Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing
-
Upload
aurelia-allison -
Category
Documents
-
view
23 -
download
1
description
Transcript of Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing
![Page 1: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/1.jpg)
1
Modeling and Analysis of Networked Secure Systems with Application to Trusted
Computing
Jason FranklinJoint work with Deepak Garg,
Dilsun Kaynar, and Anupam Datta
![Page 2: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/2.jpg)
2
Motivation
• Despite progress in cryptography and security protocols, designing secure systems remains difficult
– Network protocols and cryptography rely on secure system assumption
• Problem: Attackers violate secure system assumption by exploiting system design flaws
• Solution: Prove security of system designs
![Page 3: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/3.jpg)
3
Motivating Example
ClientSystem
Network
Network
Server System
![Page 4: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/4.jpg)
4
Trusted Computing
• Question: How do we trust remote servers?
• Proposed Solution: Ask servers what programs they are running?– Server attests to (vouches for) its running software…
![Page 5: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/5.jpg)
5
I’ll ask what programs they
have run!
How do I know if I can trust that server?
Hey server! What code
have you run?
Server System
Details of Proposed Solution
ClientSystem
Network Network
Network Protocol Analysis
System and Network Protocol AnalysisSince I last rebooted, I’ve run
0: Operating System1: Web Server
2: Shopping Cart Server
Request Reply
I trust those programs to
protect my data!
![Page 6: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/6.jpg)
6
In this talk…
• Describe Logic of Secure Systems (LS^2)– Modeling system designs– Analysis of system designs
• Analyze trusted computing protocol
• Limitations, work in progress, and conclusion
![Page 7: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/7.jpg)
7
Hey server! What code
have you run?
Server System
Modeling Protocols as Programs
ClientSystem
Network Networkrequest Reply
Client ≡
request := read question;
send request;
reply := receive;
match /reply/trusted/;
Server ≡
r := receive;
send reply;
Since I last rebooted, I’ve run
0: Operating System1: Web Server
2: Shopping Cart Server
I trust those programs to
protect my data!
![Page 8: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/8.jpg)
8
Components of Model
ExplicitTime
EncryptionDecryption
Hash Sign/Verify
MemoryProtection
Memory
NetworkComm.
Threads
ControlFlow
Key:
AddedExisting
HardwareResets
TrustedComputing
![Page 9: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/9.jpg)
9
Modeling Details
• Memory– Read and write named memory locations
• Example: d := read Mem[x];
• Memory Protection– Exclusive write locks
• Example: lock(Mem[x]);
• Explicit time– Ordering events
• Read at time TR, Write at time TW and TR < TW
– Expressing invariants• Mem[x] contains value V during interval (TR,TW)
![Page 10: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/10.jpg)
10
Server System
New Adversary Model
ClientSystem
Network Network
I can remove, reorder, or
replay messages.
Standard Network Adversary
I can generate messages if I
know their components!
I’m a malicious local thread!
I can write to any unprotected memory location!
I can read any memory location!
I collude with the network adversary!
![Page 11: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/11.jpg)
11
Overview of Protocol Analysis
Analysis
Suppose Client code executed then:
Server is executing trusted programs
Modeling
Client ≡
request := read question;
send request;
reply := receive;
match /reply/trusted/;
![Page 12: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/12.jpg)
12
LS^2, what are you good for?
• Describe Logic of Secure Systems (LS^2)
• Analyze trusted computing protocol
• Limitations, work in progress, and conclusion
![Page 13: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/13.jpg)
13
Hey server! What code
have you run?
MaliciousServer
System
Problems with Trusted Computing Protocol
ClientSystem
Network Networkrequest
Reply
Client ≡
request := read question;
send request;
reply := receive;
match /reply/trusted/;
MALICIOUS_Server ≡
r := receive;
send “linux”;
I trust those programs to
protect my data!
Since I last rebooted, I’ve run linux. Really, I have!
Since I last rebooted, I’ve run malicious code.
Mwhahaha!!!!
![Page 14: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/14.jpg)
14
Server System
Solution: Trusted Coprocessor
ClientSystem
NetworkNetwork
TrustedCoprocessor
![Page 15: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/15.jpg)
15
Trusted Coprocessor
• Trusted Computing– Augments platform with
trusted co-processor
• Coprocessor includes:– Crypto. Primitives– Keys– Append-only log
Coprocessor
Log : A B …
Log.append(A);Log.append(B);
![Page 16: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/16.jpg)
16
Server with Coprocessor
Booting ≡
1. append log, os_code;
os := read os_code;
2. call os;
3. append log, web_server_code;
ws := read web_server_code;
4. call ws;Coprocessor
OS
Web Server
1. Append2. Call
4. Call 3. Append
Log = os_code web_server_code …
Server System
![Page 17: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/17.jpg)
17
ClientSystem
Coprocessor Vouching for Log
Client_Receive ≡
s := receive;
verify s, seq(os_code, ws_code), K
Signer ≡
_ := receive;
w := read log;
s := sign w, K;
send s
Log = os_code ws_code …
s := SIGN K, (os_code, ws_code)
![Page 18: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/18.jpg)
18
Protocol Analysis
Analysis
Suppose Client code executed then:
Server is executing trusted programs
Modeling
Client_Receive ≡
s := receive;
verify s, seq(os_code, ws_code), K
![Page 19: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/19.jpg)
19
Trusted Computing Analysis
Reset
@ T R
Call t
o OS C
ode @
T OS
Read L
og @ T Rea
d
No Resets during TR to TRead
Begin EndVerify
Log @
T V
• Suppose that clients’s thread executes code Client_Receive in time interval [Begin, End) then the following properties hold:
![Page 20: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/20.jpg)
20
Anyone See Security Vulnerability?
• Reset attack possible after read of log
Reset
@ T R
Call t
o OS C
ode @
T OS
Read L
og @ T Rea
d
No Resets during TR to TRead
Begin EndVerify
Log @
T V
Server Reset
Verification of Stale Data
Client believes server can be trusted!
![Page 21: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/21.jpg)
21
Adversaries Attack Assumptions
• Assumptions:– Client is not running in coprocessor– Coprocessor does not reveal its private key– Coprocessor only executes Signer– Programs in memory are write locked
![Page 22: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/22.jpg)
22
Up next…
• Describe Logic of Secure Systems (LS^2)– Designed for modeling and analysis of system
specifications
• Use LS^2 to analyze trusted computing protocols– Specify trusted computing protocols – State security properties and security proof – Discuss implications and analysis of proof
• Limitations, work in progress, and conclusion
![Page 23: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/23.jpg)
23
Limitations and Work In Progress
• Control flow and context sensitive analysis• Composition theorems for modular analysis of
complex systems• Expanding access control policies• Analysis of other trusted computing protocols• Modeling layer diagrams
Hardware
Operating System
User Level Programs
Layer Diagram
![Page 24: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/24.jpg)
24
Related Work
• LS^2 is derived from Protocol Composition Logic [Datta05-07]
• Related work on program correctness:– Concurrent separation logic [Brookes04]– Verification of concurrent systems [TLA,
Lamport84, Owicki&Gries76]
![Page 25: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/25.jpg)
25
Conclusion
• LS^2 is logic for analysis of networked secure systems including local and network adversaries
• LS^2 models abstract memory protections, time, hardware resets, and security primitives
• Described formal analysis of trusted computing– Identified reset attack
• Ongoing work seeks to expand scope of LS^2
![Page 26: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/26.jpg)
26
Take Home Points
• If you are designing secure systems: – LS^2 enables security analysis of system
design before you implement• Avoids costly and embarrassing vulnerabilities• Clarifies security properties of design
• Even if you are just using secure systems:– LS^2 can provide stronger guarantees about
your security
![Page 27: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/27.jpg)
27
Questions?
• Theory of Secure Systems Project (ToSS) – http://www.cs.cmu.edu/~jfrankli/toss
• Publications and Manuscripts:– D. Garg, J. Franklin, D. Kaynar, A. Datta. “Towards a
Theory of Secure Systems” Cylab Technical Report, Feb. 2008.
– D. Garg, J. Franklin, D. Kaynar, A. Datta. “A Logic for Reasoning about Networked Secure Systems.” Under submission to FCS ’08.
– J. Franklin, D. Garg, D. Kaynar, A. Datta. “Modeling and Security Analysis of Trusted Computing.” In progress.
![Page 28: Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing](https://reader035.fdocuments.in/reader035/viewer/2022062717/56812a5f550346895d8dce78/html5/thumbnails/28.jpg)
28
2