Luca Durante - Academia.edu (original) (raw)

Papers by Luca Durante

Lecture Notes in Computer Science, 2003

Abstract. Many formal techniques for the verification of cryptographic protocols rely on the abst... more Abstract. Many formal techniques for the verification of cryptographic protocols rely on the abstract definition of cryptographic primitives, such as shared, private, and public key encryption. This approach prevents the analysis of those protocols that explicitly use commutative and ...

Lecture Notes in Computer Science, 2003

The formal verifiation of security properties of a cryptographic protocol is a diffcult, albeit v... more The formal verifiation of security properties of a cryptographic protocol is a diffcult, albeit very important task as more and more sensible resources are added to public networks. This paper is focused on model checking; when adopting this approach to the problem, one challenge is to represent the intruder’s knowledge in an effective way. We present an intruder’s knowledge representation

Lecture Notes in Computer Science, 2005

... 1 Automatic Detection of Attacks on Cryptographic Protocols: a Case Study Ivan Cibrario Berto... more ... 1 Automatic Detection of Attacks on Cryptographic Protocols: a Case Study Ivan Cibrario Bertolotti1, Luca Durante1, Riccardo Sisto2, Adriano Valenzano1 1IEIIT - CNR 2Dipartimento di Automatica e Informatica Politecnico di Torino Page 2. R. Sisto, DIMVA 2005, July 2005 2 ...

Proceedings International Phoenix Conference on Computers and Communications, 1995

ABSTRACT To improve fairness in DQDB metropolitan area networks a mechanism known as bandwidth ba... more ABSTRACT To improve fairness in DQDB metropolitan area networks a mechanism known as bandwidth balancing (BWB) has been introduced in the final version of the IEEE 802.6 standard document. Since then several researchers have proposed more or less significant changes to the basic mechanism, attempting to adhere to different interpretations of the fairness concept, and to match the needs of different categories of users. In this paper attention is focused on the adaptive class of fairness control mechanisms and two solutions are analyzed and compared: the first one allows for a fair sharing of the bandwidth by keeping the control rate of each node proportional to its offered traffic, whereas the second one keeps the control rate proportional to the number of segments queued in each node waiting for transmission. In order to do this, an analytical model suited to study a DQDB network under overload conditions is introduced. The model is also amenable to the evaluation of the transient behaviour of DQDB networks, thus enabling a thorough investigation of the performance that can be obtained by adopting different fairness control mechanisms. The analytical model has been validated through the use of a software simulator. Numerical indices measuring the performance of the balancing mechanisms mentioned above are also given

Lecture Notes in Computer Science, 2013

2008 IEEE International Workshop on Factory Communication Systems, 2008

... Ivan Cibrario Bertolotti IEIIT-CNR C.so Duca degli Abruzzi 24 ivan.cibrario@polito.it Luca Du... more ... Ivan Cibrario Bertolotti IEIIT-CNR C.so Duca degli Abruzzi 24 ivan.cibrario@polito.it Luca Durante IEIIT-CNR C.so Duca degli Abruzzi 24 luca.durante@polito.it Adriano Valenzano IEIIT-CNR C.so Duca degli Abruzzi 24 adriano.valenzano@polito.it Abstract ...

2010 IEEE International Workshop on Factory Communication Systems Proceedings, 2010

The protection of leT systems is a topic whose impor tance has been dramatically growing in the l... more The protection of leT systems is a topic whose impor tance has been dramatically growing in the last years. In fact, their increased interconnection, both internal and through the Internet, besides having provided higher and inexpensive flexibility (eg remote access, management and ...

Proceedings - International Conference on Advanced Information Networking and Application (AINA), 2004

The aim of this work is to describe a tool (Spi2Java) that automatically generates Java code impl... more The aim of this work is to describe a tool (Spi2Java) that automatically generates Java code implementing cryptographic protocols described in the formal specification language spi calculus. Spi2Java is part of a set of tools for spi calculus, also including a pre-processor, a parser, and a security analyzer. The latter can formally analyze protocols and detect protocol flaws. When a protocol has been analyzed and an adequate confidence about its correctness has been reached, Spi2Java can generate a corresponding correct Java implementation of the protocol, thus dramatically reducing the risk of introducing security flaws in the coding phase.

Proceedings - International Conference on Dependability of Computer Systems, DepCoS - RELCOMEX 2007, 2007

... M. Cheminod†, I. Cibrario Bertolotti†, L. Durante†, R. Sisto‡, and A. Valenzano† †IEIIT-CNR —... more ... M. Cheminod†, I. Cibrario Bertolotti†, L. Durante†, R. Sisto‡, and A. Valenzano† †IEIIT-CNR — ‡Politecnico di Torino C.so Duca degli Abruzzi, 24 I-10129 Torino (Italy) {manuel.cheminod, ivan.cibrario, luca.durante, riccardo.sisto, adriano.valenzano}@polito.it Abstract ...

Software Engineering Journal, 1994

ABSTRACT The implementation of syntax-driven static semantic analysis of languages presenting rec... more ABSTRACT The implementation of syntax-driven static semantic analysis of languages presenting recursive forward references in their definition, requires the handling of a syntax tree. When dealing with languages for which the syntax tree approach is very heavy to implement, a source code reorganisation operation may solve the problem more conveniently. This applies to the ISO specification language LOTOS which is taken as the main concern in the article. The implementation of a static semantic analyser for LOTOS based on the above approach is described by means of a C program, and all the main issues are addressed. It is shown that the source code reorganisation operation applied to LOTOS specifications does not alter the semantics of the original source specification. Examples and measures of performance collected by testing the tool on some significant case studies in the literature are also given

Time Petri Nets (TPN) and TE-LOTOS are timed extensions of two commonly used specification formal... more Time Petri Nets (TPN) and TE-LOTOS are timed extensions of two commonly used specification formalisms, that can be used in the design of real time concurrent and distributed systems. The paper reviews the differences between the two extended formal description techniques (FDTs), and shows how they can be used jointly in the design and evaluation of real time communication systems

Journal of the Brazilian Computer Society, 2007

This paper presents a formal approach to specify and analyze realtime systems. We extend Object-B... more This paper presents a formal approach to specify and analyze realtime systems. We extend Object-Based Graph Grammars, a description technique suitable for the specification of asynchronous distributed systems, to be able to explicitly model time constraints. The semantics of the systems is defined in terms of Timed Automata, allowing the automatic verification of properties. Resumo. Este artigo apresenta uma abordagem formal para a especificação e análise de sistemas de tempo real. Gramáticas de Grafos Baseadas em Objetos são extendidas incluindo primitivas para modelar explicitamente restrições de tempo.. A semânticaé definida em termos de autômatos temporais, provendo um método para verificação automática de propriedades.

IEEE International Workshop on Factory Communication Systems, 1997

The paper deals with the definition of a device description model which takes into account the mo... more The paper deals with the definition of a device description model which takes into account the most significant features of the fieldbus devices currently available on the market and included in the EN50170 European standard. The basic concepts that can be found in the relevant international standards have been taken as a basis for the development of the model. The

International Journal of Foundations of Computer Science, 2006

Testing equivalence is a quite powerful way of expressing security properties of cryptographic pr... more Testing equivalence is a quite powerful way of expressing security properties of cryptographic protocols, but its formal verification is a difficult task, because it is based on universal quantification over contexts. A technique based on state exploration to address this verification problem ...

IEEE Transactions on Industrial Informatics, 2000

Abstract—In modern factories, personal computers are starting to replace traditional Programmable... more Abstract—In modern factories, personal computers are starting to replace traditional Programmable Logic Controllers, due to cost and flexibility reasons, and also because their operating sys-tems now support programming environments even suitable for demanding real-time ...

Formal Aspects of Computing, 2008

This paper addresses the problem of representing the intruder's knowledge in the formal verificat... more This paper addresses the problem of representing the intruder's knowledge in the formal verification of cryptographic protocols, whose main challenges are to represent the intruder's knowledge efficiently and without artificial limitations on the structure and size of messages. The new knowledge representation strategy proposed in this paper achieves both goals and leads to practical implementation because it is incrementally computable and is easily amenable to work with various term representation languages. In addition, it handles associative and commutative term composition operators, thus going beyond the free term algebra framework. An extensive computational complexity analysis of the proposed representation strategy is included in the paper.

Computer Standards & Interfaces, 2009

The tools for cryptographic protocols analysis based on state exploration are designed to be comp... more The tools for cryptographic protocols analysis based on state exploration are designed to be completely automatic and should carry out their job with a reasonable amount of computing and storage resources, even when run by users having a limited amount of expertise in the ...

Computer Standards & Interfaces, 1999

The difficulty of reaching an agreement on a single standard fieldbus proposal inside the interna... more The difficulty of reaching an agreement on a single standard fieldbus proposal inside the international standardization bodies has led some national organizations in Europe to develop their own fieldbuses and to adopt them in pilot applications. At present FIP and PROFIBUS appear to be the most widely accepted solutions and some commercial products based on these standards are beginning to

Computer Standards & Interfaces, 2007

Computer networks are exposed to serious security threats that can even have catastrophic consequ... more Computer networks are exposed to serious security threats that can even have catastrophic consequences from both the points of view of economy and safety if such networks control critical infrastructures, such as for example industrial plants. Security must then be considered as a fundamental issue starting from the earlier phases of the design of a system, and suitable techniques and tools should be adopted to satisfy the security-related requirements. The focus of this paper is on how formal methods can help in analysing the standard cryptographic protocols used to implement security-critical services such as authentication and secret keys distribution in critical environments. The analysis of the 802.11 shared key authentication protocol by S 3 A, a fully automatic software tool that is based on a formal approach, is illustrated as a case study, which also highlights the peculiarities of analysing protocols based on wireless channels.

Lecture Notes in Computer Science, 2003

Abstract. Many formal techniques for the verification of cryptographic protocols rely on the abst... more Abstract. Many formal techniques for the verification of cryptographic protocols rely on the abstract definition of cryptographic primitives, such as shared, private, and public key encryption. This approach prevents the analysis of those protocols that explicitly use commutative and ...

Lecture Notes in Computer Science, 2003

The formal verifiation of security properties of a cryptographic protocol is a diffcult, albeit v... more The formal verifiation of security properties of a cryptographic protocol is a diffcult, albeit very important task as more and more sensible resources are added to public networks. This paper is focused on model checking; when adopting this approach to the problem, one challenge is to represent the intruder’s knowledge in an effective way. We present an intruder’s knowledge representation

Lecture Notes in Computer Science, 2005

... 1 Automatic Detection of Attacks on Cryptographic Protocols: a Case Study Ivan Cibrario Berto... more ... 1 Automatic Detection of Attacks on Cryptographic Protocols: a Case Study Ivan Cibrario Bertolotti1, Luca Durante1, Riccardo Sisto2, Adriano Valenzano1 1IEIIT - CNR 2Dipartimento di Automatica e Informatica Politecnico di Torino Page 2. R. Sisto, DIMVA 2005, July 2005 2 ...

Proceedings International Phoenix Conference on Computers and Communications, 1995

ABSTRACT To improve fairness in DQDB metropolitan area networks a mechanism known as bandwidth ba... more ABSTRACT To improve fairness in DQDB metropolitan area networks a mechanism known as bandwidth balancing (BWB) has been introduced in the final version of the IEEE 802.6 standard document. Since then several researchers have proposed more or less significant changes to the basic mechanism, attempting to adhere to different interpretations of the fairness concept, and to match the needs of different categories of users. In this paper attention is focused on the adaptive class of fairness control mechanisms and two solutions are analyzed and compared: the first one allows for a fair sharing of the bandwidth by keeping the control rate of each node proportional to its offered traffic, whereas the second one keeps the control rate proportional to the number of segments queued in each node waiting for transmission. In order to do this, an analytical model suited to study a DQDB network under overload conditions is introduced. The model is also amenable to the evaluation of the transient behaviour of DQDB networks, thus enabling a thorough investigation of the performance that can be obtained by adopting different fairness control mechanisms. The analytical model has been validated through the use of a software simulator. Numerical indices measuring the performance of the balancing mechanisms mentioned above are also given

Lecture Notes in Computer Science, 2013

2008 IEEE International Workshop on Factory Communication Systems, 2008

... Ivan Cibrario Bertolotti IEIIT-CNR C.so Duca degli Abruzzi 24 ivan.cibrario@polito.it Luca Du... more ... Ivan Cibrario Bertolotti IEIIT-CNR C.so Duca degli Abruzzi 24 ivan.cibrario@polito.it Luca Durante IEIIT-CNR C.so Duca degli Abruzzi 24 luca.durante@polito.it Adriano Valenzano IEIIT-CNR C.so Duca degli Abruzzi 24 adriano.valenzano@polito.it Abstract ...

2010 IEEE International Workshop on Factory Communication Systems Proceedings, 2010

The protection of leT systems is a topic whose impor tance has been dramatically growing in the l... more The protection of leT systems is a topic whose impor tance has been dramatically growing in the last years. In fact, their increased interconnection, both internal and through the Internet, besides having provided higher and inexpensive flexibility (eg remote access, management and ...

Proceedings - International Conference on Advanced Information Networking and Application (AINA), 2004

The aim of this work is to describe a tool (Spi2Java) that automatically generates Java code impl... more The aim of this work is to describe a tool (Spi2Java) that automatically generates Java code implementing cryptographic protocols described in the formal specification language spi calculus. Spi2Java is part of a set of tools for spi calculus, also including a pre-processor, a parser, and a security analyzer. The latter can formally analyze protocols and detect protocol flaws. When a protocol has been analyzed and an adequate confidence about its correctness has been reached, Spi2Java can generate a corresponding correct Java implementation of the protocol, thus dramatically reducing the risk of introducing security flaws in the coding phase.

Proceedings - International Conference on Dependability of Computer Systems, DepCoS - RELCOMEX 2007, 2007

... M. Cheminod†, I. Cibrario Bertolotti†, L. Durante†, R. Sisto‡, and A. Valenzano† †IEIIT-CNR —... more ... M. Cheminod†, I. Cibrario Bertolotti†, L. Durante†, R. Sisto‡, and A. Valenzano† †IEIIT-CNR — ‡Politecnico di Torino C.so Duca degli Abruzzi, 24 I-10129 Torino (Italy) {manuel.cheminod, ivan.cibrario, luca.durante, riccardo.sisto, adriano.valenzano}@polito.it Abstract ...

Software Engineering Journal, 1994

ABSTRACT The implementation of syntax-driven static semantic analysis of languages presenting rec... more ABSTRACT The implementation of syntax-driven static semantic analysis of languages presenting recursive forward references in their definition, requires the handling of a syntax tree. When dealing with languages for which the syntax tree approach is very heavy to implement, a source code reorganisation operation may solve the problem more conveniently. This applies to the ISO specification language LOTOS which is taken as the main concern in the article. The implementation of a static semantic analyser for LOTOS based on the above approach is described by means of a C program, and all the main issues are addressed. It is shown that the source code reorganisation operation applied to LOTOS specifications does not alter the semantics of the original source specification. Examples and measures of performance collected by testing the tool on some significant case studies in the literature are also given

Time Petri Nets (TPN) and TE-LOTOS are timed extensions of two commonly used specification formal... more Time Petri Nets (TPN) and TE-LOTOS are timed extensions of two commonly used specification formalisms, that can be used in the design of real time concurrent and distributed systems. The paper reviews the differences between the two extended formal description techniques (FDTs), and shows how they can be used jointly in the design and evaluation of real time communication systems

Journal of the Brazilian Computer Society, 2007

This paper presents a formal approach to specify and analyze realtime systems. We extend Object-B... more This paper presents a formal approach to specify and analyze realtime systems. We extend Object-Based Graph Grammars, a description technique suitable for the specification of asynchronous distributed systems, to be able to explicitly model time constraints. The semantics of the systems is defined in terms of Timed Automata, allowing the automatic verification of properties. Resumo. Este artigo apresenta uma abordagem formal para a especificação e análise de sistemas de tempo real. Gramáticas de Grafos Baseadas em Objetos são extendidas incluindo primitivas para modelar explicitamente restrições de tempo.. A semânticaé definida em termos de autômatos temporais, provendo um método para verificação automática de propriedades.

IEEE International Workshop on Factory Communication Systems, 1997

The paper deals with the definition of a device description model which takes into account the mo... more The paper deals with the definition of a device description model which takes into account the most significant features of the fieldbus devices currently available on the market and included in the EN50170 European standard. The basic concepts that can be found in the relevant international standards have been taken as a basis for the development of the model. The

International Journal of Foundations of Computer Science, 2006

Testing equivalence is a quite powerful way of expressing security properties of cryptographic pr... more Testing equivalence is a quite powerful way of expressing security properties of cryptographic protocols, but its formal verification is a difficult task, because it is based on universal quantification over contexts. A technique based on state exploration to address this verification problem ...

IEEE Transactions on Industrial Informatics, 2000

Abstract—In modern factories, personal computers are starting to replace traditional Programmable... more Abstract—In modern factories, personal computers are starting to replace traditional Programmable Logic Controllers, due to cost and flexibility reasons, and also because their operating sys-tems now support programming environments even suitable for demanding real-time ...

Formal Aspects of Computing, 2008

This paper addresses the problem of representing the intruder's knowledge in the formal verificat... more This paper addresses the problem of representing the intruder's knowledge in the formal verification of cryptographic protocols, whose main challenges are to represent the intruder's knowledge efficiently and without artificial limitations on the structure and size of messages. The new knowledge representation strategy proposed in this paper achieves both goals and leads to practical implementation because it is incrementally computable and is easily amenable to work with various term representation languages. In addition, it handles associative and commutative term composition operators, thus going beyond the free term algebra framework. An extensive computational complexity analysis of the proposed representation strategy is included in the paper.

Computer Standards & Interfaces, 2009

The tools for cryptographic protocols analysis based on state exploration are designed to be comp... more The tools for cryptographic protocols analysis based on state exploration are designed to be completely automatic and should carry out their job with a reasonable amount of computing and storage resources, even when run by users having a limited amount of expertise in the ...

Computer Standards & Interfaces, 1999

The difficulty of reaching an agreement on a single standard fieldbus proposal inside the interna... more The difficulty of reaching an agreement on a single standard fieldbus proposal inside the international standardization bodies has led some national organizations in Europe to develop their own fieldbuses and to adopt them in pilot applications. At present FIP and PROFIBUS appear to be the most widely accepted solutions and some commercial products based on these standards are beginning to

Computer Standards & Interfaces, 2007

Computer networks are exposed to serious security threats that can even have catastrophic consequ... more Computer networks are exposed to serious security threats that can even have catastrophic consequences from both the points of view of economy and safety if such networks control critical infrastructures, such as for example industrial plants. Security must then be considered as a fundamental issue starting from the earlier phases of the design of a system, and suitable techniques and tools should be adopted to satisfy the security-related requirements. The focus of this paper is on how formal methods can help in analysing the standard cryptographic protocols used to implement security-critical services such as authentication and secret keys distribution in critical environments. The analysis of the 802.11 shared key authentication protocol by S 3 A, a fully automatic software tool that is based on a formal approach, is illustrated as a case study, which also highlights the peculiarities of analysing protocols based on wireless channels.