solving trust issues using z3 z3 sig, november 2011 moritz y. becker, nik sultana alessandra russo...
Post on 22-Dec-2015
215 views
TRANSCRIPT
![Page 1: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/1.jpg)
Solving trust issues using Z3
Z3 SIG, November 2011
Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial College Birmingham University
![Page 2: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/2.jpg)
What can be detectedabout policy A0?
probe
observe Infer
?
e.g. SecPAL, DKAL, Binder, RT, ...
![Page 3: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/3.jpg)
A simple probing attack
𝑨𝟎❑
No: A0 ∪ A ⊬ q
Yes: A0 ∪ A ⊢ q
SvcAlice
Svc says secretAg(Bob)!
Alice can detect “Svc says secretAg(Bob)”!
A = {Alice says foo if secretAg(Bob)}q = access?
Alice says
1
A = { Alice says foo if secretAg(Bob), Alice says Svc cansay
secretAg(Bob) }q = access?
Svc says secrAg(B) Alice says secrAg(B)
2
[Gurevich et al., CSF 2008]
(There’s also an attack on DKAL2, to appear in: “Information Flow in Trust Management Systems”, Journal of Computer Security.)
![Page 4: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/4.jpg)
Challenges1. What does “attack”, “detect”, etc.
mean?*2. What can the attacker (not) detect?3. How do we automate?
*Based on “Information Flow in Credential Systems”, Moritz Y. Becker, CSF 2010
![Page 5: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/5.jpg)
![Page 6: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/6.jpg)
probe
![Page 7: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/7.jpg)
Available probes
))
))
![Page 8: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/8.jpg)
)
Available probes
))
)) ≡),...,)?
𝑨𝟎′
Yes, No, Yes, Yes, ...!
),...,)? 𝑨𝟎
Yes, No, Yes, Yes, ...!
Policies and are observationally equivalent () iff
for all :
The attacker can’t distinguish and
![Page 9: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/9.jpg)
)))
))
),...,)? 𝑨𝟎≡Yes, No, Yes, Yes, ...!
A query is detectable in iff.
p pp
p
pp!
![Page 10: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/10.jpg)
)))
))
),...,)? 𝑨𝟎≡Yes, No, Yes, Yes, ...!
A query is opaque in iff.
p pp
p
p
p??
![Page 11: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/11.jpg)
No!
Svc says secretAg(B) is detectable in A0!
({A says foo if secrAg(B)}, acc)
({A says Src cansay secAg(B), A says fooif secretAg(B)}, acc)
Yes!
𝑨𝟎≡secretAg(B)
secretAg(B)
secretAg(B)
secretAg(B)
secretAg(B)
Available probes
secretAg(B)!
![Page 12: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/12.jpg)
Challenges1. What does “attack”, “detect”, etc. mean?2. What can the attacker (not) detect?*3. How do we automate?
* Based on “Opacity Analysis in Trust Management Systems”, Moritz Y. Becker and Masoud Koleini (U Birmingham), ISC2011
![Page 13: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/13.jpg)
Is opaque in ?• Policy language: Datalog clauses • Input: • Output: “opaque in ” or “detectable in ”• Sound, complete, terminating
A query is opaque in iff.
![Page 14: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/14.jpg)
Example 1
What do we learn about and in ?
must satisfy one of these:
![Page 15: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/15.jpg)
Example 2
What do we learn about e.g. and in ? must satisfy one of these:
![Page 16: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/16.jpg)
Challenges1. What does “attack”, “detect”, etc. mean?2. What can the attacker (not) detect?3. How do we automate?
![Page 17: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/17.jpg)
How do we automate?• Previous approach:
Build a policy in which the sought fact is opaque.
• Approach described here:Search for proof to show that a property is detectable.
![Page 18: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/18.jpg)
Reasoning framework• Policies/credentials, and their properties are
mathematical objects• Better still, are terms in a logic (object-level)• Probes are just a subset of the theorems in
the logic.• Semantic constraints: Datalog entailment,
hypothethical reasoning.
![Page 19: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/19.jpg)
Policies
Empty policy
Fact
Rule
Policy union
![Page 20: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/20.jpg)
Properties
“phi holds if gamma”
![Page 21: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/21.jpg)
Example 1
![Page 22: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/22.jpg)
Example 2
![Page 23: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/23.jpg)
Calculus+ PL + ML + Hy
![Page 24: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/24.jpg)
Reduced calculus(modulo normalisation)
![Page 25: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/25.jpg)
Axioms C1 and C2
![Page 26: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/26.jpg)
Props 8 and 9
![Page 27: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/27.jpg)
Normal form
![Page 28: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/28.jpg)
Naïve propositionalisation• Normalise the formula• Apply Prop9 (until fixpoint)• Instantiate C1, C2 and Prop8 for each
box-formula• Abstract the boxes
![Page 29: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/29.jpg)
Improvements• Prop9 is very productive – in many
cases this can be avoided – so it could be delayed.
• Axiom C1 can be used as a filter.
![Page 30: Solving trust issues using Z3 Z3 SIG, November 2011 Moritz Y. Becker, Nik Sultana Alessandra Russo Masoud Koleini Microsoft Research, Cambridge Imperial](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d7a5503460f94a5e4e1/html5/thumbnails/30.jpg)
Summary1. What does “attack”, “protect”, etc. mean?– Observational equivalence, opacity and detectability
2. What can the attacker (not) infer?– Algorithm for deciding opacity in Datalog policies– Tool with optimizations
3. How do we automate?– Encode as SAT problem