论文信息 - Pasture Node State Specification

Pasture Node State Specification

Pasture [5] is a secure messaging and logging library that enables secure off-line data access on untrusted user devices by leveraging commodity trusted hardware. Pasture does not trust the application, OS, or hypervisor and even admits hardware snooping attacks, while providing two important safety properties: access-undeniability (a user cannot deny any off-line data access obtained by his device without failing an audit) and verifiable-revocation (a user who generates a verifiable proof of revocation of unaccessed data can never access that data in the future). Each node running Pasture uses its Trusted Platform Module to protect and log access to encryption keys that shield the data. Permanently forfeiting the ability to access an unused decryption key is the basis of revocation.

Ramakrishna Kotla | Thomas L. Rodeheffer | T. Rodeheffer | R. Kotla

[1] Stephan Merz,et al. Verifying Safety Properties with the TLA+ Proof System , 2010, IJCAR.

[2] Jonathan M. McCune,et al. Memoir---Formal Specs and Correctness Proofs , 2011 .

[3] Michael K. Reiter,et al. Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[4] Leslie Lamport,et al. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[5] Jonathan M. McCune,et al. Memoir: Practical State Continuity for Protected Modules , 2011, 2011 IEEE Symposium on Security and Privacy.

[6] Leendert van Doorn,et al. A Practical Guide to Trusted Computing , 2007 .

[7] Michael Norrish,et al. seL4: formal verification of an OS kernel , 2009, SOSP '09.

[8] Ramakrishna Kotla,et al. Pasture: Secure Offline Data Access Using Commodity Trusted Hardware , 2012, OSDI.

[9] Thomas L. Rodeheffer,et al. Cyclic Commit Protocol Specifications , 2008 .