de Ep Erik Vink

A Formalization of Anonymity and Onion Routing

The use of formal methods to verify security protocols with respect to secrecy and authentication has become standard practice. In contrast, the formalization of other security goals, such as privacy, has received less attention. Due to the increasing importance of privacy in the current society, formal methods will also become indispensable in this area. Therefore, we propose a formal definition of the notion of anonymity in presence of an observing intruder. We validate this definition by analyzing a well-known anonymity preserving protocol, viz. onion routing.

Verifying probabilistic programs using a Hoare-like logic

Probability, be it inherent or explicitly introduced, has become an important issue in the verification of programs. In this paper we study a formalism which allows reasoning about programs which can act probabilistically. To describe probabilistic programs, a basic programming language with an operator for probabilistic choice is introduced and a denotational semantics is given for this language. To specify propertics of probabilistic programs, standard first order logic predicates are insufficient, so a notion of probabilistic predicates is introduced. A Hoare-style proof system to check properties of probabilistic programs is given. The proof system for a sublanguage is shown to be sound and complete; the properties that can be derived are exactly the valid properties. Finally some typical examples illustrate the use of the probabilistic predicates and the proof system.

Injective synchronisation: an extension of the authentication hierarchy

Authentication is one of the foremost goals of many security protocols. It is most often formalised as a form of agreement, which expresses that the communicating partners agree on the values of a number of variables. In this paper we formalise and study an intensional form of authentication which we call synchronisation. Synchronisation expresses that the messages are transmitted exactly as prescribed by the protocol description. Synchronisation is a strictly stronger property than agreement for the standard intruder model, because it can be used to detect preplay attacks. In order to prevent replay attacks on simple protocols, we also define injective synchronisation. Given a synchronising protocol, we show that a sufficient syntactic criterion exists that guarantees that the protocol is injective as well.

Axiomatizing GSOS with termination

We discuss a combination of GSOS-type structural operational semantics with explicit termination, that we call the tagh-format (tagh being short for termination and GSOS hybrid). The tagh-format distinguishes between transition and termination rules, but, besides active and negative premises as in GSOS, also allows for what we call terminating and passive arguments. We extend the result of Aceto, Bloom and Vaandrager on the automatic generation of sound and complete axiomatizations for GSOS to the setting of tagh-transition systems. The construction of the equational theory is based upon the notion of a smooth and distinctive operation, which have been generalized from GSOS to tagh. We prove the soundness of the synthesized laws and show their completeness modulo bisimulation. The examples provided indicate a significant, though yet not ideal, improvement over the axiomatization techniques known so far.

Data Anonymity in the FOO Voting Scheme

We study one of the many aspects of privacy, which is referred to as data anonymity, in a formal context. Data anonymity expresses whether some piece of observed data, such as a vote, can be attributed to a user, in this case a voter. We validate the formal treatment of data anonymity by analyzing a well-known electronic voting protocol.

Dynamic Consistency in Process Algebra: From Paradigm to ACP

The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at various levels of abstraction. To enable automated verification of Paradigm models, a translation of Paradigm into process algebra is provided. Examples are given and guidelines for a systematic translation into the process algebra ACP are discussed. Verification results building on the mCRL2 toolset are presented as well.

Formalising receipt-freeness

Receipt-freeness is the property of voting protocols that a voter cannot create a receipt which proves how she voted. Since Benaloh and Tuinstra introduced this property, there has been a large amount of work devoted to the construction of receipt-free voting protocols. This paper provides a generic and uniform formalism that captures the notion of a receipt. The formalism is then applied to analyse the receipt-freeness of a number of voting protocols.

Formalizing Adaptation On-the-Fly

Paradigm models specify coordination of collaborating components via constraint control. Component McPal allows for later addition of new constraints and new control in view of unforeseen adaptation. After addition McPal starts coordinating migration accordingly, adapting the system towards to-be collaboration. Once done, McPal removes obsolete control and constraints. All coordination remains ongoing while migrating on-the-fly, being deflected without any quiescence. Through translation into process algebra, supporting formal analysis is arranged carefully, showing that as-is and to-be processes are proper abstractions of the migrating process. A canonical critical section problem illustrates the approach.

Dynamic consistency in process algebra: From Paradigm to ACP

The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at various levels of abstraction. The operational semantics of Paradigm is given. For a large, general subclass of Paradigm models a translation into process algebra is provided. Once expressed in process algebra, relying on a correctness result, Paradigm models are amenable to process algebraic reasoning and to verification via the mCRL2 toolset. Examples of a scheduling problem illustrate the approach.

Paradigm as Organization-Oriented Coordination Language

Global component behaviours as distinguished in Paradigm, offer the ingredients for specifying inter-component coordination in separation from and consistent with detailed component behaviour. The paper discusses how global behaviours provide great flexibility in arranging computation as well as coordination. In the context of a mediating example we plea for taking such flexibility as an organizational, organic, human-like characteristic; good to have, but usually absent in system specification. In addition, we point out how Paradigms flexibility fits well in the historical perspective of discrete event simulation, modeling, object-orientation and patterns.