The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

Size: px

Start display at page:

Download "The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security"

Julianna Doyle
6 years ago
Views:

1 The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique

2 Motivation Concurrent Constraint Prog. (CCP): Agents telling and asking information represented as constraints in a global store.

3 Motivation Concurrent Constraint Prog. (CCP): Agents telling and asking information represented as constraints in a global store. Temporal CCP (tcc): CCP + discrete time intervals for modeling reactive systems.

4 Motivation Concurrent Constraint Prog. (CCP): Agents telling and asking information represented as constraints in a global store. Temporal CCP (tcc): CCP + discrete time intervals for modeling reactive systems. Expressiveness: Processes can be represented as finite-state Büchi automata [Valencia 05]

5 Motivation Concurrent Constraint Prog. (CCP): Agents telling and asking information represented as constraints in a global store. Temporal CCP (tcc): CCP + discrete time intervals for modeling reactive systems. Expressiveness: Processes can be represented as finite-state Büchi automata [Valencia 05] Semantics: Processes can be compositionally represented as closure operators over sequences of constraints [Saraswat et al 91]

6 Motivation Concurrent Constraint Prog. (CCP): Agents telling and asking information represented as constraints in a global store. Temporal CCP (tcc): CCP + discrete time intervals for modeling reactive systems. Expressiveness: Processes can be represented as finite-state Büchi automata [Valencia 05] Semantics: Processes can be compositionally represented as closure operators over sequences of constraints [Saraswat et al 91] Universal CCP (utcc): tcc + an abstraction operator for modeling mobile reactive systems. [Olarte & Valencia 08]

7 Our Contributions Expressiveness and Semantic characterization of utcc:

8 Our Contributions Expressiveness and Semantic characterization of utcc: 1. Proving utcc Turing powerful (Encoding Minsky Machines)

9 Our Contributions Expressiveness and Semantic characterization of utcc: 1. Proving utcc Turing powerful (Encoding Minsky Machines) 2. Given a semantic characterization of utcc processes based on closure operators over temporal formulae.

10 Our Contributions Expressiveness and Semantic characterization of utcc: 1. Proving utcc Turing powerful (Encoding Minsky Machines) 2. Given a semantic characterization of utcc processes based on closure operators over temporal formulae. Applications of the above study:

11 Our Contributions Expressiveness and Semantic characterization of utcc: 1. Proving utcc Turing powerful (Encoding Minsky Machines) 2. Given a semantic characterization of utcc processes based on closure operators over temporal formulae. Applications of the above study: Using (1) to prove that the monadic fragment of first-order linear-time temporal logic (FLTL) is strongly incomplete.

12 Our Contributions Expressiveness and Semantic characterization of utcc: 1. Proving utcc Turing powerful (Encoding Minsky Machines) 2. Given a semantic characterization of utcc processes based on closure operators over temporal formulae. Applications of the above study: Using (1) to prove that the monadic fragment of first-order linear-time temporal logic (FLTL) is strongly incomplete. By (2) we bring new semantic insights in the modeling of security protocols: A closure op. semantics for a language for security

13 Agenda 1. Universal Timed CCP. Description and Operational Semantics 2. Expressiveness of utcc 2.1. Encoding Minsky Machines into utcc 2.2. Incompleteness of Monadic FLTL 3. Infinite Behavior and denotational semantics of utcc 3.1. Symbolic Semantics 3.2. Closure Operator Semantics for utcc 3.3. Application: Semantics to Security Languages 4. Concluding Remarks

14 The utcc Calculus The CCP Model: Store of partial information. Agents monotonically add (tell) constraints. They synchronize via blocking asks querying the store

15 The utcc Calculus The CCP Model: Store of partial information. Agents monotonically add (tell) constraints. They synchronize via blocking asks querying the store The TCC Model: Reactive Systems c1 d1 c2 d2 c3 d3 P P P

16 The utcc Calculus The CCP Model: Store of partial information. Agents monotonically add (tell) constraints. They synchronize via blocking asks querying the store The TCC Model: Reactive Systems c1 d1 c2 d2 c3 d3 P P P Universal tcc: utcc replaces the tcc ask operator when c do P (executing P if c can be entailed from the store) by a temporary parametric ask (abs x; c) P executing P [ t/ x] for each t s.t. c[ t/ x] can be deduced from the current store.

17 The utcc Calculus The CCP Model: Store of partial information. Agents monotonically add (tell) constraints. They synchronize via blocking asks querying the store The TCC Model: Reactive Systems c1 d1 c2 d2 c3 d3 P P P Universal tcc: utcc replaces the tcc ask operator when c do P (executing P if c can be entailed from the store) by a temporary parametric ask (abs x; c) P executing P [ t/ x] for each t s.t. c[ t/ x] can be deduced from the current store. Syntax: Processes P, Q,... in utcc are built from constraints in the underlying constraint system by the following syntax: P, Q := skip tell(c) (abs x; c) P P Q (local x; c) P next P unless c next P! P

18 Operational Semantics and FLTL Correspondence Internal Reductions R T tell(c),d skip,d c R P P, c P,d P Q, c P Q, d R A d c[ t/ x] t = x (abs x; c) P, d P [ t/ x] (abs x; c x t ) P, d Observable Transition R O P, c Q, d P (c,d) ==== F (Q)

19 Operational Semantics and FLTL Correspondence Internal Reductions R T tell(c),d skip,d c R P P, c P,d P Q, c P Q, d R A d c[ t/ x] t = x (abs x; c) P, d P [ t/ x] (abs x; c x t ) P, d Observable Transition R O P, c Q, d P (c,d) ==== F (Q) (true,c 1 ) (true,c 2 ) (true,c i ) Notation: Let P = P 1 ==== P 2 ====...P i ====... If c i c then we write P c

20 Operational Semantics and FLTL Correspondence Internal Reductions R T tell(c),d skip,d c R P P, c P,d P Q, c P Q, d R A d c[ t/ x] t = x (abs x; c) P, d P [ t/ x] (abs x; c x t ) P, d Observable Transition R O P, c Q, d P (c,d) ==== F (Q) (true,c 1 ) (true,c 2 ) (true,c i ) Notation: Let P = P 1 ==== P 2 ====...P i ====... If c i c then we write P c Declarative view of utcc Processes based on FLTL formulae Definition: Let [[ ]] be a map from utcc processes to FLTL formulae: [[skip]] = true [[tell(c)]] = c [[(abs y; c) P ]] = y(c [[P ]]) [[P Q]] = [[P ]] [[Q]] [[(local x; c) P ]] = x(c [[P ]]) [[next P ]] = [[P ]] [[unless c next P ]] = c [[P ]] [[! P ]] = [[P ]] Theorem: Logic Correspondence [[P ]] T c iff P c

21 Agenda 1. Universal Timed CCP. Description and Operational Semantics 2. Expressiveness of utcc 2.1. Encoding Minsky Machines into utcc 2.2. Incompleteness of Monadic FLTL 3. Infinite Behavior and denotational semantics of utcc 3.1. Symbolic Semantics 3.2. Closure Operator Semantics for utcc 3.3. Application: Semantics to Security Languages 4. Concluding Remarks

22 Turing Expressiveness of utcc A Minsky Machines is a imperative program consisting of a sequence of labeled instruction modifying the values of two non-negative counters. It { } computes the value ni if it halts with c 0 = n heorem m L i : halt L i : c n := c n + 1; goto L j L i : if c n =0 then goto L j else c n := c n 1; goto L k

23 Turing Expressiveness of utcc A Minsky Machines is a imperative program consisting of a sequence of labeled instruction modifying the values of two non-negative counters. It { } computes the value ni if it halts with c 0 = n heorem m L i : halt L i : c n := c n + 1; goto L j L i : if c n =0 then goto L j else c n := c n 1; goto L k Using the monadic fragment of FOL without function symbols nor equality as cs., it is possible to encode Minsky Machines into utcc s.t: Theorem. Correctness. A M. machine M(0, 0) computes the value n iff ([[M(0, 0)]] Dec n ) yes

24 Incompleteness of Monadic FLTL Proving decidability of monadic FOL requires to obtain prenex forms to reduce to decidability of propositional logic. In FLTL, it is not possible: Let F =(x = 42 x 42). If x is a flexible variable, xf is satisfiable whereas x F is not. I.e., moving quantifier to the outermost position does not preserve satisfiability.

25 Incompleteness of Monadic FLTL Proving decidability of monadic FOL requires to obtain prenex forms to reduce to decidability of propositional logic. In FLTL, it is not possible: Using the encoding of Minsky Machines into utcc processes and the correspondence between utcc and FLTL, it is possible to prove: Let F =(x = 42 x 42). If x is a flexible variable, xf is satisfiable whereas x F is not. I.e., moving quantifier to the outermost position does not preserve satisfiability.

26 Incompleteness of Monadic FLTL Proving decidability of monadic FOL requires to obtain prenex forms to reduce to decidability of propositional logic. In FLTL, it is not possible: Using the encoding of Minsky Machines into utcc processes and the correspondence between utcc and FLTL, it is possible to prove: Let F =(x = 42 x 42). If x is a flexible variable, xf is satisfiable whereas x F is not. I.e., moving quantifier to the outermost position does not preserve satisfiability. Proposition. Given a Minsky machine M(0, 0), it is possible to construct a monadic FLTL formula without equality and function symbols F M s.t F M is valid iff M(0, 0) loops (i.e., it never halts). Corollary: Incompleteness. Monadic FLTL without equality and function

27 Incompleteness of Monadic FLTL Proving decidability of monadic FOL requires to obtain prenex forms to reduce to decidability of propositional logic. In FLTL, it is not possible: Using the encoding of Minsky Machines into utcc processes and the correspondence between utcc and FLTL, it is possible to prove: Let F =(x = 42 x 42). If x is a flexible variable, xf is satisfiable whereas x F is not. I.e., moving quantifier to the outermost position does not preserve satisfiability. Proposition. Given a Minsky machine M(0, 0), it is possible to construct a monadic FLTL formula without equality and function symbols F M s.t F M is valid iff M(0, 0) loops (i.e., it never halts). Corollary: Incompleteness. Monadic FLTL without equality and function Corollary: Incompleteness. Monadic FLTL without equality and function symbols is strongly incomplete.

28 Agenda 1. Universal Timed CCP. Description and Operational Semantics 2. Expressiveness of utcc 2.1. Encoding Minsky Machines into utcc 2.2. Incompleteness of Monadic FLTL 3. Infinite Behavior and denotational semantics of utcc 3.1. Symbolic Semantics 3.2. Closure Operator Semantics for utcc 3.3. Application: Semantics to Security Languages 4. Concluding Remarks

29 Infinite Behavior and Symbolic Semantics Due to the underlying c.s. and/or loops in abstractions, some utcc procs. are not well-terminated: they can exhibit infinitely many internal reductions.

30 Infinite Behavior and Symbolic Semantics Due to the underlying c.s. and/or loops in abstractions, some utcc procs. are not well-terminated: they can exhibit infinitely many internal reductions. Example. Let P = tell(y=42) (abs x; x y) next tell(out(x)). Here the SOS never produces an observable transition (infinitely many valid subs. for x y)

31 Infinite Behavior and Symbolic Semantics Due to the underlying c.s. and/or loops in abstractions, some utcc procs. are not well-terminated: they can exhibit infinitely many internal reductions. Example. Let P = tell(y=42) (abs x; x y) next tell(out(x)). Here the SOS never produces an observable transition (infinitely many valid subs. for x y) The Symbolic Semantics [Olarte & Valencia 08] of utcc aims at representing finitely the infinite behavior of the SOS using temporal formulae:

32 Infinite Behavior and Symbolic Semantics Due to the underlying c.s. and/or loops in abstractions, some utcc procs. are not well-terminated: they can exhibit infinitely many internal reductions. Example. Let P = tell(y=42) (abs x; x y) next tell(out(x)). Here the SOS never produces an observable transition (infinitely many valid subs. for x y) The Symbolic Semantics [Olarte & Valencia 08] of utcc aims at representing finitely the infinite behavior of the SOS using temporal formulae: Example. Let P as above. The Symbolic semantics outputs the following: (y = 42) x ( (x y) out(x))

33 Infinite Behavior and Symbolic Semantics Due to the underlying c.s. and/or loops in abstractions, some utcc procs. are not well-terminated: they can exhibit infinitely many internal reductions. Example. Let P = tell(y=42) (abs x; x y) next tell(out(x)). Here the SOS never produces an observable transition (infinitely many valid subs. for x y) The Symbolic Semantics [Olarte & Valencia 08] of utcc aims at representing finitely the infinite behavior of the SOS using temporal formulae: Example. Let P as above. The Symbolic semantics outputs the following: (y = 42) x ( (x y) out(x)) (e 1,e Definition. Symbolic IO behavior. If P = P 1 ) (e 2,e 1 ==== s P 2 ) 2 ==== s..., we write P (w,w ) ==== s where w = e 1.e 2... and w = e 1.e 2... io s (P )={(w, w ) P (w,w ) ==== s } Proposition 1 (Closure Properties) The io-behavior of a proc. is a (par-

34 Strongest Postcondition { } Proposition. Closure Properties. The io-behavior of a proc. P is a (partial) closure operator. It satisfies: Extensiveness and Idempotence. If P is monotonic, then io s (P ) also satisfies Monotonicity. A closure operators is that they are uniquely determined by its set of fixed

35 Strongest Postcondition { } Proposition. Closure Properties. The io-behavior of a proc. P is a (partial) closure operator. It satisfies: Extensiveness and Idempotence. If P is monotonic, then io s (P ) also satisfies Monotonicity. A closure operators is that they are uniquely determined by its set of fixed Closure Operators are uniquely determined by their set of fixed points: monotonic, then io s (P ) also satisfies Monotonicity. Definition. Strongest Postcondition. sp s (P )={w (w, w) io s (P )}

36 Strongest Postcondition { } Proposition. Closure Properties. The io-behavior of a proc. P is a (partial) closure operator. It satisfies: Extensiveness and Idempotence. If P is monotonic, then io s (P ) also satisfies Monotonicity. A closure operators is that they are uniquely determined by its set of fixed Closure Operators are uniquely determined by their set of fixed points: monotonic, then io s (P ) also satisfies Monotonicity. Definition. Strongest Postcondition. sp s (P )={w (w, w) io s (P )} The IO-behavior of a monotonic process can be retrieved from its strongest postcondition: { } Corollary Given a monotonic utcc process P, (w, w ) io s (P ) iff w = min(sp s (P ) {s s w})

37 Denotational Model The strongest postcondition can be compositionally characterized: D T [[tell(c)]] = {e.w e T c} D P [[P Q]] = [[P ]] [[Q]] D L [[(local x; c) P ]] = {w there exists an x-variant w of w s.t w (1) T c and w [[P ]]} D A [[(abs x; c) P ]] = {w for every x-variant w of w if w (1) T c and w ( x = t) ω. for some t s.t. x = t and x = t then w [[P ]]}

38 Denotational Model The strongest postcondition can be compositionally characterized: D T [[tell(c)]] = {e.w e T c} D P [[P Q]] = [[P ]] [[Q]] D L [[(local x; c) P ]] = {w there exists an x-variant w of w s.t w (1) T c and w [[P ]]} D A [[(abs x; c) P ]] = {w for every x-variant w of w if w (1) T c and w ( x = t) ω. for some t s.t. x = t and x = t then w [[P ]]} Theorem. Full abstraction. Let P and Q be a monotonic processes. Then P io s Q iff [[P ]] = [[Q]]. Thus the denotational semantics allows us to retrieve compositionally the IO-behavior of a monotonic process!.

39 Application: Semantics to Security We map a simple language for security into monotonic utcc procs. Syntax of SCCP Values v, v ::= n x Keys k ::= pub(v) priv(v) Messages M, N ::= v k X (M, N) {M} k Patterns Π, Π ::= v k X (Π, Π ) Processes R ::= nil skip new(x)r (local x) I(R) out(m).r! tell(out(m)) next I(R) in [M >Π].R (abs x; c) next I (R)!R! I (R) R R i I I (R i ) Definition 1 Let I be a function from SCCP to monotonic processes

40 Application: Semantics to Security We map a simple language for security into monotonic utcc procs. Syntax of SCCP Values v, v ::= n x Keys k ::= pub(v) priv(v) Messages M, N ::= v k X (M, N) {M} k Patterns Π, Π ::= v k X (Π, Π ) Processes R ::= nil skip new(x)r (local x) I(R) out(m).r! tell(out(m)) next I(R) in [M >Π].R (abs x; c) next I (R)!R! I (R) R R i I I (R i ) Definition 1 Let I be a function from SCCP to monotonic processes Proposition. Let R be a SCCP process modeling a security protocol. f = [[R]] SCCP [[! when out(attack) do! tell(false)]] Therefore, I (R) attack iff the least-fixed point of f takes the form w. false ω

41 Agenda 1. Universal Timed CCP. Description and Operational Semantics 2. Expressiveness of utcc 2.1. Encoding Minsky Machines into utcc 2.2. Incompleteness of Monadic FLTL 3. Infinite Behavior and denotational semantics of utcc 3.1. Symbolic Semantics 3.2. Closure Operator Semantics for utcc 3.3. Application: Semantics to Security Languages 4. Concluding Remarks

42 Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that:

43 Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that: Well-terminated processes and a monadic constraint system are enough to encode Turing powerful formalisms.

44 Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that: Well-terminated processes and a monadic constraint system are enough to encode Turing powerful formalisms. utcc processes can be represented as (partial) closure operators over sequences of temporal formulae.

45 Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that: Well-terminated processes and a monadic constraint system are enough to encode Turing powerful formalisms. utcc processes can be represented as (partial) closure operators over sequences of temporal formulae. We applied the previous results to other fields in comp. science:

46 Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that: Well-terminated processes and a monadic constraint system are enough to encode Turing powerful formalisms. utcc processes can be represented as (partial) closure operators over sequences of temporal formulae. We applied the previous results to other fields in comp. science: We proved strongly incomplete the monadic fragment of FLTL without equality and function symbols

47 Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that: Well-terminated processes and a monadic constraint system are enough to encode Turing powerful formalisms. utcc processes can be represented as (partial) closure operators over sequences of temporal formulae. We applied the previous results to other fields in comp. science: We proved strongly incomplete the monadic fragment of FLTL without equality and function symbols We described a new reasoning technique for the verification of security protocols based on a closure op. semantics for a language for security.

48 Thank You!

49 FLTL Syntax and Semantics Definition 7 Given a constraint system with a first-order language L, the LTL formulae we use are given by the syntax: F, G,... := c F G F xf F F F. L Definition 8 We say that σ satisfies F in an L-structure M(L), written σ = M(L) F, iff σ, 0 = M(L) F where: σ,i = M(L) true σ,i = M(L) false σ,i = M(L) c iff σ(i) = M(L) c σ,i = M(L) F iff σ,i = M(L) F σ,i = M(L) F G iff σ,i = M(L) F and σ,i = M(L) G σ,i = M(L) F iff i>0 and σ,i 1 = M(L) F σ,i = M(L) F iff σ,i+1 = M(L) F σ,i = M(L) F iff for all j i, σ,j = M(L) F σ,i = M(L) xf iff for some x-variant σ of σ, σ,i = M(L) F We say that F is valid in M(L) iff for all σ, σ = M(L) F. F is said to be valid if F is valid for every model M(L).

50 Operational Semantics R T tell(c),d skip,d c R P R L R U P, c P,d P Q, c P Q, d P, c ( xd) P,c ( xd) (local x; c) P, d (local x; c ) P,d xc d c unless c next P, d skip, d R R! P, d P next! P, d R A d c[ t/ x] t = x (abs x; c) P, d P [ t/ x] (abs x; c x t ) P, d R S γ 1 γ 2 γ 1 γ 2 if γ 1 γ 1 and γ 2 γ 2 P, c Q, d R O P ==== (c,d) F (Q) F (P )= Table 1.1: Internal and observable reductions. In R A, x t denotes 1 i x x i t i. If x = 0, x t is defined as false. skip if P = skip skip if P =(abs x; c) Q F (P 1 ) F (P 2 ) if P = P 1 P 2 (local x) F (Q) if P =(local x; c) Q Q if P = next Q Q if P = unless c next Q 1 Processes in are built from constrain

51 Symbolic Semantics R As P, xe s Q, e xe (abs x; e ) P, e s (abs x; e ) Q, e x(e e ) R Os P, e s Q, e s P (e,e ) ==== s F s (Q, e ) Table 3.1: Symbolic Rules for Internal and Observable Transitions. skip if P = skip (abs x; e) F (Q) if P =(abs x; e) Q F F (P )= (P 1 ) F (P 2 ) if P = P 1 P 2 (local x; e) F (Q) if P =(local x; e) Q Q if P = next Q Q if P = unless c next Q Theorem 4 (Semantic Correspondence [23]) Let P be an abstracted-unless free process. Suppose that P (c 1,d 1 ) (c 2,d 2 ) (c i,d i ) ==== P 1 ====... ==== P i and P (c 1,e 1 ) ==== s (c 2,e 2 ) (c i,e i ) P 1 ==== s... ==== P i. Then for every c C and j {1,..., i}, d j c iff e j T c.

52 Denotational Semantics D S [[skip]] = PM D T [[tell(c)]] = {e.w PM e T c} D P [[P Q]] = [[P ]] [[Q]] D N [[next P ]] = {e.w PM w [[P ]]} D U [[unless c next P ]] = {e.w PM e T c and w [[P ]]} {e.w PM e T c} D R [[! P ]] = {w PM for all v, v s.t. w = v.v, v [[P ]]} D L [[(local x; c) P ]] = {w PM there exists an x-variant w of w s.t w (1) T c and w [[P ]]} D A [[(abs x; c) P ]] = {w PM for every x-variant w of w if w (1) T c and w ( x = t) ω. for some t s.t. x = t and x = t then w [[P ]]} Figure 3.1: Denotational Semantics for utcc. The function [[ ]] is of type Proc P(PM ). In D A, x = t denotes the constraint 1 i x x. i = t i and t = x stands for point-wise syntactic difference, i.e. 1 i x t. i = x i (see Sect. 1.1). If x =0. then x = t and x = t are defined as true.

53 Encoding of Minsky Machines { } 1! when isz n do 2 unless inc n next tell(isz n ) 3 when inc n do next (local a)(tell(out 1 n(a)) 3! when out 2 n(a) do tell(isz n )) 4!(abs z; out 1 n(z)) 5 whenever dec n inc n do 6 when dec n do next tell(out 2 n(z)) 7 when inc n do next (local b)(tell(out 1 n(b)) 7! when out 2 n(b) do tell(out 1 n(z)))

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte, Frank D. Valencia To cite this version: Carlos Olarte, Frank D. Valencia. The Expressivity