Download
wp6 static analysis n.
Skip this Video
Loading SlideShow in 5 Seconds..
WP6: Static Analysis PowerPoint Presentation
Download Presentation
WP6: Static Analysis

WP6: Static Analysis

101 Vues Download Presentation
Télécharger la présentation

WP6: Static Analysis

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Presented by Flemming Nielson Informatics and Mathematical Modelling Technical University of Denmark at the 3nd review of DEGAS in April 2005 WP6: Static Analysis

  2. static analysis security features class diagrams sequence diagrams UML design activity diagrams stochastic features Markov model The DEGAS view: WP5, WP6 reflection fully automatic and hidden from the user extraction model in process calculus

  3. Objectives of WP6 • Comparing and finding new language abstractions to design global applications (D9 month 12) • Enhancing understanding and applicability of static analysis for global computing systems (D11 month 24, D14 month 33) • New models and techniques for integrated qualitative and security analysis statically • Proof-of-concepts implementations to validate the above treatment (D19 month 24).

  4. Language Abstractions Within DEGAS we have considered analysis of • ambient calculi (for access control) • π-calculi (for access control and performance) • LySa (network security and performance) An overview of language abstractions are in D9: Basic Static Mechanisms of Process Algebras for Global Applications

  5. Static analysis (over-approximation) Actual behaviour Model checking / Theorem Proving (under-approximation) Basics of Static Analysis Characterising the behaviour:

  6. Enhancing Static Analysis Network security • LySa and its static analysis Access control • π-calculus and Enhanced Operational Semantics Discussed in • D11 Models and Techniques for Static Analysis • D14 Final Report on Static Analysis

  7. Analysis of LySa Over-approximation Attacker + Hardest attacker Static analysis Protocol Actual behaviour

  8. Prototype: the LySatool Constraint generation Constraint solving LySa Constraints Solution Annotated with authentication properties Includes violations of authentication properties In Alternation Free Least Fixed-point logic • Details are in D19 Static Analysers • The LySatool in integrated in Choreographer • The LySatool is available on the internet: http://www.imm.dtu.dk/cs_LySa/lysatool

  9. LySa Durring the Thrid Year • Developed a technique for tracking replay attacks • Implemented analysis of infinite scenarios • Improved efficiency of the LySatool to cater for industrial size protocols • Improved usability (input/output capabilities of the LySatool) • Discovered unknow security issues in • Classical security protocols (Beller-Chang-Yacobi ’93, Bauer-Bereson-Feiertag ’83) • Modern protocol standards (OASIS) • Case studies (D26)

  10. Enhanced Static Analysis • Corrado, Pierpaolo, or Chiara: Please provide a slide (or two) with information about your contribution in D14

  11. Integrating Security and Performance Analysis Design and analysis process Supported by performance analysis using: • PEPA – for timing attacks (facilitated by Choreographer) • EOS for protocol performance / effort spent on attacks Protocol in LySa Static security analysis OK Performance analysis Redesign protocol Not OK

  12. Self-evaluation of WP6 Positioning with respect to state of the art • S1: Strong indicator for discovery of a new class of flaw in a protocol published in the literature • W1: Weak indicator for application to key exchange protocol for DEGAS case study Comparison with competing approaches • S2: Strong indicator for clarifying the fundamentally different behaviours of model checking and static analysis as regards protocol validation • W2: Weak indicator for termination properties of our analysis approach • W2: Weak indicator for allowing to use model checking to validate the flaws reported by static analysis.

  13. Self-evaluation of WP6 Usability and explotation perspectives • S3: Strong indicator for hardening the design of the analysis tool so that also educated users outside of the research group (mainly MSc-students) are able to use the analysis tool. • W4: Weak indicator on the ability to analyse the OASIS protocol for Single Sign On. • W5: good progress towards weak indicator based on the UML to LySa extractor • S6: Strong indicator for the ability to teach the analysis method to advanced MSc-students and PhD-students that subsequently can use it for projects.