We introduce a prototype tool strategFTO addressing the verification of a security property in critical software. We consider a recent definition of timed opacity where an attacker aims to deduce some secret while having access only to the total execution time. The system, here modeled by timed automata, is deemed opaque if for any execution time, there are either no corresponding runs, or both public and private corresponding runs. We focus on the untimed control problem: exhibiting a controller, i.e., a set of allowed actions, such that the system restricted to those actions is fully timed-opaque. We first show that this problem is not more complex than the full timed opacity problem, and then we propose an algorithm, implemented and evaluated in practice.
翻译:我们引入了用于关键软件中安全财产核查的工具原型战略。 我们考虑最近对时间性不透明的定义, 攻击者在其中试图推断出某些秘密,而只访问总执行时间。 由时间性自动数据制成的系统被视为不透明, 如果在任何执行时间, 要么没有相应的运行, 要么是公共和私人的相应运行。 我们集中关注未定时间的控制问题: 展示一个控制器, 即一组允许的行动, 使系统仅限于那些行动完全时间性不透明。 我们首先显示, 这个问题并不比全时间性不透明问题复杂, 然后我们提出一个算法, 在实践中实施和评估 。