AutoPaSS: Automatic Verification of Complex Privacy Requirements in Unbounded-Size Secure Systems

AutoPaSS：无限大小安全系统中复杂隐私要求的自动验证

• 批准号: EP/S024565/1
• 负责人: Ioana Boureanu
• 金额: $ 38.73万
• 依托单位: University of Surrey
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2019
• 资助国家: 英国
• 起止时间: 2019 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FS024565%2F1
• 关键词: AutoPaSS; Automatic; Verification; Complex; Privacy

Today's secure-systems --with hyper-connected devices-- span arbitrarily-many concurrent executions. So, we need reliable verification techniques that can capture their unbounded sizes. Such powerful methods have been perfected to verify security properties. But these well-established methods (e.g., based on process-algebra) fall short of robustly checking rich privacy properties, such as anonymity and un-linkability of users to actions, in arbitrarily-large systems. As privacy concerns escalate around us, this problem becomes more acute and it is felt by industry. For instance, in the automotive domain, private authentication of connected cars and well-founded tools to check its robustness is paramount. Our industrial advisor, Vector GB Ltd, in their support letter, states: "A formal methods-based approach addressing these [...] has the possibility to be a "game changer" for our customers." To deliver its step-change in privacy-analysis, AutoPaSS "thinks outside the box". AutoPaSS will create new techniques for verifying secure-systems, by levering logics which are traditional in AI and in the analysis autonomous systems. Moreover, these AI-inspired logics have recently shown promise in security/privacy verification as well. So, our new methodologies will hinge upon these logics' expressivity and allow us to check rich privacy requirements such as anonymity and non-traceability during the automatic verification of unbounded-size secure systems. In brief, AutoPaSS will investigate and develop new, robust foundational methodologies and software-tools for the automatic, formal analysis of security and, especially, privacy in modern computer and communication systems of arbitrary size. And, AutoPaSS will be a game-changer in these, in that it will: (I) be able to automatically check richer, "real-life" expressions of privacy properties; (II) do this in unbounded-size systems; (III) formalise and use enhanced threat models, that go beyond the normally-used, system-level attacks and account faithfully for network/communications' specifics,all these in ways less restrictive than currently possible.AutoPaSS will build on well-established system-verification methodologies and, as foundations, it will use applied, non-classical logics. Let us address some more questions relevant to AutoPaSS.-- The UK's strategies underline significant support for the 5G development. But, do the different 5G communication-primitives or the changing 5G-network topologies impact the security and privacy of 5G systems, or their analysis? Current approaches to security-verification generally abstract away the networking aspects, using models that only consider application-layer attackers who hijack abstract connections. In contrast, by leveraging techniques from logic-based analysis (i.e, parameterised model checking), AutoPaSS will develop models of adversaries which faithfully account not just for application threats, but also for varied communication settings, including the new, emerging ones in 5G.This would deliver transformational methodologies for the tool-assisted analysis of security and privacy requirements in modern communication systems, notably in 5G, IoT and V2X (vehicle-to-vehicle + vehicle-to-infrastructure communication) systems, in which AutoPaSS has its industry-backed use-cases.-- Finally, how can AutoPaSS implement the necessary security changes as soon as possible?We formed strategic, multi-disciplinary partnerships. AutoPaSS unites GCHQ-recognised Surrey Centre for Cyber Security and Surrey's 5G Innovation Centre, and it is actively advised by senior academics in the UK and abroad, as well as two engineering giants, Thales and Vector GB. Our partners also provide and support our real-life use-cases in 5G, IoT and V2X. AutoPass will make recommendations to our advisors' affiliates and relevant standardisation bodies: 3GPP for 5G, LoraAlliance for IoT, and ISO groups for V

当今的安全系统 - 与超连接的设备 - 跨越任意的并发执行。因此，我们需要可靠的验证技术，这些技术可以捕获其无限型尺寸。已经完善了这种强大的方法来验证安全属性。但是，这些良好建立的方法（例如，基于流程代数）缺乏可靠地检查丰富的隐私属性，例如在任意大型系统中用户对操作的匿名性和不可链接性。由于隐私涉及我们周围的升级，因此这个问题变得更加严重，行业会感到。例如，在汽车域中，连接的汽车的私人身份验证和检查其鲁棒性的良好工具至关重要。我们的工业顾问Vector GB Ltd在其支持信中指出：“针对这些[...]的正式方法可以成为我们客户的“游戏规则改变者”。为了在隐私分析中进行逐步变化，“箱子外思考”。 Autopass将通过杠杆术语和分析自主系统中的传统逻辑来创建用于验证安全系统的新技术。此外，这些AI启发的逻辑最近也显示了在安全/隐私验证方面的承诺。因此，我们的新方法将取决于这些逻辑的表现力，并允许我们在自动验证无界尺寸的安全系统时检查丰富的隐私要求，例如匿名性和非追溯性。简而言之，Autopass将调查并开发新的，强大的基础方法和软件工具，以自动，正式的安全性分析，尤其是在现代计算机和任意大小的现代计算机和通信系统中的隐私。而且，Autopass将成为这些改变游戏的人，因为它将：（i）能够自动检查隐私属性的“现实生活”表达式； （ii）在无界尺寸的系统中执行此操作； （iii）正式化和使用增强的威胁模型，这些模型超出了正常使用的系统级攻击，并忠实地对网络/通信的细节进行了忠诚的账目，所有这些都比当前可能的限制性少。Autopass将建立在建立良好的系统验证方法上，并且作为基础，它将使用应用，不经典的逻辑。让我们解决一些与autopass相关的更多问题。-英国的策略强调了对5G开发的重要支持。但是，不同的5G通信基准或更改的5G网络拓扑是否会影响5G系统的安全性和隐私性？当前的安全性验证方法通常使用仅考虑劫持抽象连接的应用程序层攻击者的模型来抽象网络方面。 In contrast, by leveraging techniques from logic-based analysis (i.e, parameterised model checking), AutoPaSS will develop models of adversaries which faithfully account not just for application threats, but also for varied communication settings, including the new, emerging ones in 5G.This would deliver transformational methodologies for the tool-assisted analysis of security and privacy requirements in modern communication systems, notably in 5G, IoT and V2X (vehicle-to-vehicle +车辆到基础结构通信）系统，其中autopass具有其行业支持的用例。-最后，Autopass如何尽快实施必要的安全性更改？我们建立了战略性的，多学科的合作伙伴关系。 Autopass Une Une United GCHQ认可的Surrey网络安全中心和Surrey的5G创新中心，并由英国和国外的高级学者以及两个工程巨头，Thales和Vector GB积极建议。我们的合作伙伴还提供并支持5G，IoT和V2X的现实生活中用例。 Autopass将向我们的顾问分支机构和相关标准化机构提出建议：5G的3GPP，IoT的Loraalliance和V的ISO组

项目成果

Model Checking ATL* on vCGS

vCGS 上的模型检查 ATL*

• 发表时间: 2019
• 作者: Bellardineli F

Automatically Verifying Expressive Epistemic Properties of Programs

• DOI: 10.1609/aaai.v37i5.25769
• 发表时间: 2023-06
• 期刊: ArXiv
• 作者: F. Belardinelli;Ioana Boureanu;Vadim Malvone;Fortunat Rajaona

One-Time Authentication Code (OTAC) A Technical Report

一次性验证码 (OTAC) 技术报告

• 发表时间: 2021
• 作者: Boureanu I.

ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE

ESORICS 2020 国际研讨会、DETIPS、DeSECSys、MPS 和 SPOSE

• 发表时间: 2020
• 作者: Boureanu I.

Formally Verifying the Security and Privacy of an Adopted Standard for Software-Update in Cars: Verifying Uptane 2.0

正式验证汽车软件更新采用标准的安全性和隐私性：验证 Uptane 2.0

• DOI: 10.1109/smc53992.2023.10394216
• 发表时间: 2023
• 作者: Boureanu I