New abstractions in applied pi-calculus and automated verification of protected executions

Protocols for the protected execution of programs, like those based on a hardware root of trust, will become of fundamental importance for computer security. In parallel to such protocols, there is therefore a need to develop models and tools that allow formal specification and automated verification of the desired security properties. Still, current protocols lack realistic models and automated proofs of security. This is due to several challenges that we address in this paper. We consider the classical setting of applied pi-calculus and ProVerif, that we enrich with several generic models that allow verification of protocols designed for a given computing platform. Our contributions include models for specifying platform states and for dynamically loading and executing protected programs. We also propose a new method to make ProVerif terminate on a challenging search space the one obtained by allowing an unbounded number of extensions and resets for the platform configuration registers of the TPM. We illustrate our methods with the case study of a protocol for a dynamic root of trust (based on a TPM), which includes dynamic loading, measurement and protected execution of programs. We prove automatically with ProVerif that code integrity and secrecy of sealed data hold for the considered protocol.

[1]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[2]  Avik Chaudhuri,et al.  Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[3]  Ralf Küsters,et al.  Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[4]  Mark Ryan,et al.  Reduction of Equational Theories for Verification of Trace Equivalence: Re-encryption, Associativity and Commutativity , 2012, POST.

[5]  Rafal Wojtczuk,et al.  Another Way to Circumvent Intel ® Trusted Execution Technology , 2009 .

[6]  David Grawrock Dynamics of a trusted platform: a building block approach , 2009 .

[7]  Cédric Fournet,et al.  Compiling Information-Flow Security to Minimal Trusted Computing Bases , 2011, ESOP.

[8]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[9]  Benjamin Morin,et al.  ACPI and SMI handlers: some limits to trusted computing , 2010, Journal in Computer Virology.

[10]  Graham Steel,et al.  A Formal Analysis of Authentication in the TPM , 2010, Formal Aspects in Security and Trust.

[11]  Mark Ryan,et al.  Applied pi calculus , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[12]  Bent Thomsen,et al.  A calculus of higher order communicating systems , 1989, POPL '89.

[13]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[14]  Sagar Chaki,et al.  Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size , 2010, 2010 IEEE Symposium on Security and Privacy.

[15]  Davide Sangiorgi,et al.  From pi-Calculus to Higher-Order pi-Calculus - and Back , 1993, TAPSOFT.

[16]  Rafal Wojtczuk,et al.  Attacking Intel TXT via SINIT code execution hijacking , 2011 .

[17]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[18]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[19]  Sebastian Mödersheim Abstraction by set-membership: verifying security protocols and web services with databases , 2010, CCS '10.

[20]  Jean-Pierre Jouannaud,et al.  Rewrite Systems , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[21]  Dilsun Kirli Kaynar,et al.  A Logic of Secure Systems and its Application to Trusted Computing , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[22]  Véronique Cortier,et al.  Analysing Routing Protocols: Four Nodes Topologies Are Sufficient , 2012, POST.

[23]  Sagar Chaki,et al.  Parametric Verification of Address Space Separation , 2012, POST.

[24]  Tobias Nipkow,et al.  Term rewriting and all that , 1998 .

[25]  Bruno Blanchet,et al.  Verification of security protocols with lists: From length one to unbounded length , 2012, J. Comput. Secur..