Section: New Results

Specification and verification of security protocols

Participants : Mario Sergio Ferreira Alvim Junior, Catuscia Palamidessi.

A doxastic logic for security

In [19] we have introduced a novel modal logic, namely the doxastic -calculus with error control (D CEC). The distinguishing feature of our logic is to provide a combination of dynamic operators for belief (whence the attribute “doxastic”) with a control on the possible error of apprehension of the perceived reality, and for internalized probability. Both operators are dynamic (non-monotonic) thanks to the possibility of combining them with temporal operators, and are parameterized with a lower and upper probability bound (the error control).

As an application, we have shown how to formalize probabilistic anonymity and oblivious transfer in the logic, and how to validate these formalizations on implementations specified in probabilistic CCS.

A General definition of malware

In [18] we have proposed a general, formal definition of malware in the language of modal logic . Our definition is general thanks to its abstract formulation, which, being abstract, is independent of — but nonetheless generally applicable to — the manifold concrete manifestations of malware. From our formulation of malware, we have derived equally general and formal definitions of benware (not malware), anti-malware (“antibodies” against malware), and medware (“medicine” for affected software). We have provided theoretical tools and practical techniques for the detection , comparison , and classification of malware and its derivatives.