URI permanente para esta colección:

Artículos en la categoría RWL publicados en las Actas de las XIX Jornadas de Programación y Lenguajes (PROLE 2019).
Notificar un error en esta colección


Envíos recientes

Mostrando 1 - 3 de 3
  • Resumen
    Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA
    Gonzalez-Burgueño, Antonio; Aparicio, Damian; Escobar, Santiago; Meadows, Catherine; Meseguer, José. Actas de las XIX Jornadas de Programación y Lenguajes (PROLE 2019), 2019-09-02.
    We perform an automated analysis of two devices developed by Yubico: YubiKey, designed to authenticate a user to network-based services, and YubiHSM, Yubico’s hardware security module. Both are analyzed using the Maude-NPA cryptographic protocol analyzer. Although previous work has been done applying formal tools to these devices, there has not been any completely automated analysis. This is not surprising, because both YubiKey and YubiHSM, which make use of cryptographic APIs, involve a number of complex features: (i) discrete time in the form of Lamport clocks, (ii) a mutable memory for storing previously seen keys or nonces, (iii) event-based properties that require an analysis of sequences of actions, and (iv) reasoning modulo exclusive-or. Maude-NPA has provided support for exclusive-or for years but has not provided support for the other three features, which we show can also be supported by using constraints on natural numbers, protocol composition and reasoning modulo associativity. In this work, we have been able to automatically prove security properties of YubiKey and find the known attacks on the YubiHSM, in both cases beyond the capabilities of previous work using the Tamarin Prover due to the need of auxiliary user-defined lemmas and limited support for exclusive-or. Tamarin has recently been endowed with exclusive-or and we have rewritten the original specification of YubiHSM in Tamarin to use exclusive-or, confirming that both attacks on YubiHSM can be carried out by this recent version of Tamarin.
  • Resumen
    Associative Unification and Symbolic Reasoning Modulo Associativity in Maude
    Durán, Francisco; Eker, Steven; Escobar, Santiago; Martí-Oliet, Narciso; Meseguer, José; Talcott, Carolyn. Actas de las XIX Jornadas de Programación y Lenguajes (PROLE 2019), 2019-09-02.
    We have added support for associative unification to Maude 2.7.1. Associative unification is infinitary, i.e., there are unifica- tion problems u =? v such that there is an infinite minimal set of unifiers, whereas associative-commutative unification is finitary. A unique feature of the associative unification algorithm implemented in Maude is that it is guaranteed to terminate with a finite and complete set of associative unifiers for a fairly large class of unification problems occurring in prac- tice. For any problems outside this class, the algorithm returns a finite set of unifiers together with a warning that such set may be incom- plete. This paper describes this associative unification algorithm imple- mented in Maude and also how other symbolic reasoning Maude features such as (i) variant generation; (ii) variant unification; and (iii) narrow- ing based symbolic reachability analysis have been extended to deal with associativity.
  • Resumen
    Model-checking strategy-controlled rewriting systems
    Rubio, Rubén; Martí-Oliet, Narciso; Pita, Isabel; Verdejo, Alberto. Actas de las XIX Jornadas de Programación y Lenguajes (PROLE 2019), 2019-09-02.
    Strategies are a widespread but ambiguous concept in Computer Science. In the domain of reduction and rewriting systems, strategies are studied as recipes to restrict and control reduction steps and rule applications, which are intimately local, in a derivation-global sense. This idea has been exploited by various tools and rewriting-based specification languages where strategies are an additional specification layer. Systems so described need to be analyzed too. This article discusses model checking of systems controlled by strategies and presents a working strategy-aware model checker built on top of the Maude specification language, based on rewriting logic, and its strategy language. Pendiente de publicación en "International Conference on Formal Structures for Computation and Deduction" (FSCD) 2019. Se envía la versión aceptada. La versión definitiva estará lista a finales de abril.