SDP Verification by TLA+

Signed-off-by: Luming Dong <[email protected]>

Author: 10227694

README.md

@@ -109,6 +109,7 @@ Do you have your own case study that you like to share with the community? Send
 | 96 | Nano Blockchain Protocol | <a href="specifications/NanoBlockchain">Directory</a> | Andrew Helwer | | &#10004; | Naturals, Bags | | |
 | 97 | Coffee Can White/Black Bean Problem | <a href="specifications/CoffeeCan">Directory</a> | Andrew Helwer | | &#10004; | Naturals | | |
 | 98 | The Slush Protocol | <a href="specifications/SlushProtocol">Directory</a> | Andrew Helwer | | &#10004; | Naturals, FiniteSets, Sequences | &#10004; | |
+| 99 | SDP (Software Defined Perimeter) | <a href="https://github.com/10227694/SDP_Verification">Specifying and Verifying SDP Protocol based Zero Trust Architecture</a> | Luming Dong, Zhi Niu | | &#10004;| FiniteSets, Sequences, Naturals |  |
 
 ## License
 

specifications/README

@@ -92,4 +92,14 @@ TwoPhase
    of the use of constant operator parameters to describe
    unspecified actions.  There is also a TLA+ proof of 
    correctness that has been checked by the TLAPS proof system.
+
+SDP_Verification
+   This project is about the TLA+ Spec of SDP architecture and algorithm 
+   written by Luming Dong and Zhi niu based on the open source project fwknop.
+   The subdirectory SDP_Attack_Spec contains the specification based on the 
+   following materials:(* https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2/)(http://www.cipherdyne.org/fwknop/ *)
+   The verification results show that current SDP protocol framework has a vulnerability 
+   in the scenario of remote access through NAT technology.
+   The subdirectory SDP_Attack_New_Solution_Spec contains the specification for the improved 
+   SDP architecture design which fixed the flaw related to service concealment feature.
 

specifications/SDP_Verification/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Dong Luming
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

specifications/SDP_Verification/README.md

@@ -0,0 +1,17 @@
+# SDP_Verification
+
+This project is about the TLA+ Spec of SDP architecture and algorithm written by Luming Dong and Zhi niu based on the open source project fwknop.
+
+The subdirectory  SDP_Attack_Spec  contains the specification based on the following materials:                  
+(* https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2/  *)                                           
+(* http://www.cipherdyne.org/fwknop/                                       *)
+
+The verification results show that current SDP protocol framework has a vulnerability in the scenario of remote access through NAT technology.
+
+The subdirectory  SDP_Attack_New_Solution_Spec  contains the specification for the improved SDP architecture design
+which fixed the flaw related to service concealment feature.
+
+The slide  "Specifying and Verifying SDP Protocol Based Zero Trust Architecture Using TLA+.pptx" contains the key description of the reserach work.
+For details, please refer to paper :
+https://dl.acm.org/doi/10.1145/3558819.3558826
+

specifications/SDP_Verification/SDP_Attack_New_Solution_Spec/Comment.txt

@@ -0,0 +1,5 @@
+The figure Model_Config_for_NAT.PNG illustrates the TLC model configuration for NAT scenario.
+
+The figure Model_Config_without_NAT.PNG illustrates the TLC model configuration for scenario without NAT.
+
+SPA_Attack_New.tla is the main sepc file.

specifications/SDP_Verification/SDP_Attack_New_Solution_Spec/MC.cfg

@@ -0,0 +1,52 @@
+\* CONSTANT definitions
+
+CONSTANT
+    SDPSvrCfg <- const_1645172937699121000
+\* CONSTANT definitions
+
+CONSTANT
+    NAT_FLAG <- const_1645172937699122000
+\* CONSTANT definitions
+
+CONSTANT
+    USER_BASEPORT <- const_1645172937699123000
+\* CONSTANT definitions
+
+CONSTANT
+    MATCH_ANY <- const_1645172937699124000
+\* CONSTANT definitions
+
+CONSTANT
+    UNKNOWN_AUTH_ID <- const_1645172937699125000
+\* CONSTANT definitions
+
+CONSTANT
+    AttackerCfg <- const_1645172937699126000
+\* CONSTANT definitions
+
+CONSTANT
+    ClientCfg <- const_1645172937699127000
+\* CONSTANT definitions
+
+CONSTANT
+    ATTACKER_BASEPORT <- const_1645172937699128000
+\* CONSTANT definitions
+
+CONSTANT
+    SvrCfg <- const_1645172937699129000
+\* SPECIFICATION definition
+SPECIFICATION
+FairSpec
+\* INVARIANT definition
+INVARIANT
+SPASafeLaw
+DataAccessSafeLaw
+\* PROPERTY definition
+PROPERTY
+SPA_AvailableProperty
+SPA_AntiDosProperty
+UserAccessAvailProperty
+SvrHidenProperty
+FwRuleConsistentProperty
+FwCorrectProperty
+\* Generated on Fri Feb 18 16:28:57 CST 2022

specifications/SDP_Verification/SDP_Attack_New_Solution_Spec/MC.tla

@@ -0,0 +1,51 @@
+---- MODULE MC ----
+EXTENDS SPA_Attack_New, TLC
+
+\* CONSTANT definitions @modelParameterConstants:0SDPSvrCfg
+const_1645172937699121000 == 
+[IP |-> 12,Port |-> 8000]
+----
+
+\* CONSTANT definitions @modelParameterConstants:1NAT_FLAG
+const_1645172937699122000 == 
+TRUE
+----
+
+\* CONSTANT definitions @modelParameterConstants:2USER_BASEPORT
+const_1645172937699123000 == 
+1024
+----
+
+\* CONSTANT definitions @modelParameterConstants:3MATCH_ANY
+const_1645172937699124000 == 
+65536
+----
+
+\* CONSTANT definitions @modelParameterConstants:4UNKNOWN_AUTH_ID
+const_1645172937699125000 == 
+65535
+----
+
+\* CONSTANT definitions @modelParameterConstants:5AttackerCfg
+const_1645172937699126000 == 
+[SrcIp |-> 11]
+----
+
+\* CONSTANT definitions @modelParameterConstants:6ClientCfg
+const_1645172937699127000 == 
+[LoginID |->1,Key |-> 44,SrcIp |->11]
+----
+
+\* CONSTANT definitions @modelParameterConstants:7ATTACKER_BASEPORT
+const_1645172937699128000 == 
+2024
+----
+
+\* CONSTANT definitions @modelParameterConstants:8SvrCfg
+const_1645172937699129000 == 
+[IP |-> 22,Port |-> 80]
+----
+
+=============================================================================
+\* Modification History
+\* Created Fri Feb 18 16:28:57 CST 2022 by 10227694