Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University.

Published byThaddeus Isom Modified over 9 years ago

Similar presentations

Presentation on theme: "A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University."— Presentation transcript:

1 A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University May 19, 2009

2 Secure System Designs Security Property System maintains integrity of OS and web server code. Secure System BIOS OS Web Server Adversary Malicious Thread Communication between frames remains confidential. Malicious Frame & ServerMalicious Virtual Machine The VMM maintains the confidentiality and integrity of data store in honest VMs.

3 Informal Analysis of System Designs Security Property Secure System Adversary Informal Analysis Successful attacks Attacks may be missed! Known attacks

4 Logic-Based Analysis of System Designs Security Property Secure System Formal Model of Adversary Analysis Engine Proof of security property Proof implies that an adversary with these capabilities cannot launch a successful attack Adversary defined by a set of capabilities

5 Contributions (Method) Security PropertySecure System Adversary Model Modeled as a set of programs in a concurrent programming language containing primitives relevant to secure systems Cryptography, network communication, shared memory, access control, machine resets, dynamic code loading Specified as logical formulas in the Logic of Secure Systems (LS 2 )‏ Any set of programs running concurrently with the system Analysis Engine Sound proof system for LS 2

6 Contributions (Adversary Model)  Adversary capabilities:  Local process on a machine  E.g., change unprotected code and data, steal secrets, reset machines  In general, constrained only by system interfaces  Network adversary – Symbolic (Dolev-Yao):  E.g., create, read, delete, inject messages  Cannot break cryptography  These capabilities enable many common attacks:  Network Protocol Attacks: Freshness, MITM  Local Systems Attacks: TOCTTOU and other race conditions, violations of code integrity and data confidentiality and integrity violation  Combinations of network and system attacks, e.g., web attacks

7 Contributions (Application)  Case study of Trusted Computing Platform  TCG specifications are industry and ISO/IEC standard  Over 100 million deployments  Applications include Microsoft’s BitLocker and HP’s ProtectTools  Formal model of parts of the TPM co-processor  First logical security proofs of two attestation protocols (SRTM and DRTM)  Analysis identifies:  Previously unknown incompatibility between SRTM and DRTM  Cannot be used together without additional protection  2 new weaknesses in SRTM  Previously known TOCTTOU attacks on SRTM [GCB+(Oakland’06),SPD(Oakland’05)]

8 Outline  Introduction  LS 2 : Illustrated with example (SRTM) ‏  Description of SRTM  Programming model  Specification of properties  Proving properties  Soundness  Conclusion

9 Static Root of Trust Measurement (SRTM) What’s your software stack? Remote Verifier Client Why should the client’s answer be trusted?

10 Trusted Platform Module (TPM)‏ ‏ PCR Remote Verifier Client Check Static Root of Trust Measurement (SRTM) Co-processor for cryptographic operations Protected private key (AIK) Append only log; Set to -1 on reset

11 BL OS APP Trusted Platform Module (TPM)‏ ‏ PCR BIOS Remote Verifier Client Signature Check Static Root of Trust Measurement (SRTM) H(APP) H(OS) H(BL)

12 Example: SRTM in LS 2 Remote Verifier Trusted BIOS Co-processor Ideal boot loader Ideal operating system

13 Modeling Systems Remote Verifier Trusted BIOS Co-processor Ideal boot loader Ideal operating system Every system component is a program. Generality: Common primitives to model many systems Extensibility: Add new primitives

14 Model of Trusted Hardware Remote Verifier Trusted BIOS Co-processor Ideal boot loader Ideal operating system extend is a primitive Co-processor is a program

15 Challenge: Adversaries Remote Verifier Trusted BIOS Co-processor Ideal boot loader Ideal operating system

16 Challenge: Dynamic Code Loading Remote Verifier Trusted BIOS Co-processor Ideal boot loader Ideal operating system What is b? Reasoning about dynamically loaded code in presence of adversaries requires careful proof system design

17 SRTM Security Property Suppose Verifier’s code finishes execution at time t ttTtT tBtB tOtO Reset Load BL Load OS Verifier Finishes  Weaknesses:  No recency – how old is t T ? [GCB+’06,SPD’05]  No guarantee that APP was loaded.  Assume that no adversary may extend the PCR tAtA Load APP

18 SRTM Security Property in LS 2 Suppose Verifier’s code finishes execution at ttTtT tBtB tOtO Reset Load BL Load OS Verifier Finishes

19 Reasoning about Dynamic Code Loading Proofs do not explicitly refer to adversarial actions

20 Semantics and Soundness  Semantic Relations Accounts for adversaries’ actions  Soundness Theorem Proof of correctness implies security with any number of adversaries

21 Summary of LS 2  Use logic to prove systems secure  Model systems are programs in an expressive language  Specify security properties in a logic  Prove properties in a sound proof system  Guaranteed freedom from attacks against a strong adversary  Technical difficulties:  Dynamically loaded unknown code  Access control on concurrent memory  Machine resets

22 Work Related to LS 2  Work on network protocol analysis  BAN, …, Protocol Composition Logic (PCL) ‏  Inspiration for LS 2, limited to protocols only  LS 2 adds a model of local computation and local adversary  Work on program correctness (no adversaries)  Concurrent Separation Logic  Synchronization through locks is similar  Higher-order extensions of Hoare Logic  Code being called has to be known in advance  Temporal, dynamic logic  Similar goals, different formal treatment  Formal analysis of Trusted Computing Platforms  Primarily using model checking

23 Conclusion  LS 2 : Logic based framework to prove security properties of system designs  Used for analysis of an industrial standard  Expressive, extensible  Ongoing application to web security and virtualization

24 Thank You. Questions?

25 Technical Challenges  Expressiveness:  Security primitives non-exhaustive; some in this paper, some future work  Interactions, e.g., dynamic code loading and concurrency  Scalability: how easily can new primitives be added?  Usability:  Axioms must be intuitive  Strong adversary model:  Network adversary (Dolev-Yao)  Local adversary (new) ‏

26 Operational Semantics Configuration ( C ) = Concurrent threads  System components + unspecified adversary  State information: memory contents + locks Thread = Program + Owner + Unique id Reduction relation on configurations C0C0 C1C1 CnCn... t1t1 t2t2 tntn t 1... t n are real numbers, monotonically increasing

27 Programming Model  Distributed system = Concurrent programs  Program = Sequence of actions x1 := a1; x2 := a2;....; xn := an  Actions a = read l write l,v lock l unlock l send v receive sign v,K verify v,K jump v... Resets modeled as a reduction in operational semantics

28 Logic Syntax  Predicates P : Send(I,v) Receive(I,v) Sign(I,v,K) Verify(I,v,K) Read(I,l) Write(I,l,v)‏ Lock(I,l) Unlock(I,l)‏ Mem(l,v) IsLocked(l,I) Reset(m,I) Jump(I,v)‏  Formulas A, B:... | A@t | A on I  Modal Formulas: [P] I tb,te A

29 Proof System: Axioms  Axioms capture meaning of primitives

30 Proof System: Inference Rules  Rules analyze modal formulas [P] I tb,te A  Example, the jump rule: IS(P) = Set of prefixes of the action sequence of P

Download ppt "A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University."

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM.

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Logical Attestation: An Authorization Architecture for Trustworthy Computing Emin Gün Sirer Willem de Bruijn †, Patrick Reynolds *, Alan Shieh ‡, Kevin.

Logical Attestation: An Authorization Architecture for Trustworthy Computing Emin Gün Sirer Willem de Bruijn †, Patrick Reynolds *, Alan Shieh ‡, Kevin.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
Vpn-info.com.

Vpn-info.com.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)

Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.

Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.

Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Similar presentations

Ads by Google