Chiara Bodei

Static validation of security protocols

We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as Needham-Schroeder symmetric key, Otway-Rees, Yahalom, Andrew Secure RPC, Needham-Schroeder asymmetric key. and Beller-Chang-Yacobi MSR.

Automatic validation of protocol narration

We perform a systematic expansion of protocol narrations into terms of process algebra in order to make precise some of the detailed checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice for identifying a number of authentication flaws in symmetric key protocols such as Needham-Schroeder, Otway-Rees, Yahalom and Andrew Secure RPC.

Static Analysis for the π-Calculus with Applications to Security

Abstract Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the π-calculus that shows how names will be bound to actual channels at run time. The result of our analysis establishes a super-set of the set of channels to which a given name may be bound and of the set of channels that may be sent along a given channel. Besides a set of rules that permits one to validate a given solution, we also offer a constructive procedure that builds solutions in low polynomial time. Applications of our analysis include establishing two simple security properties of processes. One example is that P has no leaks: P offers communication to the external environment through public channels only and confines its secret channels within itself. The other example is connected to the no read-up/no write-down property of Bell and LaPadula: once processes are given levels of security clearance, we check that a process at a high level never sends channels to processes at a lower level.

Control Flow Analysis for the pi-calculus

Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the π-calculus that shows how names will be bound to actual channels at run time. The formulation of the analysis requires no extensions to the π-calculus, except for assigning “channels” to the occurrences of names within restrictions, and assigning “binders” to the occurrences of names within input prefixes.

Safe Ambients: Control Flow Analysis and Security

We present a Control Flow Analysis (CFA) for the Safe Ambients, a variant of the calculus of Mobile Ambients. The analysis refines and computes an approximation of the run-time topology of processes. We use the result of the analysis to establish a secrecy property.

Static Analysis of Processes for No and Read-Up nad No Write-Down

We study a variant of the no read-up/no write-down security property of Bell and LaPadula for processes in the π-calculus. Once processes are given levels of security clearance, we statically check that a process at a high level never sends names to processes at a lower level. The static check is based on a Control Flow Analysis for the π-calculus that establishes a super-set of the set of names to which a given name may be bound and of the set of names that may be sent and received along a given channel, taking into account its directionality. The static check is shown to imply the natural dynamic condition.

Primitives for authentication in process algebras

We extend the π-calculus and the spi-calculus with two primitives that guarantee authentication. They enable us to abstract from various implementations/specifications of authentication, and to obtain idealized protocols which are “secure by construction”. The main underlying idea, originally proposed in Focardi (Proc. Sixth Italian Conf. on Theoretical Computer Science, November 1998) for entity authentication, is to use the locations of processes in order to check who is sending a message (authentication of a party) and who originated a message (message authentication). The theory of local names, developed in Bodei et al. (Theoret. Comput. Sci. 253(2) (2001) 155) for the π-calculus, gives us almost for free both the partner authentication and the message authentication primitives.

A Control Flow Analysis for Beta-binders with and without static compartments

We introduce a Control Flow Analysis, that statically approximates the dynamic behaviour of processes, expressed in the Beta-binders calculus and in an extended version of the calculus modelling static compartments. Our analysis of a system is able to describe the essential behaviour of each box, tracking all the possible bindings of variables, all the possible intra- and inter-boxes communications, and, finally, all the possible movements across compartments. The analysis offers a basis for establishing static checks of biological dynamic properties. We apply our analysis to an abstract specification of the interaction between a virus and cells of the immune system and to a model of the cAMP-signaling Pathway in Olfactory Sensory Neurons.

Names fo the p-calculus agents handled locally

We address the problem of handling names in concurrent and distributed systems made up of mobile processes. We equip processes with local environments. Our structural operational semantics handles these environments so that captures of names are never possible. Our semantics includes the specification of a distributed name manager that conservatively extends standard operational semantics. Bisimulation-based equivalences can be checked on our transition systems. They yield the same equivalence relations as those based on standard interleaving semantics. Finally, we show that our development scales up smoothly to higher-order calculi.

Where Do Your IoT Ingredients Come From

The Internet of Things (IoT) is here: smart objects are pervading our everyday life. Smart devices automatically collect and exchange data of various kinds, directly gathered from sensors or generated by aggregations. Suitable coordination primitives and analysis mechanisms are in order to design and reason about IoT systems, and to intercept the implied technology shifts. We address these issues by defining IoT-LySa, a process calculus endowed with a static analysis that tracks the provenance and the route of IoT data, and detects how they affect the behaviour of smart objects.