Attack Trees in Isabelle -- CTL semantics, correctness and completeness
نویسنده
چکیده
In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness result proved in Isabelle establishes a connection between the notion of attack tree validity and a CTL attack statement. The application is illustrated on an insider attack on healthcare IoT systems.
منابع مشابه
Veri cation of Compiler Correctness for the WAM
Relying on a derivation of the Warren Abstract Machine WAM by stepwise re nement of Prolog models by B orger and Rosen zweig we present a formalization of an operational semantics for Prolog Then we develop four re nement steps towards the Warren Abstract Machine WAM The correctness and completeness proofs for each step have been elaborated with the theorem prover Isabelle using the logic HOL
متن کاملVerification of Compiler Correctness for the WAM
Relying on a derivation of the Warren Abstract Machine (WAM) by stepwise reenement of Prolog models by BB orger and Rosen-zweig we present a formalization of an operational semantics for Prolog. Then we develop four reenement steps towards the Warren Abstract Machine (WAM). The correctness and completeness proofs for each step have been elaborated with the theorem prover Isabelle using the logi...
متن کاملOn Completeness of Logic Programs
Program correctness (in imperative and functional programming) splits in logic programming into correctness and completeness. Completeness means that a program produces all the answers required by its specification. Little work has been devoted to reasoning about completeness. This paper presents a few sufficient conditions for completeness of definite programs. We also study preserving complet...
متن کاملVerification of parallel programs with the Owicki-Gries and Rely-Guarantee methods in Isabelle, HOL
This thesis presents the first formalization of the Owicki-Gries method and its compositional version, the rely-guarantee method, in a theorem prover. These methods are widely used for correctness proofs of parallel imperative programs with shared variables. We define syntax, semantics and proof rules in Isabelle/HOL, which is the instantiation of higher-order logic in the theorem prover Isabel...
متن کاملHoare Logic for Parallel Programs
In the following theories a formalization of the Owicki-Gries and the relyguarantee methods is presented. These methods are widely used for correctness proofs of parallel imperative programs with shared variables. We define syntax, semantics and proof rules in Isabelle/HOL. The proof rules also provide for programs parameterized in the number of parallel components. Their correctness w.r.t. the...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2018