Team for Research in
Ubiquitous Secure Technology

Citation
Jason Franklin. "A Logic of Secure Systems and its Application to Trusted Computing". Talk or presentation, 30, November, 2009.

Abstract
We present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication, and dynamically loading and executing unknown (and potentially untrusted) code. The adversary's capabilities are constrained by the system interface as defined in the programming model (leading to the name csi-adversary). We develop a sound proof system for reasoning about programs without explicitly reasoning about adversary actions. We use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols. The proofs make precise assumptions needed for the security of these protocols and reveal an insecure interaction between the two protocols.

Electronic downloads

• 11%20-%20Franklin.pptx · application/vnd.openxmlformats-officedocument.presentationml.pre · 951 kbytes

• HTML

  Jason Franklin. <a
  href="http://www.truststc.org/pubs/641.html"
  ><i>A Logic of Secure Systems and its Application
  to Trusted Computing</i></a>, Talk or
  presentation,  30, November, 2009.

• Plain text

  Jason Franklin. "A Logic of Secure Systems and its
  Application to Trusted Computing". Talk or
  presentation,  30, November, 2009.

• BibTeX

  @presentation{Franklin09_LogicOfSecureSystemsItsApplicationToTrustedComputing,
      author = {Jason Franklin},
      title = {A Logic of Secure Systems and its Application to
                Trusted Computing},
      day = {30},
      month = {November},
      year = {2009},
      abstract = {We present a logic for reasoning about properties
                of secure systems. The logic is built around a
                concurrent programming language with constructs
                for modeling machines with shared memory, a simple
                form of access control on memory, machine resets,
                cryptographic operations, network communication,
                and dynamically loading and executing unknown (and
                potentially untrusted) code. The adversary's
                capabilities are constrained by the system
                interface as defined in the programming model
                (leading to the name csi-adversary). We develop a
                sound proof system for reasoning about programs
                without explicitly reasoning about adversary
                actions. We use the logic to characterize trusted
                computing primitives and prove code integrity and
                execution integrity properties of two remote
                attestation protocols. The proofs make precise
                assumptions needed for the security of these
                protocols and reveal an insecure interaction
                between the two protocols.},
      URL = {http://www.truststc.org/pubs/641.html}
  }
  

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.