Modeling TCG-Based Secure Systems with Colored Petri Nets

With the rapid progresses in trusted computing related research and application, many trusted computing based security mechanisms have been proposed to defend against threats in open, dynamic and distributed environments. These mechanisms are supposed to serve as the security foundations in the underlying systems. However, the correctness of these security mechanisms still require further examination and validation. We propose a Colored Petri Nets (CPN or CP-nets) based approach to model the trusted computing based secure system. In particular, with CPN, we model process management, data protection and late launch mechanisms in the systems. Further, as case studies we use these models to investigate the memory protection mechanism in TrustVisor and remote attestation based on dynamic root of trust, respectively; and the results demonstrate that our models are indeed capable of depicting real secure system based on trusted computing. With the advantages of CPN based modeling and analysis (e.g., graphical representation, well defined semantics and a large number of formal analysis methods), our models can well serve as the foundation for formal analysis on the security properties of trusted computing enhanced systems.

[1]  Ole Lehrmann Madsen,et al.  Object-oriented programming in the BETA programming language , 1993 .

[2]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[3]  M. Schunter,et al.  Property Attestation — Scalable and Privacy-friendly Security Assessment of Peer Computers , 2004 .

[4]  David de Frutos-Escrig,et al.  Formal Techniques for Networked and Distributed Systems – FORTE 2004 , 2004, Lecture Notes in Computer Science.

[5]  Zheng Yan,et al.  Trust Modeling and Management in Digital Environments: From Social Concept to System Development , 2010 .

[6]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[7]  Bengt Jonsson,et al.  CONCUR ’94: Concurrency Theory , 1994, Lecture Notes in Computer Science.

[8]  Anand R. Tripathi,et al.  Static verification of security requirements in role based CSCW systems , 2003, SACMAT '03.

[9]  Kurt Jensen,et al.  Coloured Petri Nets: Modelling and Validation of Concurrent Systems , 2009 .

[10]  Anupam Datta,et al.  Compositional System Security in the Presence of Interface-Confined Adversaries (CMU-CyLab-10-004) , 2010 .

[11]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[12]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[13]  Hong Zhao,et al.  Formal Analysis of Secure Bootstrap in Trusted Computing , 2007, ATC.

[14]  Michael Hafner,et al.  Building a stateful reference monitor with coloured petri nets , 2009, 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[15]  Michael Hafner,et al.  A usage control policy specification with Petri nets , 2009, 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[16]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[17]  Dilsun Kirli Kaynar,et al.  Compositional System Security with Interface-Confined Adversaries , 2010, MFPS.

[18]  Carsten Rudolph,et al.  Security Evaluation of Scenarios Based on the TCG's TPM Specification , 2007, ESORICS.

[19]  Robert H. Deng,et al.  Remote Attestation on Function Execution (Work-in-Progress) , 2009, INTRUST.

[20]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[21]  Jianfeng Ma,et al.  Universally composable secure TNC model and EAP-TNC protocol in IF-T , 2010, Science China Information Sciences.

[22]  Huanguo Zhang,et al.  Research on Automated Testing of the Trusted Platform Model , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[23]  Srilatha Manne,et al.  Accelerating two-dimensional page walks for virtualized systems , 2008, ASPLOS.

[24]  Hanifa Boucheneb,et al.  Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools , 2009, Trans. Comput. Sci..

[25]  Konstantin Knorr,et al.  Dynamic access control through Petri net workflows , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[26]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[27]  Joachim Biskup,et al.  Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings , 2007, ESORICS.

[28]  Ahmad-Reza Sadeghi,et al.  A protocol for property-based attestation , 2006, STC '06.

[29]  John C. Mitchell,et al.  Protocol Composition Logic (PCL) , 2007, Computation, Meaning, and Logic.

[30]  Kurt Jensen,et al.  Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Vol. 2, Analysis Methods , 1992 .

[31]  Wolfgang Reisig,et al.  Application and Theory of Petri Nets 1996 , 1996, Lecture Notes in Computer Science.

[32]  Jens Bæk Jørgensen,et al.  Modelling and Analysis of Distributed Program Execution in BETA Using Coloured Petri Nets , 1996, Application and Theory of Petri Nets.

[33]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[34]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[35]  Robert H. Deng,et al.  Remote Attestation on Function Execution , 2010 .

[36]  Grzegorz Rozenberg,et al.  Advances in Petri Nets 1985 , 1985, Lecture Notes in Computer Science.

[37]  Fan Hong,et al.  Modeling Chinese Wall Policy Using Colored Petri Nets , 2006, The Sixth IEEE International Conference on Computer and Information Technology (CIT'06).

[38]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[39]  Fan Hong,et al.  Verification of Strict Integrity Policy via Petri Nets , 2006, 2006 International Conference on Systems and Networks Communications (ICSNC'06).

[40]  Chuang Lin,et al.  Security analysis of mandatory access control model , 2004, 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).

[41]  Robert H. Deng,et al.  Remote Platform Attestation: The Testimony for Trust Manageement , 2010 .

[42]  Martín Abadi,et al.  A Logical Account of NGSCB , 2004, FORTE.

[43]  Armin Zimmermann Colored Petri Nets , 2008 .

[44]  Greg Mills,et al.  New Security Paradigms , 2001 .

[45]  Marina L. Gavrilova,et al.  Transactions on Computational Science IV, Special Issue on Security in Computing , 2009, Trans. Comput. Sci..

[46]  Gil Neiger,et al.  Intel ® Virtualization Technology for Directed I/O , 2006 .

[47]  Robert H. Deng,et al.  Remote attestation on program execution , 2008, STC '08.

[48]  Dilsun Kirli Kaynar,et al.  A Logic of Secure Systems and its Application to Trusted Computing , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[49]  Vijay Varadharajan,et al.  Hook-up property for information flow secure nets , 1991, Proceedings Computer Security Foundations Workshop IV.

[50]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[51]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems: OTM 2008 , 2008, Lecture Notes in Computer Science.

[52]  Mattia Monga,et al.  Replay attack in TCG specification and solution , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[53]  Ahmad-Reza Sadeghi,et al.  TCG inside?: a note on TPM specification compliance , 2006, STC '06.

[54]  Kurt Jensen,et al.  An Introduction to the Theoretical Aspects of Coloured Petri Nets , 1993, REX School/Symposium.