies (D26)


Enhanced static analysis
Enhanced Static Analysis

  • Corrado, Pierpaolo, or Chiara:

    Please provide a slide (or two) with information about your contribution in D14


Integrating security and performance analysis
Integrating Security and Performance Analysis

Design and analysis process

Supported by performance analysis using:

  • PEPA – for timing attacks (facilitated by Choreographer)

  • EOS for protocol performance / effort spent on attacks

Protocol

in LySa

Static security

analysis

OK

Performance

analysis

Redesign

protocol

Not OK


Self evaluation of wp6
Self-evaluation of WP6

Positioning with respect to state of the art

  • S1: Strong indicator for discovery of a new class of flaw in a protocol published in the literature

  • W1: Weak indicator for application to key exchange protocol for DEGAS case study

    Comparison with competing approaches

  • S2: Strong indicator for clarifying the fundamentally different behaviours of model checking and static analysis as regards protocol validation

  • W2: Weak indicator for termination properties of our analysis approach

  • W2: Weak indicator for allowing to use model checking to validate the flaws reported by static analysis.


Self evaluation of wp61
Self-evaluation of WP6

Usability and explotation perspectives

  • S3: Strong indicator for hardening the design of the analysis tool so that also educated users outside of the research group (mainly MSc-students) are able to use the analysis tool.

  • W4: Weak indicator on the ability to analyse the OASIS protocol for Single Sign On.

  • W5: good progress towards weak indicator based on the UML to LySa extractor

  • S6: Strong indicator for the ability to teach the analysis method to advanced MSc-students and PhD-students that subsequently can use it for projects.


ad