Runtime verification for trustworthy secure shell deployment

Incorrect cryptographic protocol implementation and malware attacks targeting its runtime may lead to insecure execution even if the protocol design has been proven safe. This research focuses on adapting a runtime-verification-centric trusted execution environment (RV-TEE) solution to a cryptographic protocol deployment --- particularly that of the Secure Shell Protocol (SSH). We aim to show that our approach, which does not require any specific security hardware or operating system modifications, is feasible through the design of a framework and work-in-progress empirical evaluation. We provide: (i) The design of the setup involving SSH, (ii) The provision of the RV-TEE setup with SSH implementation, including (iii) An overview of the property extraction process through a methodical analysis of the SSH protocol specifications.

[1]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[2]  Dejan Nickovic,et al.  Runtime Monitoring with Recovery of the SENT Communication Protocol , 2017, CAV.

[3]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2000, Journal of Cryptology.

[4]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[5]  Sandro Pinto,et al.  Demystifying Arm TrustZone , 2019, ACM Comput. Surv..

[6]  Abdelmadjid Bouabdallah,et al.  Trusted Execution Environment: What It is, and What It is Not , 2015, TrustCom 2015.

[7]  Gordon J. Pace,et al.  Industrial Experiences with Runtime Verification of Financial Transaction Systems: Lessons Learnt and Standing Challenges , 2018, Lectures on Runtime Verification.

[8]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave , 2016, HASP 2016.

[9]  Biplab Sikdar,et al.  HAtt: Hybrid Remote Attestation for the Internet of Things With High Availability , 2020, IEEE Internet of Things Journal.

[10]  Gordon J. Pace,et al.  LARVA --- Safer Monitoring of Real-Time Java Programs (Tool Paper) , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[11]  Robert Künnemann,et al.  Short Paper: Modular Black-box Runtime Verification of Security Protocols , 2020, PLAS@CCS.

[12]  Jan Jürjens,et al.  Runtime verification of cryptographic protocols , 2010, Comput. Secur..

[13]  Gordon J. Pace,et al.  Safer asynchronous runtime monitoring using compensations , 2012, Formal Methods Syst. Des..

[14]  Christian Colombo,et al.  Towards a Comprehensive Solution for Secure Cryptographic Protocol Execution based on Runtime Verification , 2020, ICISSP.

[15]  Ranveer Chandra,et al.  VeriFi: Model-Driven Runtime Verification Framework for Wireless Protocol Implementations , 2018, ArXiv.

[16]  Ezio Bartocci,et al.  Introduction to Runtime Verification , 2018, Lectures on Runtime Verification.

[17]  Xiang Zhang,et al.  Defensing the malicious attacks of vehicular network in runtime verification perspective , 2016, 2016 IEEE International Conference on Electronic Information and Communication Technology (ICEICT).