1 / 26

Proving the Correctness of Dependency Graph Transformation

Proving the Correctness of Dependency Graph Transformation. Ilja Tšahhirov (joint work with Peeter Laud and Keiko Nakata). Talk plan. Dependency graphs: some background Execution semantics formalization First step – graph fragments equivalence Next steps. A Security Protocol.

ting
Download Presentation

Proving the Correctness of Dependency Graph Transformation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Proving the Correctness of Dependency Graph Transformation Ilja Tšahhirov (joint work with Peeter Laud and Keiko Nakata) Theory Days at Andu

  2. Talk plan • Dependency graphs: some background • Execution semantics formalization • First step – graph fragments equivalence • Next steps Theory Days at Andu

  3. A Security Protocol A B : { secret }KAB B  : OK Theory Days at Andu

  4. Dependency Graph ? M K D ok? E 1 Λ V ?? ?? Theory Days at Andu

  5. Dependency Graph Execution • Initialize the graph node values with ┴ / false, • Repeat{ Adversary sets the and -nodes Graph is evaluated Adversary is made aware of the values of -nodes } until the Adversary indicates to stop • Adversary’s goal in the game is to produce different output depending on the secret message ?? Theory Days at Andu

  6. Transforming Dependency Graph The game does not change if a graph is replaced with another graph, having the same semantics, for example: Can be replaced with Λ Λ Λ Theory Days at Andu

  7. GUI for executing transformations Theory Days at Andu

  8. The Goal of this Work • One has to be sure that the transformation preserves the semantics, before applying it • The analyzer already has tens of transformations encoded; some of them are quite complex (in terms of amount of nodes involved) • Need to have a way of formally ensuring that: • Two fragments are equivalent, • Procedure for applying the transformation preserves graph semantics when exchanging one fragment with another, equivalent, fragment Theory Days at Andu

  9. Talk plan • Dependency graphs: some background • Execution semantics formalization • First step – graph fragments equivalence • Next steps Theory Days at Andu

  10. Graph • A Graph is a set of nodes, each representing a computation • A Node is identified by • Its identity (label) • Its operation. An operation is either bitstring-valued or boolean-valued. The operation dictates which input ports the node has • Operations: RS, Nonce, Const, Keypair, Pubkey, SigVer, VerKey, SymKey, PubEnc, SymEnc, PubEncZ, SymEncZ, Signature, SignedMsg, Tuple, Proj, PubDec, SymDec, Send, Begin, End, Receive, Secret, Merge, Id, Error, And, Or, Req, True, False, IsOK, IsEq, IsNeq, TestSig, TestSigP InputB, InputS, OutputB, OutputS • A Graph is a set of nodes, each representing a computation • A Node is identified by • Its identity (label) • Its operation. An operation is either bitstring-valued or boolean-valued. The operation dictates which input ports the node has • Operations: RS, Nonce, Const, Keypair, Pubkey, SigVer, VerKey, SymKey, PubEnc, SymEnc, PubEncZ, SymEncZ, Signature, SignedMsg, Tuple, Proj, PubDec, SymDec, Send, Begin, End, Receive, Secret, Merge, Id, Error, And, Or, Req, True, False, IsOK, IsEq, IsNeq, TestSig, TestSigP, InputB, InputS, OutputB, OutputS Theory Days at Andu

  11. Configuration • During the graph evaluation a value is computed for each node • Graph itself is not changed during evaluation – the evaluation result is stored in the configuration: • Environment: Label  Value • Input environment: Label*  Value • Label: set of label of all nodes • Label*: set of label of InputB-nodes Theory Days at Andu

  12. Graph Evaluation Informally, the graph evaluation proceeds as following: • Initialize: • Initialize the input environment with external inputs • Initialize the environment to map every node to false • Repeat { for each node { Compute operation result (the values of operation inputs are taken from the environment or input environment) Store the computed value in the environment } } until no more changes are observed (for each node the computed value is equal to what is stored in the environment) Theory Days at Andu

  13. Graph Evaluation - Example 1:InputB ρ 1 = false ρ 1 = true φ 1 = true ρ 2 = false 2:True ρ 2 = true 3:And ρ 3 = false ρ 3 = true 4:OutputB ρ 4 = false ρ 4 = true Theory Days at Andu

  14. Graph: Theorem Prover Encoding Definitionlabel := nat. Inductive operation : Type :=| andop (ll: list label)| trueop| falseop| inputop| outputop (l: label). Inductive node : Type :=boolnode (l: label)(o: operation). Definition graph := list node. Definition g3' : graph := ( (boolnode 1 inputop) ::(boolnode 3 (andop (1::nil))) ::(boolnode 4 (outputop 3)) ::nil). 1:InputB 3:And 4: OutputB Theory Days at Andu

  15. Environment: Theorem Prover Encoding (*Definition – both for environment and input environment *) label := nat value := bool env := list (label * value) (* Access and update functions *) lookup (r:env)(l:label) : option bool uf (r:env)(l:nat)(v:bool) : option env Theory Days at Andu

  16. Operation Semantics Fixpoint bf (rho:env) (phi:env) (n:node) : option bool := match n with boolnode l o  match o with | trueop  Some true | falseop  Some false | andop ll  andbn rho ll | inputop  lookup phi l | outputop l1  lookup rho l1 end end. Theory Days at Andu

  17. Graph Evaluation Step Fixpoint evalstep (g:graph)(rho:env)(phi:env) {struct g} : option env := match g with | nil  Some rho | (boolnode l o ) :: tl let v := lookup rho l in match v with | None  None | Some b let v':= bf rho phi (boolnode l o) in match v' with | None  None | Some b'  if (bool_dec b b') then evalstep tl rho phi else uf rho l b' end end end. Theory Days at Andu

  18. Graph Evaluation Fixpoint eval (g:graph)(rho phi:env)(n:nat): option env := match n with | 0  Some rho | S n'  match (evalstep g rho phi) with | None  None | Some rho'  let n'' := ‌rho'‌ in if (beq_nat n n'') then Some rho else eval g rho' phi n' end end. Theory Days at Andu

  19. Talk plan • Dependency graphs: some background • Execution semantics formalization • First step – graph fragments equivalence • Next steps Theory Days at Andu

  20. Equivalence Definition – Example g1 g2 phi := (1,v)::nil rhoinit1 := (1,false)::(4:false)::nil rhoinit2 := (1,false)::(2,false)::(3, false)::(4:false)::nil rhofinal1 := eval g1rhoinit1 phi 2 rhofinal2 := eval g2 rhoinit2 phi 4 Equivalence means that lookup rhofinal1 4 = lookup rhofinal2 4 1:input 1:input 2:true 3:and 4:output 4:output Theory Days at Andu

  21. Equivalence Definition Given the graphs g1, g2, satisfying the following requirements: • Each node must have unique label • Both graphs must have same set of input and output nodes The equivalence of g1 and g2 holds if for every output node with label l on g1,lookup (eval g1 rho1 phi ‌rho1‌) l = lookup (eval g2 rho2 phi ‌rho2‌) l Theory Days at Andu

  22. Proving Equivalence Key Lemmas about Semantics Lemma eval_is_evalstep_fixpoint: forall g rho rho' phi, eval g rho phi ‌rho‌ = rho'  evalstep g rho' phi = rho'. Lemma evalstep_fixpoint_is_correct: forall g rho phi, evalstep g rho phi = Some rho  forall l op, node_in_graph (boolnode l op) g  lookup rho l = bf rho phi (boolnode l op). Theory Days at Andu

  23. Equivalence Proof Plan for two particular fragments • Given the graph definitions, limit the output equality to particular output nodes • For each of the two graphs: • Show that evaluation result is a fixed point of evalstep (using eval_is_evalstep_fixpoint) • Show that the environment (rho) holds for all the nodes their “final” value at evaluation result (using evalstep_fixpoint_is_correct) • For each node present its value as a function from input environment (phi) • For each of the output nodes: • Show that on the first and the second graphs the functional dependency of the node from the input environment is the same Theory Days at Andu

  24. Talk plan • Dependency graphs: some background • Execution semantics formalization • First step – graph fragments equivalence • Next steps Theory Days at Andu

  25. Next Steps • Graph equivalence definition and proof framework was the first significant step towards integration with automated analyzer tool • The remaining steps are: • Formally define exchanging the (sub-)graph on another graph • Show that if two sub-graphs, g1 and g2, are equivalent, then exchanging g1 with g2 on a graph, containing g1, results in the equivalent graph • Bring back the complete operations set • Bring in the support for the infinite fragments / graphs Theory Days at Andu

  26. Thank you! Theory Days at Andu

More Related