安全系统逻辑及其在可信计算中的应用

2009 30th IEEE Symposium on Security and Privacy Pub Date : 2009-05-17 DOI:10.1109/SP.2009.16

Anupam Datta, Jason Franklin, D. Garg, D. Kaynar

{"title":"安全系统逻辑及其在可信计算中的应用","authors":"Anupam Datta, Jason Franklin, D. Garg, D. Kaynar","doi":"10.1109/SP.2009.16","DOIUrl":null,"url":null,"abstract":"We present a logic for reasoning about properties of securesystems. The logic is built around a concurrent programminglanguage with constructs for modeling machines with sharedmemory, a simple form of access control on memory, machineresets, cryptographic operations, network communication, anddynamically loading and executing unknown(and potentially untrusted) code. The adversary's capabilities are constrained by the system interface as defined in the programming model (leading to the name csi). We develop a sound proof system for reasoning about programs without explicitly reasoning about adversary actions. We use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols. The proofs make precise assumptions needed for the security of these protocols and reveal an insecure interaction between the two protocols.","PeriodicalId":161757,"journal":{"name":"2009 30th IEEE Symposium on Security and Privacy","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"109","resultStr":"{\"title\":\"A Logic of Secure Systems and its Application to Trusted Computing\",\"authors\":\"Anupam Datta, Jason Franklin, D. Garg, D. Kaynar\",\"doi\":\"10.1109/SP.2009.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a logic for reasoning about properties of securesystems. The logic is built around a concurrent programminglanguage with constructs for modeling machines with sharedmemory, a simple form of access control on memory, machineresets, cryptographic operations, network communication, anddynamically loading and executing unknown(and potentially untrusted) code. The adversary's capabilities are constrained by the system interface as defined in the programming model (leading to the name csi). We develop a sound proof system for reasoning about programs without explicitly reasoning about adversary actions. We use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols. The proofs make precise assumptions needed for the security of these protocols and reveal an insecure interaction between the two protocols.\",\"PeriodicalId\":161757,\"journal\":{\"name\":\"2009 30th IEEE Symposium on Security and Privacy\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-05-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"109\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 30th IEEE Symposium on Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SP.2009.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 30th IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2009.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 109

摘要

我们提出了一个关于安全系统属性的推理逻辑。逻辑是围绕一个并发编程语言构建的，该语言的结构包括对机器进行建模，使用共享内存、内存访问控制的简单形式、机器设置、加密操作、网络通信以及动态加载和执行未知(可能不受信任)的代码。攻击者的能力受到编程模型中定义的系统接口的约束(因此得名csi)。我们开发了一个健全的证明系统，可以在不明确推理对手行为的情况下对程序进行推理。我们使用该逻辑来描述可信计算原语，并证明两种远程认证协议的代码完整性和执行完整性属性。这些证明对这些协议的安全性做出了精确的假设，并揭示了两个协议之间的不安全交互。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A Logic of Secure Systems and its Application to Trusted Computing

We present a logic for reasoning about properties of securesystems. The logic is built around a concurrent programminglanguage with constructs for modeling machines with sharedmemory, a simple form of access control on memory, machineresets, cryptographic operations, network communication, anddynamically loading and executing unknown(and potentially untrusted) code. The adversary's capabilities are constrained by the system interface as defined in the programming model (leading to the name csi). We develop a sound proof system for reasoning about programs without explicitly reasoning about adversary actions. We use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols. The proofs make precise assumptions needed for the security of these protocols and reveal an insecure interaction between the two protocols.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 30th IEEE Symposium on Security and Privacy

自引率

0.00%

发文量

期刊最新文献

A Logic of Secure Systems and its Application to Trusted Computing Noninterference for a Practical DIFC-Based Operating System Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments Formally Certifying the Security of Digital Signature Schemes Password Cracking Using Probabilistic Context-Free Grammars