Team for Research in
Ubiquitous Secure Technology

A Logic of Secure Systems and its Application to Trusted Computing
Jason Franklin

Citation
Jason Franklin. "A Logic of Secure Systems and its Application to Trusted Computing". Talk or presentation, 30, November, 2009.

Abstract
We present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication, and dynamically loading and executing unknown (and potentially untrusted) code. The adversary's capabilities are constrained by the system interface as defined in the programming model (leading to the name csi-adversary). We develop a sound proof system for reasoning about programs without explicitly reasoning about adversary actions. We use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols. The proofs make precise assumptions needed for the security of these protocols and reveal an insecure interaction between the two protocols.

Electronic downloads

Citation formats  
  • HTML
    Jason Franklin. <a
    href="http://www.truststc.org/pubs/641.html"
    ><i>A Logic of Secure Systems and its Application
    to Trusted Computing</i></a>, Talk or
    presentation,  30, November, 2009.
  • Plain text
    Jason Franklin. "A Logic of Secure Systems and its
    Application to Trusted Computing". Talk or
    presentation,  30, November, 2009.
  • BibTeX
    @presentation{Franklin09_LogicOfSecureSystemsItsApplicationToTrustedComputing,
        author = {Jason Franklin},
        title = {A Logic of Secure Systems and its Application to
                  Trusted Computing},
        day = {30},
        month = {November},
        year = {2009},
        abstract = {We present a logic for reasoning about properties
                  of secure systems. The logic is built around a
                  concurrent programming language with constructs
                  for modeling machines with shared memory, a simple
                  form of access control on memory, machine resets,
                  cryptographic operations, network communication,
                  and dynamically loading and executing unknown (and
                  potentially untrusted) code. The adversary's
                  capabilities are constrained by the system
                  interface as defined in the programming model
                  (leading to the name csi-adversary). We develop a
                  sound proof system for reasoning about programs
                  without explicitly reasoning about adversary
                  actions. We use the logic to characterize trusted
                  computing primitives and prove code integrity and
                  execution integrity properties of two remote
                  attestation protocols. The proofs make precise
                  assumptions needed for the security of these
                  protocols and reveal an insecure interaction
                  between the two protocols.},
        URL = {http://www.truststc.org/pubs/641.html}
    }
    

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.