Internet Security
CSCE 813
Communicating Sequential
Processes
Reading

Today:
– Modelling and analysis of security protocols:
Chapter 1

Next Class:
– Modelling and analysis of security protocols:
Chapter 1 and 2
CSCE 813 - Farkas
2
CSP Objectives

Model dynamics
 Model and analyze concurrency
– E.g., calculation intensive systems, distributed
applications

Support parallelism
CSCE 813 - Farkas
3
CSP

Notation for describing systems of parallel
agents that communicate by passing
messages between them
 Formal study of systems
– Concurrency
– Security

Mathematical notation for describing
interaction
– Different components influence each other
CSCE 813 - Farkas
4
CSP Components

Processes
 Operators
 Communication: visible events: 
Invisible (internal) event: 
 CSP: allows to describe the states in which
processes might be  allows to work out what
actions are immediately possible for the process
and what the result states of the actions are

CSCE 813 - Farkas
5
Message Passing

Synchronous: both processes MUST be
ready to communicate
 Non-buffered sends and receives
 Explicit naming of source and destination
processes
CSCE 813 - Farkas
6
Messages
Send (B, message)
Process A
Receive (A, message)
Process B
Input command: <source-process> ?<target value>
e.g., keyboard?m
Output command: <destination process>!<target value>
e.g., screen?average
CSCE 813 - Farkas
7
Communication

Process P executes and input command
specifying process Q as its source AND
 Process Q executes an output command
specifying process P as its destination AND
 The target variable in the input statement
matches the value in the output statement
CSCE 813 - Farkas
8
Program Equivalence

Two programs P1 and P2 are equivalent if
they produce patterns of visible actions that
cannot be distinguished by an observer.

Only the communications of a program
matters!
CSCE 813 - Farkas
9
Communication

Prefix: given a process P and a
communication a in , a → P is a program
that
– Performs a then
– Behaves as P

Given in, out in  what is
– in → out → P

Process Stop: no visible or non-visible
action
– Given a in  what is a → Stop
CSCE 813 - Farkas
10
Build Processes

Consider: Given a,b,c in 
– Proc = a → b → c → Stop
– Proc: finite succession of choices before
stopping
– Proc’s environment might choose not to
accepted any of a,b,c, so it might get stuck
before Stop
CSCE 813 - Farkas
11
Build Processes


Recursion: processes “go on forever”
Looping back to a state they have been before
1.
2.
3.
4.
5.
1.
Alt = to → fro → Alt
Dalt = to → fro → to → fro → Dalt
Malt1 = to → Malt2
Malt2 = fro → Malt1
Nalt = to → fro → Dalt
1, 2, 5, and (3,4) are equivalent programs
CSCE 813 - Farkas
12
Prefix

Offering a single action
 Offering of choice: any set of visible actions
– If A   , ?x : A → P(x) represent all the actions in A
– x is the parameter of P -- parameters can be used in
events or manipulated
– When a  A is chosen, it behaves like P(a)

Example: always prepared to offer any event from
A
– RUNA = ?x : A → RUNA
CSCE 813 - Farkas
13
Compound events

Coding Machine example
– CM1(s) = ?x : L  {off} → CM1’ (s,x)
– CM1’(s,off) = Stop
– CM1’(s,x) = crypt(s,x) → CM1(newstate(s,x)) (x  L)

Action: channel name followed by zero or more data
components
 Coding Machine example without off
– CM2(s) = in?x → out!crypt(s,x) → CM2(newstate(s,x))
CSCE 813 - Farkas
14
Choice Operators
Deterministic finite state machine over finite 
– e.g., Pi = ? X : Ai → Pi’(x)
 Choice operator: 
– Gives the option between the actions of two
processes then
– Behaves like the one chosen

CSCE 813 - Farkas
15
Choice Operator

Example Choice
– if A = B  C then
?x : A → P(x) = (?x : B → P(x)) 
(?x : C → P(x) )

Stop and equivalence
– if A = A  Ø then
?x : A → P(x) = (?x : A → P(x)) 
Stop
that is P  P Stop
– If B= Ø then ?x : B → P(x)  Stop
CSCE 813 - Farkas
16
Choice Operator

Revisit: if A = B  C then
?x : A → P(x) = (?x : B → P(x)) 
(?x : C → P(x) )


If B and C are disjoint: together they give all the
choices in A
What happens if B and C overlap?
– Given processes P and Q, what does P 
Q mean?
– Choosing an action x  B  C what is the result of
(?x : B → P(x)) 
(?x : C → Q(x) )
– CSP allows the implementor to make a choice between the
two sides
– After action x, the process may behave as P(x) or Q(x), the
environment has no control over it.
CSCE 813 - Farkas
17
Non-determinism

Program acts nondeterministically if it is
unpredictable
 The program is allowed to make internal
decision that affect how it behaves as
viewed from the outside
 Implementation is allowed to choose
 E.g.,
(a → a → Stop) (a → b → Stop)
CSCE 813 - Farkas
18
Non-Deterministic
Choice

P Q
– behaves like P or like Q
– User has no control over which
– Can be implemented using two internal actions
– Implementer is not required to implement this way (can
choose either P or Q or (P or Q))

Useful for model degree of unpredictability, like
communication medium that transmits data
correctly or loose it.
CSCE 813 - Farkas
19
Non-Deterministic
Choice
P  Q and P Q have identical traces:
sequences of visible communications
 In most circumstances it cannot be told
whether a non-deterministic choice was
made by observing the process.
 What is the difference between
(a → P) Stop and (a → P)  Stop ?

CSCE 813 - Farkas
20
Parallel Operators

Put sequential processes parallel
 System state: state of each component
– Number of possible states increases
exponentially with the size of the network

How to put processes together for parallel
network?
 How to check whether such a network
satisfies a specification?
CSCE 813 - Farkas
21
Parallel Combination

Just an other process to which any of the
previous operators can be applied.
 Each parallel process is equivalent to a
sequential one (with infeasibly large
number of states)
 CSP processes influence each other by
affecting what communications they can
perform.
CSCE 813 - Farkas
22
Parallel Combination

Synchronize all visible actions
– P || Q can perform a   only when P and Q can
– (?x : A → P(x)) || (?x : B → Q(x)) =
?x : A B → (P(x) || Q(x))
CSCE 813 - Farkas
23
Parallel Combinations

Interfaces parallel operator: P ||X Q
– Synchronize all events in X

Example:
– P = ?x : A → P’(x)
– Q = ?x : B → Q’(x)
– P ||X Q = ?x : X  A  B → (P’(x) || Q’(x))

?x : A \ X → (P’(x) ||X Q)

?x : B \ X → (P||X Q’(x))
CSCE 813 - Farkas
24
Alphabet Controlled

P X ||Y Q
 Each process is given control of a particular
set of events
 No process is ever permitted to
communicate outside of its own alphabet
 Interface between two processes:
intersection of their alphabet
CSCE 813 - Farkas
25
CSP Operators

process does nothing

event prefix
event prefix choice
Stop
 a→P





?x:A → P
P Q
P Q
P || Q
P ||X Q
P X ||Y Q
choice between two processes
nondeterministic choice
lockstep parallel
interface parallel
synchronizing parallel
CSCE 813 - Farkas
26
Next Class:
CSP CH 1 finish
Modeling security protocols in CSP
CSCE 813 - Farkas
27