Practical and Scalable Security Verification of Secure Architectures
Article No.: 2, Pages 1 - 9
Abstract
We present a new and practical framework for security verification of secure architectures. Specifically, we break the verification task into external verification and internal verification. External verification considers the external protocols, i.e. interactions between users, compute servers, network entities, etc. Meanwhile, internal verification considers the interactions between hardware and software components within each server. This verification framework is general-purpose and can be applied to a stand-alone server, or a large-scale distributed system. We evaluate our verification method on the CloudMonatt and HyperWall architectures as examples.
References
[1]
[n.d.]. Event-B and the Rodin Platform. http://www.event-b.org/.
[2]
AMD. [n.d.]. AMD Memory Encryption. https://doi.org/10.1007/978-3-540-45069-6_23, accessed May 2016.
[3]
A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P. C. Heám, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron. 2005. The AVISPA tool for the automated validation of internet security protocols and applications. In Proceedings of the 17th International Conference on Computer Aided Verification(CAV’05). 281–285.
[4]
Bruno Blanchet. 2005. ProVerif automatic cryptographic protocol verifier user manual. CNRS, Departement dInformatique, Ecole Normale Superieure, Paris (2005).
[5]
Bruno Blanchet. 2012. Security Protocol Verification: Symbolic and Computational Models. In International Conference on Principles of Security and Trust.
[6]
Liana Bozga, Yassine Lakhnech, and Michaël Périn. 2003. HERMES: An Automatic Tool for Verification of Secrecy in Security Protocols. In Computer Aided Verification, Warren A. Hunt Jr. and Fabio Somenzi (Eds.). Lecture Notes in Computer Science, Vol. 2725. Springer Berlin Heidelberg, 219–222. https://doi.org/10.1007/978-3-540-45069-6_23
[7]
David Champagne and Ruby B. Lee. 2010. Scalable architectural support for trusted software. In Proceedings of the 16th International Symposium on High Performance Computer Architecture(HPCA). 1–12. https://doi.org/10.1109/HPCA.2010.5416657
[8]
Yu-Yuan Chen, Pramod A Jamkhedkar, and Ruby B Lee. 2012. A software-hardware architecture for self-protecting data. In Proceedings of the 2012 ACM conference on Computer and communications security. 14–27.
[9]
Véronique Cortier and Bogdan Warinschi. 2005. Computationally Sound, Automated Proofs for Security Protocols. In Programming Languages and Systems, Mooly Sagiv (Ed.). Lecture Notes in Computer Science, Vol. 3444. Springer Berlin Heidelberg, 157–171. https://doi.org/10.1007/978-3-540-31987-0_12
[10]
Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 857–874.
[11]
Cas J.F. Cremers. 2008. The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. In Computer Aided Verification, Aarti Gupta and Sharad Malik (Eds.). Lecture Notes in Computer Science, Vol. 5123. Springer Berlin Heidelberg, 414–418. https://doi.org/10.1007/978-3-540-70545-1_38
[12]
Cas J.F. Cremers. 2008. Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In CCS ’08: Proceedings of the 15th ACM conference on Computer and communications security (Alexandria, Virginia, USA). ACM, New York, NY, USA, 119–128. https://doi.org/10.1145/1455770.1455787
[13]
Anupam Datta, Ante Derek, John C. Mitchell, and Arnab Roy. 2007. Protocol Composition Logic (PCL). Electronic Notes in Theoretical Computer Science 172, 0 (2007), 311–358. https://doi.org/10.1016/j.entcs.2007.02.012
[14]
David L. Dill. 1996. The Murphi Verification System. In Proceedings of the 8th International Conference on Computer Aided Verification(CAV). 390–393.
[15]
Steven Eker, JosŽ Meseguer, and Ambarish Sridharanarayanan. 2004. The Maude LTL Model Checker. Electronic Notes in Theoretical Computer Science 71, 0 (2004), 162–187. https://doi.org/10.1016/S1571-0661(05)82534-4
[16]
Daniel Jackson. 2006. Software Abstractions: Logic, Language, and Analysis. The MIT Press.
[17]
Ruby B. Lee, Peter Kwan, John Patrick McGregor, Jeffrey Dwoskin, and Zhenghong Wang. 2005. Architecture for Protecting Critical Secrets in Microprocessors. In Proceedings of the International Symposium on Computer Architecture(ISCA). 2–13.
[18]
Xun Li, Mohit Tiwari, Jason K Oberg, Vineeth Kashyap, Frederic T Chong, Timothy Sherwood, and Ben Hardekopf. 2011. Caisson: a hardware description language for secure information flow. ACM Sigplan Notices 46, 6 (2011), 109–120.
[19]
David Lie, John C. Mitchell, Chandramohan A. Thekkath, and Mark Horowitz. 2003. Specifying and verifying hardware for tamper-resistant software. In Proceedings of Symposium on Security and Privacy(S&P). 166 – 177.
[20]
David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. 2000. Architectural support for copy and tamper resistant software. SIGPLAN Not. 35 (November 2000), 168–177. Issue 11. https://doi.org/10.1145/356989.357005
[21]
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In ACM Intl. Workshop on Hardware and Architectural Support for Security and Privacy.
[22]
Andrew W. Roscoe, C. A. R. Hoare, and Richard Bird. 1997. The Theory and Practice of Concurrency. Prentice Hall.
[23]
Andrew W. Roscoe and Zhenzhong Wu. 2006. Verifying Statemate Statecharts Using CSP and FDR. In Formal Methods and Software Engineering, Zhiming Liu and Jifeng He (Eds.). Lecture Notes in Computer Science, Vol. 4260. Springer Berlin Heidelberg, 324–341. https://doi.org/10.1007/11901433_18
[24]
Benedikt Schmidt, Simon Meier, Cas Cremers, and David Basin. 2012. Automated analysis of Diffie-Hellman protocols and advanced security properties. In 2012 IEEE 25th Computer Security Foundations Symposium. IEEE, 78–94.
[25]
Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. 2007. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. SIGOPS Oper. Syst. Rev. 41, 6 (2007), 335–350. https://doi.org/10.1145/1323293.1294294
[26]
Rohit Sinha, Sriram Rajamani, Sanjit Seshia, and Kapil Vaswani. 2015. Moat: Verifying confidentiality of enclave programs. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1169–1184.
[27]
Sean Smith, Ron Perez, Steve Weingart, and Vernon Austel. 1999. Validating a High-Performance, Programmable Secure Coprocessor. In Proceedings of the 22nd National Information Systems Security Conference(NISSC).
[28]
Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. HDFI: Hardware-assisted data-flow isolation. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 1–17.
[29]
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, and Sanjit A Seshia. 2017. A formal foundation for secure remote execution of enclaves. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2435–2450.
[30]
G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, and Srinivas Devadas. 2003. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual International Conference on Supercomputing (San Francisco, CA, USA) (ICS ’03). 160–171. https://doi.org/10.1145/782814.782838
[31]
Jun Sun, Yang Liu, and JinSong Dong. 2021. PAT: Process Analysis Toolkit. https://pat.comp.nus.edu.sg/.
[32]
Jakub Szefer. 2013. Architectures for Secure Cloud Computing Servers. Ph.D. Dissertation. Princeton University.
[33]
Jakub Szefer and Ruby B. Lee. 2012. Architectural Support for Hypervisor-Secure Virtualization. In Proceedings of International Conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS). 437–450.
[34]
Johannes Winter. 2008. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In Proceedings of the 3rd ACM workshop on Scalable trusted computing. 21–30.
[35]
Danfeng Zhang, Yao Wang, G Edward Suh, and Andrew C Myers. 2015. A hardware design language for timing-sensitive information-flow security. Acm Sigplan Notices 50, 4 (2015), 503–516.
[36]
Tianwei Zhang and Ruby B. Lee. 2015. CloudMonatt: An Architecture for Security Health Monitoring and Attestation of Virtual Machines in Cloud Computing. In ACM International Symposium on Computer Architecture.
[37]
Tianwei Zhang and Ruby B. Lee. 2016. Monitoring and Attestation of Virtual Machine Security Health in Cloud Computing. IEEE Micro 36, 5 (2016).
[38]
Tianwei Zhang and Ruby B Lee. 2017. Design, implementation and verification of cloud architecture for monitoring a virtual machine’s security health. IEEE Trans. Comput. 67, 6 (2017), 799–815.
[39]
Tianwei Zhang, Jakub Szefer, and Ruby B. Lee. 2012. Security Verification of Hardware-enabled Attestation Protocols. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy(HASP).
Recommendations
Scalable Software Model Checking Using Design for Verification
Verified Software: Theories, Tools, ExperimentsThere has been significant progress in automated verification techniques based on model checking. However, scalable software model checking remains a challenging problem. We believe that this problem can be addressed using a design for verification ...
Efficient scalable verification of LTL specifications
ICSE '15: Proceedings of the 37th International Conference on Software Engineering - Volume 1Linear Temporal Logic (LTL) has been used in computer science for decades to formally specify programs, systems, desired properties, and relevant behaviors. This paper presents a novel, efficient technique for verifying LTL specifications in a fully ...
Automated verification of practical garbage collectors
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesGarbage collectors are notoriously hard to verify, due to their low-level interaction with the underlying system and the general difficulty in reasoning about reachability in graphs. Several papers have presented verified collectors, but either the ...
Comments
Information & Contributors
Information
Published In
October 2021
61 pages
ISBN:9781450396141
DOI:10.1145/3505253
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 June 2022
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
HASP '21
HASP '21: Workshop on Hardware and Architectural Support for Security and Privacy
October 18, 2021
CT, Virtual, USA
Acceptance Rates
Overall Acceptance Rate 9 of 13 submissions, 69%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 65Total Downloads
- Downloads (Last 12 months)10
- Downloads (Last 6 weeks)0
Reflects downloads up to 12 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format