research-article

Automated Trust Analysis of Copland Specifications for Layered Attestations✱

Authors:

John D. Ramsdell,

Ian D. KretzAuthors Info & Claims

PPDP '21: Proceedings of the 23rd International Symposium on Principles and Practice of Declarative Programming

Article No.: 23, Pages 1 - 15

https://doi.org/10.1145/3479394.3479418

Published: 07 October 2021 Publication History

Abstract

In distributed systems, trust decisions are often based on remote attestations in which evidence is gathered about the integrity of subcomponents. Layered attestations leverage hierarchical dependencies among the subcomponents to bolster the trustworthiness of evidence. Copland is a declarative, domain-specific language for specifying complex layered attestations. How phrases are composed bears directly on the trustworthiness of the evidence they produce, and complex phrases become quite difficult to analyze by hand. We introduce an automated method for analyzing executions of attestations specified by Copland phrases in an adversarial setting. We develop a general theory of executions with adversarial corruption and repair events. Our approach is to enrich the Copland semantics according to this theory. Using the model finder Chase, we characterize all executions consistent with a set of initial assumptions. From this set of models, an analyst can discover all ways an active adversary can corrupt subcomponents without being detected by the attestation. These efforts afford trust policymakers the ability to compare attestations expressed as Copland phrases against trust policy in a way that encompasses both static and runtime concerns.

References

[1]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the Art of Virtualization. SIGOPS Oper. Syst. Rev. 37, 5 (Oct. 2003), 164–177. https://doi.org/10.1145/1165389.945462

Digital Library

[2]

H. Birkholz, D. Thaler, M. Richardson, N. Smith, and W. Pan. 2021. Remote Attestation Procedures Architecture. https://datatracker.ietf.org/doc/draft-ietf-rats-architecture/(Accessed 22-Feb-2021).

[3]

George Coker, Joshua D. Guttman, Peter Loscocco, Amy L. Herzog, Jonathan K. Millen, Brian O’Hanlon, John D. Ramsdell, Ariel Segall, Justin Sheehy, and Brian T. Sniffen. 2011. Principles of remote attestation. Int. J. Inf. Sec. 10, 2 (2011), 63–81.

Digital Library

[4]

Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kirli Kaynar. 2009. A Logic of Secure Systems and its Application to Trusted Computing. In 30th IEEE Symposium on Security and Privacy (S&P 2009), 17-20 May 2009, Oakland, California, USA. 221–236.

Digital Library

[5]

Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, STC 2009, Chicago, Illinois, USA, November 13, 2009. 49–54.

Digital Library

[6]

Herbert B. Enderton. 2001. A mathematical introduction to logic. Academic Press.

[7]

John Fisher and Marc Bezem. 2007. Geolog and Skolem Machines. California State Polytechnic and University of Bergen. https://www.cpp.edu/~jrfisher/www/prolog_tutorial/logic_topics/geolog/index.html.

[8]

Jason Gevargizian and Prasad Kulkarni. 2018. MSRR: Measurement Framework For Remote Attestation. In 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress, DASC/PiCom/DataCom/CyberSciTech 2018, Athens, Greece, August 12-15, 2018. IEEE Computer Society, 748–753.

[9]

Trusted Computing Group. 2011. TPM Main Specification Level 2 version 1.2, Parts 1–3, Revision 116. https://trustedcomputinggroup.org/resource/tpm-main-specification/.

[10]

Intel. 2016. Intel® Software Guard Extensions (Intel® SGX). https://software.intel.com/en-us/sgx.

[11]

Chongkyung Kil, Emre Can Sezer, Ahmed M. Azab, Peng Ning, and Xiaolan Zhang. 2009. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, Estoril, Lisbon, Portugal, June 29 - July 2, 2009. 115–124.

[12]

Peter Loscocco, Perry W. Wilson, J. Aaron Pendergrass, and C. Durward McDonell. 2007. Linux kernel integrity measurement using contextual inspection. In Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing, STC 2007, Alexandria, VA, USA, November 2, 2007. 21–29.

Digital Library

[13]

David Maier, Alberto O. Mendelzon, and Yehoshua Sagiv. 1979. Testing Implications of Data Dependencies. ACM Trans. Database Syst. 4, 4 (1979), 455–469. https://doi.org/10.1145/320107.320115

Digital Library

[14]

J. Aaron Pendergrass, Sarah Helble, John Clemens, and Peter Loscocco. 2018. A Platform Service for Remote Integrity Measurement and Attestation. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). 1–6. https://doi.org/10.1109/MILCOM.2018.8599735

Digital Library

[15]

Adam Petz. 2021. Personal communication.

[16]

Adam Petz and Perry Alexander. 2019. A copland attestation manager. In Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019, Nashville, TN, USA, April 1-3, 2019, Xenofon D. Koutsoukos, Alvaro A. Cárdenas, and Ehab Al-Shaer (Eds.). ACM, 6:1–6:10.

Digital Library

[17]

Adam Petz and Perry Alexander. 2021. An Infrastructure for Faithful Execution of Remote Attestation Protocols. In NASA Formal Methods, Aaron Dutle, Mariano M. Moscato, Laura Titolo, César A. Muñoz, and Ivan Perez (Eds.). Springer International Publishing, Cham, 268–286.

[18]

John D. Ramsdell. 2019. Chase Source Repository. The MITRE Corporation. https://github.com/ramsdell/chase, install with opam install chase.

[19]

John D. Ramsdell, Paul D. Rowe, Perry Alexander, Sarah C. Helble, Peter Loscocco, J. Aaron Pendergrass, and Adam Petz. 2019. Orchestrating Layered Attestations, In Principles of Security and Trust, Flemming Nielson and David Sands (Eds.). LNCS 11426, 197–221. https://ku-sldg.github.io/copland/resources/copland-post-2019.pdf.

[20]

Paul D. Rowe. 2016. Bundling Evidence for Layered Attestation. In Trust and Trustworthy Computing, Michael Franz and Panos Papadimitratos (Eds.). Springer International Publishing, Cham, 119–139.

[21]

Paul D. Rowe. 2016. Confining Adversary Actions via Measurement. In Graphical Models for Security, Barbara Kordy, Mathias Ekstedt, and Dong Seong Kim (Eds.). Springer International Publishing, Cham, 150–166.

[22]

Paul D. Rowe, John D. Ramsdell, and Ian D. Kretz. 2021. Copland: Semantics, languages and tools for layered attestation. https://copland-lang.org/resources/chase/ppdp/README.

[23]

Salman Saghafi and Daniel J. Dougherty. 2014. Razor: Provenance and Exploration in Model-Finding. In 4th Workshop on Practical Aspects of Automated Reasoning (PAAR).

[24]

Mark Thober, J. Aaron Pendergrass, and Andrew D. Jurik. 2012. JMF: Java Measurement Framework. In Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing. ACM, 21–32.

Digital Library

[25]

Anthony Velte and Toby Velte. 2009. Microsoft virtualization with Hyper-V. McGraw-Hill, Inc.

Digital Library

Cited By

Kretz IRowe PParran CRamsdell J(2024)Evidence Tampering and Chain of Custody in Layered AttestationsProceedings of the 26th International Symposium on Principles and Practice of Declarative Programming10.1145/3678232.3678244(1-11)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678232.3678244
Petz AThomas WFritz ABarclay TSchmalz LAlexander P(2024)Verified Configuration and Deployment of Layered Attestation ManagersSoftware Engineering and Formal Methods10.1007/978-3-031-77382-2_17(290-308)Online publication date: 26-Nov-2024
https://doi.org/10.1007/978-3-031-77382-2_17
Petz AAlexander P(2022)Formally verified bundling and appraisal of evidence for layered attestationsInnovations in Systems and Software Engineering10.1007/s11334-022-00475-119:4(411-426)Online publication date: 4-Sep-2022
https://dl.acm.org/doi/10.1007/s11334-022-00475-1
Show More Cited By

Recommendations

Evidence Tampering and Chain of Custody in Layered Attestations
PPDP '24: Proceedings of the 26th International Symposium on Principles and Practice of Declarative Programming

In distributed systems, trust decisions are made on the basis of integrity evidence generated via remote attestation. Examples of the kinds of evidence that might be collected are boot time image hash values; fingerprints of initialization files for ...
The Metaphysics of Software Trust

This article focuses on the "trust" portion of the trust and dependability duet. Both concepts are important and delicately intertwined, but in this short discussion, the authors say they can only hope to explore one.
Benevolence trust: a key determinant of user continuance use of online social networks

Online social networking (OSN) has attracted increased attention and growing membership in recent years. In this paper, we propose and test an extended and unified theory of acceptance and use of technology (UTAUT) model, including the additional areas ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

PPDP '21: Proceedings of the 23rd International Symposium on Principles and Practice of Declarative Programming

September 2021

277 pages

ISBN:9781450386890

DOI:10.1145/3479394

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 October 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

PPDP 2021

PPDP 2021: 23rd International Symposium on Principles and Practice of Declarative Programming

September 6 - 8, 2021

Tallinn, Estonia

Acceptance Rates

Overall Acceptance Rate 230 of 486 submissions, 47%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
59
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kretz IRowe PParran CRamsdell J(2024)Evidence Tampering and Chain of Custody in Layered AttestationsProceedings of the 26th International Symposium on Principles and Practice of Declarative Programming10.1145/3678232.3678244(1-11)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678232.3678244
Petz AThomas WFritz ABarclay TSchmalz LAlexander P(2024)Verified Configuration and Deployment of Layered Attestation ManagersSoftware Engineering and Formal Methods10.1007/978-3-031-77382-2_17(290-308)Online publication date: 26-Nov-2024
https://doi.org/10.1007/978-3-031-77382-2_17
Petz AAlexander P(2022)Formally verified bundling and appraisal of evidence for layered attestationsInnovations in Systems and Software Engineering10.1007/s11334-022-00475-119:4(411-426)Online publication date: 4-Sep-2022
https://dl.acm.org/doi/10.1007/s11334-022-00475-1
Rowe P(2021)On Orderings in Security ModelsProtocols, Strands, and Logic10.1007/978-3-030-91631-2_21(370-393)Online publication date: 19-Nov-2021
https://doi.org/10.1007/978-3-030-91631-2_21

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten