A Logic of Secure Systems and its Application to Trusted Computing

Author

Datta, Anupam ; Franklin, Jason ; Garg, Deepak ; Kaynar, Dilsun

fYear

2009

fDate

17-20 May 2009

Firstpage

221

Lastpage

236

Abstract

We present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication, and dynamically loading and executing unknown (and potentially untrusted) code. The adversary´s capabilities are constrained by the system interface as defined in the programming model (leading to the name CSI -ADVERSARY). We develop a sound proof system for reasoning about programs without explicitly reasoning about adversary actions. We use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols. The proofs make precise assumptions needed for the security of these protocols and reveal an insecure interaction between the two protocols.

Keywords

authorisation; cryptography; programming languages; protocols; reasoning about programs; CSI -ADVERSARY; access control; concurrent programming language; cryptographic operations; machine resets; network communication; reasoning about programs; remote attestation protocols; secure systems; shared memory; trusted computing; Access control; Computer applications; Computer languages; Cryptography; Logic programming; Protocols; Read-write memory; Security; Virtual machine monitors; Yarn; Formal Reasoning; Logic of Secure Systems; Remote Attestation; Trusted Computing;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2009 30th IEEE Symposium on

Conference_Location

Berkeley, CA

ISSN

1081-6011

Print_ISBN

978-0-7695-3633-0

Type

conf

DOI

10.1109/SP.2009.16

Filename

5207647