Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing Jason Franklin Joint work with Deepak Garg, Dilsun Kaynar, and.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing Jason Franklin Joint work with Deepak Garg, Dilsun Kaynar, and."— Presentation transcript:

1 1 Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing Jason Franklin Joint work with Deepak Garg, Dilsun Kaynar, and Anupam Datta

2 2 Motivation Despite progress in cryptography and security protocols, designing secure systems remains difficult –Network protocols and cryptography rely on secure system assumption Problem: Attackers violate secure system assumption by exploiting system design flaws Solution: Prove security of system designs

3 3 Motivating Example Client System Network Server System

4 4 Trusted Computing Question: How do we trust remote servers? Proposed Solution: Ask servers what programs they are running? –Server attests to (vouches for) its running software…

5 5 I’ll ask what programs they have run! How do I know if I can trust that server? Hey server! What code have you run? Server System Details of Proposed Solution Client System Network Network Protocol Analysis System and Network Protocol Analysis Since I last rebooted, I’ve run 0: Operating System 1: Web Server 2: Shopping Cart Server RequestReply I trust those programs to protect my data!

6 6 In this talk… Describe Logic of Secure Systems (LS^2) –Modeling system designs –Analysis of system designs Analyze trusted computing protocol Limitations, work in progress, and conclusion

7 7 Hey server! What code have you run? Server System Modeling Protocols as Programs Client System Network requestReply Client ≡ request := read question; send request; reply := receive; match /reply/trusted/; Server ≡ r := receive; send reply; Since I last rebooted, I’ve run 0: Operating System 1: Web Server 2: Shopping Cart Server I trust those programs to protect my data!

8 8 Components of Model Explicit Time Encryption Decryption HashSign/Verify Memory Protection Memory Network Comm. Threads Control Flow Key: AddedExisting Hardware Resets Trusted Computing

9 9 Modeling Details Memory –Read and write named memory locations Example: d := read Mem[x]; Memory Protection –Exclusive write locks Example: lock(Mem[x]); Explicit time –Ordering events Read at time T R, Write at time T W and T R < T W –Expressing invariants Mem[x] contains value V during interval (T R,T W )

10 10 Server System New Adversary Model Client System Network I can remove, reorder, or replay messages. Standard Network Adversary I can generate messages if I know their components! I’m a malicious local thread! I can write to any unprotected memory location! I can read any memory location! I collude with the network adversary!

11 11 Overview of Protocol Analysis Analysis Suppose Client code executed then: Server is executing trusted programs Modeling Client ≡ request := read question; send request; reply := receive; match /reply/trusted/;

12 12 LS^2, what are you good for? Describe Logic of Secure Systems (LS^2) Analyze trusted computing protocol Limitations, work in progress, and conclusion

13 13 Hey server! What code have you run? Malicious Server System Problems with Trusted Computing Protocol Client System Network request Reply Client ≡ request := read question; send request; reply := receive; match /reply/trusted/; MALICIOUS_Server ≡ r := receive; send “linux”; I trust those programs to protect my data! Since I last rebooted, I’ve run linux. Really, I have! Since I last rebooted, I’ve run malicious code. Mwhahaha!!!!

14 14 Server System Solution: Trusted Coprocessor Client System Network Trusted Coprocessor

15 15 Trusted Coprocessor Trusted Computing –Augments platform with trusted co-processor Coprocessor includes: –Crypto. Primitives –Keys –Append-only log Coprocessor Log : AB … Log.append(A); Log.append(B);

16 16 Server with Coprocessor Booting ≡ 1. append log, os_code; os := read os_code; 2. call os; 3. append log, web_server_code; ws := read web_server_code; 4. call ws; Coprocessor OS Web Server 1. Append 2. Call 4. Call 3. Append Log = os_codeweb_server_code … Server System

17 17 Client System Coprocessor Vouching for Log Client_Receive ≡ s := receive; verify s, seq(os_code, ws_code), K Signer ≡ _ := receive; w := read log; s := sign w, K; send s Log = os_codews_code … s := SIGN K, (os_code, ws_code)

18 18 Protocol Analysis Analysis Suppose Client code executed then: Server is executing trusted programs Modeling Client_Receive ≡ s := receive; verify s, seq(os_code, ws_code), K

19 19 Trusted Computing Analysis Reset @ T R Call to OS Code @ T OS Read Log @ T Read No Resets during T R to T Read Begin End Verify Log @ T V Suppose that clients’s thread executes code Client_Receive in time interval [Begin, End) then the following properties hold:

20 20 Anyone See Security Vulnerability? Reset attack possible after read of log Reset @ T R Call to OS Code @ T OS Read Log @ T Read No Resets during T R to T Read Begin End Verify Log @ T V Server Reset Verification of Stale Data Client believes server can be trusted!

21 21 Adversaries Attack Assumptions Assumptions: –Client is not running in coprocessor –Coprocessor does not reveal its private key –Coprocessor only executes Signer –Programs in memory are write locked

22 22 Up next… Describe Logic of Secure Systems (LS^2) –Designed for modeling and analysis of system specifications Use LS^2 to analyze trusted computing protocols –Specify trusted computing protocols –State security properties and security proof –Discuss implications and analysis of proof Limitations, work in progress, and conclusion

23 23 Limitations and Work In Progress Control flow and context sensitive analysis Composition theorems for modular analysis of complex systems Expanding access control policies Analysis of other trusted computing protocols Modeling layer diagrams Hardware Operating System User Level Programs Layer Diagram

24 24 Related Work LS^2 is derived from Protocol Composition Logic [Datta05-07] Related work on program correctness: –Concurrent separation logic [Brookes04] –Verification of concurrent systems [TLA, Lamport84, Owicki&Gries76]

25 25 Conclusion LS^2 is logic for analysis of networked secure systems including local and network adversaries LS^2 models abstract memory protections, time, hardware resets, and security primitives Described formal analysis of trusted computing –Identified reset attack Ongoing work seeks to expand scope of LS^2

26 26 Take Home Points If you are designing secure systems: –LS^2 enables security analysis of system design before you implement Avoids costly and embarrassing vulnerabilities Clarifies security properties of design Even if you are just using secure systems: –LS^2 can provide stronger guarantees about your security

27 27 Questions? Theory of Secure Systems Project (ToSS) –http://www.cs.cmu.edu/~jfrankli/tosshttp://www.cs.cmu.edu/~jfrankli/toss Publications and Manuscripts: –D. Garg, J. Franklin, D. Kaynar, A. Datta. “Towards a Theory of Secure Systems” Cylab Technical Report, Feb. 2008. –D. Garg, J. Franklin, D. Kaynar, A. Datta. “A Logic for Reasoning about Networked Secure Systems.” Under submission to FCS ’08. –J. Franklin, D. Garg, D. Kaynar, A. Datta. “Modeling and Security Analysis of Trusted Computing.” In progress.

28 28 2

Download ppt "1 Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing Jason Franklin Joint work with Deepak Garg, Dilsun Kaynar, and."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Operating System Security

Operating System Security
Executional Architecture

Executional Architecture
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.

SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.
Vpn-info.com.

Vpn-info.com.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University.

A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,

1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.

28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Similar presentations

Ads by Google