(***************************************************************************** * ESPL --- an embedded security protocol logic * http://people.inf.ethz.ch/meiersi/espl/ * * Copyright (c) 2009-2011, Simon Meier, ETH Zurich, Switzerland * * Extension to compromising adversaries: * * Copyright (c) 2010-2011, Martin Schaub, ETH Zurich, Switzerland * * All rights reserved. See file LICENCE for more information. ******************************************************************************) theory Capabilities imports ExplicitModel InferenceRules begin chapter{* Compromising Adversary Capability *} section{* Partnering *} type_synonym partnering = "state \ (tid \ tid) set" definition unionPart :: "partnering \ partnering \ partnering" (infix "UNP" 65) where "unionPart P1 P2 q = P1 q \ P2 q" notation (xsymbols) unionPart (infix "\\<^isub>P" 65) lemma union_unionPart_conv: "(a \ ((P1 \\<^isub>P P2) q)) = (a \ (P1 q \ P2 q))" by (fastforce simp add: unionPart_def) definition mk_partnering :: "role \ role \ (pattern \ pattern \ rolestep) set \ partnering" where "mk_partnering R1 R2 conds q = (case q of (t,r,s) \ {(i,j) | i j. roleMap r i = Some R1 \ roleMap r j = Some R2 \ (\ (p1,p2,st) \ conds. (j,st) \ steps t \ (inst s i p1) = (inst s j p2)) })" lemma mk_partnering_conv: "((i,j) \ mk_partnering R1 R2 conds (t,r,s)) = (roleMap r i = Some R1 \ roleMap r j = Some R2 \ (\ (p1,p2,st) \ conds. (j,st) \ steps t \ (inst s i p1) = (inst s j p2)))" by (fastforce simp add: mk_partnering_def) lemma setEqImpTupleIn: "(X = Y) \ ((i,j) \ X) = ((i,j) \ Y)" by fastforce lemma uniquePartner: assumes facts: "(i,j) \ mk_partnering R1 R2 conds (t,r,s)" "(pt1,pt2,st) \ conds" "(j,st) \ steps t" "pt2 = PFresh n" shows "\ j'. (i,j') \ mk_partnering R1 R2 conds (t,r,s) \ (j',st) \ steps t \ j' = j" proof - have "inst s i pt1 = inst s j pt2" using facts by (fastforce simp add: mk_partnering_conv) moreover hence "\ j'. j' \ j \ inst s j pt2 \ inst s j' pt2" using facts by fastforce ultimately have "\ j'. j' \ j \ inst s i pt1 \ inst s j' pt2" by fastforce hence "\ j'. (j' \ j \ (j',st) \ steps t) \ (i,j') \ mk_partnering R1 R2 conds (t,r,s)" using facts by (fastforce simp add: mk_partnering_conv) thus ?thesis by auto qed lemma mk_partneringRole: assumes facts: "(i,j) \ mk_partnering R1 R2 conds (t,r,s)" shows "roleMap r i = Some R1 \ roleMap r j = Some R2" using facts by (fastforce simp add: mk_partnering_conv) section{* Capabilities *} type_synonym capability = "state \ reveal set" subsection{* Helper Functions *} definition interCap :: "capability \ capability \ capability" (infix "INC" 65) where "interCap C1 C2 = (\ q. C1 q \ C2 q)" notation (xsymbols) interCap (infix "\\<^isub>C" 65) definition unionCap :: "capability \ capability \ capability" (infix "UNC" 65) where "unionCap C1 C2 = (\ q. C1 q \ C2 q)" notation (xsymbols) unionCap (infix "\\<^isub>C" 65) lemma union_unionCap_conv: "(a \ ((C1 \\<^isub>C C2) q)) = (a \ (C1 q \ C2 q))" by (fastforce simp add: unionCap_def) lemma inter_interCap_conv: "(a \ ((C1 \\<^isub>C C2) q)) = (a \ (C1 q \ C2 q))" by (fastforce simp add: interCap_def) subsection{* Adversary-Compromise Model *} definition acm :: "capability set \ state set" where "acm caps = { (t,r,s) | t r s. \ reveal \ reveals t. \ cap \ caps. reveal \ cap (t,r,s) }" lemma acm_to_caps: "\ (t,r,s) \ acm caps ; reveal \ reveals t \ \ \ cap \ caps. reveal \ cap (t,r,s)" by(fastforce simp add: acm_def) lemma acm_monotone: "\ (t,r,s) \ acm caps \ \ (t,r,s) \ acm (caps \ caps')" by(fastforce simp add: acm_def) subsection{* Implementation of Capabilities and Dot-Mapping *} subsubsection{* Long Term Key Reveals *} fun LKRprotected :: "tid \ varid set \ capability" where "LKRprotected i pAVars (t,r,s) = {RLKR a | a. \ pAVar \ pAVars. s (pAVar, i) \ a}" fun LKRafterStep :: "tid \ rolestep \ capability" where "LKRafterStep i step (t,r,s) = {RLKR a | a. predOrd t (St (i,step)) (LKR a)}" fun LKRbeforeStep :: "tid \ rolestep \ capability" where "LKRbeforeStep i step (t,r,s) = {RLKR a | a. predOrd t (LKR a) (St (i, step))}" fun LKRactor :: "tid \ varid \ capability" where "LKRactor i actor (t,r,s) = {RLKR (s (actor, i))} \ {a. \ R. roleMap r i = Some R \ a \ LKRprotected i ((aVars R) - {actor}) (t,r,s)}" fun LKRpeers :: "tid \ varid \ capability" where "LKRpeers i actor (t,r,s) = {a. \ R. roleMap r i = Some R \ a \ LKRprotected i (aVars R - {actor}) (t,r,s)}" fun LKRothers :: "tid \ capability" where "LKRothers i (t,r,s) = {a. \ R. roleMap r i = Some R \ a \ LKRprotected i (aVars R) (t,r,s)}" fun LKRafter :: "tid \ capability" where "LKRafter i (t,r,s) = {a. \ R st. roleMap r i = Some R \ lastComStep R = Some st \ a \ LKRafterStep i st (t,r,s)}" fun LKRbefore :: "tid \ capability" where "LKRbefore i (t,r,s) = {a. \ R st. roleMap r i = Some R \ firstComStep R = Some st \ a \ LKRbeforeStep i st (t,r,s)}" fun LKRduring :: "tid \ capability" where "LKRduring i q = {a. a \ LKRafter i q \ a \ LKRbefore i q}" text{* The partnering definition used in this capability must ensure, that if two threads are partners, they their transcript match, i.e. they have matching histories. That means all variables must be included! *} fun LKRafterCorrect :: "tid \ partnering \ capability" where "LKRafterCorrect i ps (t,r,s) = {a. \ R st. roleMap r i = Some R \ lastComStep R = Some st \ a \ LKRafterStep i st (t,r,s) \ (\ (i,j) \ ps (t,r,s). (\ R' st'. roleMap r j = Some R' \ lastComStep R' = Some st' \ a \ LKRafterStep j st' (t,r,s) ))}" lemma imposs_lkr_caps[iff]: "RCompr a b \ LKRprotected i vars (t,r,s)" "RCompr a b \ LKRothers i (t,r,s)" "RCompr a b \ LKRactor i c (t,r,s)" "RCompr a b \ LKRafter i (t,r,s)" "RCompr a b \ LKRafterCorrect i ps(t,r,s)" by(fastforce)+ subsubsection{* Compromises *} definition RNR :: "capability" where "RNR _ = {RCompr RandGen j| j. True}" definition SKs :: "capability" where "SKs _ = {RCompr SessKey j| j. True}" definition otherData :: "capability" where "otherData _ = {RCompr State j| j. True}" definition comprOthers :: "tid \ partnering \ capability" where "comprOthers i ps q = {RCompr State j| j. (i,j) \ ps q} \ {RCompr SessKey j| j. (i,j) \ ps q} \ {RCompr RandGen j| j. (i,j) \ ps q}" definition comprPartners :: "tid \ partnering \ capability" where "comprPartners i ps q = UNIV - comprOthers i ps q" definition SkR :: "tid \ partnering \ capability" where "SkR i ps q = {RCompr SessKey j | j. (i,j) \ ps q \ j \ i}" definition StR :: "tid \ partnering \ capability" where "StR i ps q = {RCompr State j | j. (i,j) \ ps q \ j \ i}" lemma imposs_compr_caps[iff]: "RLKR a \ StR i ps q" "RLKR a \ SkR i ps q" "RLKR a \ RNR q" "RCompr SessKey j \ StR i ps q" "RCompr RandGen j \ StR i ps q" "RCompr State j \ SkR i ps q" "RCompr RandGen j \ SkR i ps q" "RCompr State j \ RNR q" "RCompr SessKey j \ RNR q" by(fastforce simp add: StR_def SkR_def RNR_def)+ lemma SkR_conv[simp]: "c \ SkR i ps (t,r,s) = (\ j. (c = RCompr SessKey j) \ (i,j) \ ps (t,r,s) \ j \ i )" by(fastforce simp add: SkR_def) lemma RNR_conv[simp]: "c \ RNR (t,r,s) = (\ j. (c = RCompr RandGen j))" by(fastforce simp add: RNR_def) lemma StR_conv[simp]: "c \ StR i ps (t,r,s) = (\ j. (c = RCompr State j) \ (i,j) \ ps (t,r,s) \ j \ i )" by(fastforce simp add: StR_def) lemma (in reachable_state) LKRafterTrans: "\ roleMap r i = Some R; lastComStep R = Some st; RLKR a \ LKRafter i (t,r,s); LKR a \ St (i,st) \ \ False" by(fastforce) end