{"title":"$\\pi_{\\mathbf{RA}}$: A $\\pi\\text{-calculus}$用于验证使用远程认证的协议","authors":"E. Lanckriet, Matteo Busi, Dominique Devriese","doi":"10.1109/CSF57540.2023.00019","DOIUrl":null,"url":null,"abstract":"Remote attestation (RA) is a primitive that allows the authentication of software components on untrusted systems by relying on a root of trust. Network protocols can use the primitive to establish trust in remote software components they communicate with. As such, RA can be regarded as a first-class security primitive like (a)symmetric encryption, message authentication, etc. However, current formal models of RA do not allow analysing protocols that use the primitive without tying them to specific platforms, low-level languages, memory protection models, or implementation details. In this paper, we propose and demonstrate a new model, called $\\pi_{\\mathbf{RA}}$, that supports RA at a high level of abstraction by treating it as a cryptographic primitive in a variant of the applied $\\pi- \\mathbf{calculus}$. To demonstrate the use of $\\pi_{\\mathbf{RA}}$, we use it to formalise and analyse the security of MAGE, an SGX-based framework that allows mutual attestation of multiple enclaves. The protocol is formalised in the form of a compiler that implements actor-based communication primitives in a source language $(\\pi_{\\text{Actor}})$ in terms of remote attestation primitives in $\\pi_{\\text{RA}}$. Our security analysis uncovers a caveat in the security of MAGE that was left unmentioned in the original paper.","PeriodicalId":179870,"journal":{"name":"2023 IEEE 36th Computer Security Foundations Symposium (CSF)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"$\\\\pi_{\\\\mathbf{RA}}$: A $\\\\pi\\\\text{-calculus}$ for Verifying Protocols that Use Remote Attestation\",\"authors\":\"E. Lanckriet, Matteo Busi, Dominique Devriese\",\"doi\":\"10.1109/CSF57540.2023.00019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Remote attestation (RA) is a primitive that allows the authentication of software components on untrusted systems by relying on a root of trust. Network protocols can use the primitive to establish trust in remote software components they communicate with. As such, RA can be regarded as a first-class security primitive like (a)symmetric encryption, message authentication, etc. However, current formal models of RA do not allow analysing protocols that use the primitive without tying them to specific platforms, low-level languages, memory protection models, or implementation details. In this paper, we propose and demonstrate a new model, called $\\\\pi_{\\\\mathbf{RA}}$, that supports RA at a high level of abstraction by treating it as a cryptographic primitive in a variant of the applied $\\\\pi- \\\\mathbf{calculus}$. To demonstrate the use of $\\\\pi_{\\\\mathbf{RA}}$, we use it to formalise and analyse the security of MAGE, an SGX-based framework that allows mutual attestation of multiple enclaves. The protocol is formalised in the form of a compiler that implements actor-based communication primitives in a source language $(\\\\pi_{\\\\text{Actor}})$ in terms of remote attestation primitives in $\\\\pi_{\\\\text{RA}}$. Our security analysis uncovers a caveat in the security of MAGE that was left unmentioned in the original paper.\",\"PeriodicalId\":179870,\"journal\":{\"name\":\"2023 IEEE 36th Computer Security Foundations Symposium (CSF)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE 36th Computer Security Foundations Symposium (CSF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSF57540.2023.00019\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 36th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF57540.2023.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
$\pi_{\mathbf{RA}}$: A $\pi\text{-calculus}$ for Verifying Protocols that Use Remote Attestation
Remote attestation (RA) is a primitive that allows the authentication of software components on untrusted systems by relying on a root of trust. Network protocols can use the primitive to establish trust in remote software components they communicate with. As such, RA can be regarded as a first-class security primitive like (a)symmetric encryption, message authentication, etc. However, current formal models of RA do not allow analysing protocols that use the primitive without tying them to specific platforms, low-level languages, memory protection models, or implementation details. In this paper, we propose and demonstrate a new model, called $\pi_{\mathbf{RA}}$, that supports RA at a high level of abstraction by treating it as a cryptographic primitive in a variant of the applied $\pi- \mathbf{calculus}$. To demonstrate the use of $\pi_{\mathbf{RA}}$, we use it to formalise and analyse the security of MAGE, an SGX-based framework that allows mutual attestation of multiple enclaves. The protocol is formalised in the form of a compiler that implements actor-based communication primitives in a source language $(\pi_{\text{Actor}})$ in terms of remote attestation primitives in $\pi_{\text{RA}}$. Our security analysis uncovers a caveat in the security of MAGE that was left unmentioned in the original paper.