This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Reasoning about Security in Computer Systems Presenter: Zeeshan Furqan [email protected] Contents Knowledge and reasoning Examples and Puzzles Definitions Motivation Reasoning about knowledge in security Learning Reasoning Verification How we learn? Applications in computer security Applications Case study Knowledge Definitions from the dictionary Motivations The state or fact of knowing. Familiarity, awareness, or understanding gained through experience or study. The sum or range of what has been perceived, discovered, or learned. To have an advantage To show off Analysis or Reasoning or Problem solving Reasoning Definitions Use of reason, especially to form conclusions, inferences, or judgments. Evidence or arguments used in thinking or argumentation. logic, interpretation irrationality, nonsense Examples Intelligent buying and selling Buyer's model Seller's model Applications in computer security Driving on the road Security Tradeoffs Maximizing objectives Applications in computer security
Who can be trusted A secure environment Examples (contd..) Common knowledge Distributed knowledge What everybody would know What a fool knows What a wise man would know How we apply these concepts in Security? What should be assumed Choices available in a secure environment Puzzles Muddy Children At least one of them has mud on his/her head. Each child can see the mud on others but cannot see his or her own forehead. Mom's question repeatedly. All of the children are intelligent, honest, and answer simultaneously How many announcements does mom has to make before the children confess? Puzzles (contd..) Cheating Wives 100 married couples 40 wives are unfaithful King publishes the following decree: On 41st day, 40 unfaithful wives will have their heads chopped off. There is at least one unfaithful wife. Each husband knows whether other men's wives are unfaithful or not. Every night (from tonight) each man must do his deduction, based on his knowledge so far, and try to prove whether his wife is unfaithful or not. Each man, who has succeeded in proving that his wife is unfaithful, must chop off his wife's head next morning. Every morning each man must see whether somebody chops off his wife's head. Each man's knowledge before this decree is publicized consists only of the knowledge about other men's wives' unfaithfulness. Puzzles (contd..) Applications in computer security Common knowledge Distributed knowledge Evolution of knowledge Reasoning Secure Communications Puzzles (contd..) Coordinated attack Common knowledge Distributed knowledge Applications in computer security
Unreliable communication Acknowledgement based systems Assurance Trust Management Reasoning about Knowledge in Security Example 1 Learning NS protocol What was the missing block? What should be learned Make optimal and secure decisions Can there be something wrong with my trust? Reasoning Verification Reasoning about Knowledge in Security (cont..) Example 2 Learning A clientserver scenario Server's model Client's model System's model Server's reasoning Client's reasoning System's reasoning Reasoning Verification Server's verification Client's verification System's verification Reasoning about Knowledge in Security (cont..) Analogies from the real world Lessons to learn A double encryption scenario Understanding the domain Careful mappings Verification Applications
Representation Analysis Verification Case Study Authentication verification Summary
Knowledge and reasoning Real world problem solving Applications in computer security Mappings Advantages Careful analysis Verification Case study ...
View Full Document
This note was uploaded on 07/04/2011 for the course CIS 3360 taught by Professor Guha during the Fall '06 term at University of Central Florida.
- Fall '06