# Module 20 Module 20 1 Module 20 2

• Slides: 39

Module 20：軟硬體正規驗證 • Module 20 -1：邏輯分析 • Module 20 -2： Temporal Logic and Model Checking 系統安全 20 -3

BAN Logic邏輯推導式 P Q P, P P Message-meaning rule Q |~X P #(X), P Q|~X Nonce-verification rule P Q X, P Q P X Jurisdiction rule X 系統安全 20 -9

GNY Logic介紹 ＧＮＹ邏輯推導式 EX 1: • A principal is told a formula encrypted with a key. • He processes the key. • He has also been told the decrypted contents of the formula. 系統安全 20 -16

GNY logic介紹 EX: Needham-Schroeder Protocol GNY logic shows that S • P trusts the session key K by step 2. • Q cannot trust the session key K by step 3. P Q • P cannot believe that Q owns a key because Nq is meaningless to P in step 4. • There is no conclusion in step 5 since Q cannot trust K. 系統安全 20 -18

Module 20 -2： Temporal Logic and Model Checking 系統安全 20 -

Temporal Logic and Model Checking • Model Checking 在安全協定上的應用 • Model Checking 在網路安全上的應用 系統安全 20 -20

Model of Computation 1 Microwave of Example ~Start ~Close ~Heat ~Error Start oven 2 Open door Start ~Close ~Heat Error Open 3 Close door cook 4 ~Start Close Heat ~Error done ~Start Close ~Heat ~Error Start cooking door 5 Open door Start oven Start Close ~Heat Error reset 6 7 Start Close ~Heat ~Error 系統安全 warmup Start Close Heat ~Error 20 -24

Temporal Logic • • 利用 Temporal Logic 來描述系統的規格 微波爐不會加熱(Heat)一直到門被關上(Close) Not heat_up holds until door_closed ~heat U close 系統安全 20 -25

Model Checking 在安全協定上的應用 密碼協定分析 Formal Models Dolev – Yao Computational Models Random oracle Model Logic Model Checking Finite processes, finite attacker Inductive Proofs … Finite processes, infinite attacker 系統安全 20 -28