research-article

Logical attestation: an authorization architecture for trustworthy computing

Authors:

Emin Gün Sirer,

Willem de Bruijn,

Patrick Reynolds,

Fred B. SchneiderAuthors Info & Claims

SOSP '11: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles

Pages 249 - 264

https://doi.org/10.1145/2043556.2043580

Published: 23 October 2011 Publication History

Abstract

This paper describes the design and implementation of a new operating system authorization architecture to support trustworthy computing. Called logical attestation, this architecture provides a sound framework for reasoning about run time behavior of applications. Logical attestation is based on attributable, unforgeable statements about program properties, expressed in a logic. These statements are suitable for mechanical processing, proof construction, and verification; they can serve as credentials, support authorization based on expressive authorization policies, and enable remote principals to trust software components without restricting the local user's choice of binary implementations.

We have implemented logical attestation in a new operating system called the Nexus. The Nexus executes natively on x86 platforms equipped with secure coprocessors. It supports both native Linux applications and uses logical attestation to support new trustworthy-computing applications. When deployed on a trustworthy cloud-computing stack, logical attestation is efficient, achieves high-performance, and can run applications that provide qualitative guarantees not possible with existing modes of attestation.

References

[1]

Martín Abadi. Variations in Access Control Logic. In Proc. of the Conference on Deontic Logic in Computer Science, Luxembourg, July 2008.

Digital Library

[2]

Andrew W. Appel and Edward W. Felten. Proof-carrying authentication. In Proc. of the Conference on Computer and Communications Security, Singapore, November 1999.

Digital Library

[3]

William A. Arbaugh, David J. Farber, and Jonathan M. Smith. A Secure and Reliable Bootstrap Architecture. In Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1997.

Digital Library

[4]

Stefan Berger, Ramón Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. vTPM: Virtualizing the Trusted Platform Module. In Proc. of the USENIX Security Symposium, Vancouver, Canada, August 2006.

Digital Library

[5]

Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. Wedge: Splitting Applications into Reduced-privilege Compartments. In Proc. of the Symposium on Networked System Design and Implementation, San Francisco, CA, April 2008.

Digital Library

[6]

Byung-Gon Chun, Petros Maniatis, Scott Shenker, and John Kubiatowicz. Attested append-only memory: Making adversaries stick to their word. In Proc. of the Symposium on Operating System Principles, Stevenson, WA, October 2007.

Digital Library

[7]

Jack B. Dennis and Earl C. Van Horn. Programming semantics for multiprogrammed computations. Comm. of the ACM, 9:143--155, March 1966.

Digital Library

[8]

Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazières, M. Frans Kaashoek, and Robert T. Morris. Labels and Event Processes in the Asbestos Operating System. In Proc. of the Symposium on Operating Systems Principles, Brighton, UK, October 2005.

Digital Library

[9]

Paul England, Butler Lampson, John Manferdelli, Marcus Peinado, and Bryan Willman. A Trusted Open Platform. Computer, 36(7):55--62, July 2003.

Digital Library

[10]

Paul England and Jork Loeser. Para-Virtualized TPM Sharing. In Proc. of the International Conference on Trusted Computing and Trust in Information Technologies, Villach, Austria, 2008.

Digital Library

[11]

Ùlfar Erlingsson and Fred B. Schneider. IRM Enforcement of Java Stack Inspection. In Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2000.

Digital Library

[12]

Electronic Frontier Foundation. Facebook's New Privacy Changes: The Good, The Bad, and The Ugly. http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly.

[13]

Kevin Fu, M. Frans Kaashoek, and David Mazières. Fast and Secure Distributed Read-Only File System. In Proc. of the Symposium on Operating Systems Design and Implementation, San Diego, CA, October 2000.

Digital Library

[14]

Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: A Virtual Machine-Based Platform for Trusted Computing. In Proc. of the Symposium on Operating Systems Principles, Bolton Landing, NY, October 2003.

Digital Library

[15]

Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. The Digital Distributed System Security Architecture. In Proc. of the National Computer Security Conference, Baltimore, MD, October 1989.

[16]

Li Gong. Java Security: Present and Near Future. IEEE Micro, 17(3):14--19, May/June 1997.

Digital Library

[17]

Ramakrishna Gummadi, Hari Balakrishnan, Petros Maniatis, and Sylvia Ratnasamy. Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks. In Proc. of the Symposium on Networked System Design and Implementation, Boston, MA, April 2009.

Digital Library

[18]

Vivek Haldar, Deepak Chandra, and Michael Franz. Semantic Remote attestation: A Virtual Machine Directed Approach to Trusted Computing. In Proc. of the USENIX Virtual Machine Research and Technology Symposium, San Jose, CA, May 2004.

Digital Library

[19]

Hermann Härtig. Security Architectures Revisited. In Proc. of the SIGOPS European Workshop, Saint-Emilion, France, September 2002.

Digital Library

[20]

Hermann Härtig, Michael Hohmuth, Norman Feske, Christian Helmuth, Adam Lackorzynski, Frank Mehnert, and Michael Peter. The Nizza Secure-System Architecture. In Proc. of the International Conference on Collaborative Computing, San Jose, CA, December 2005.

[21]

Hermann Härtig, Michael Hohmuth, Jochen Liedtke, and Sebastian Schönberg. The Performance of μ-Kernel-Based Systems. In Proc. of the Symposium on Operating Systems Principles, Saint Malo, France, October 1997.

Digital Library

[22]

Hermann Härtig and Oliver Kowalski and Winfried Kühnhauser. The BirliX Security Architecture. Journal of Computer Security, 2(1):5--21, 1993.

[23]

William K. Josephson, Emin Gün Sirer, and Fred B. Schneider. Peer-to-Peer Authentication With a Distributed Single Sign-On Service. In Proc. of the Workshop on Peer-to-Peer Systems, San Diego, CA, February 2004.

Digital Library

[24]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Michael Norrish, Rafal Kolanski, Thomas Sewell, Harvey Tuch, and Simon Winwood. seL4: Formal Verification of an OS Kernel. In Proc. of the Symposium on Operating Systems Principles, Big Sky, MT, October 2009.

Digital Library

[25]

Butler Lampson. Computer Security in the Real World. IEEE Computer, 37(6), 2004.

Digital Library

[26]

Chris Lesniewski-Laas, Bryan Ford, Jacob Strauss, Robert Morris, and Frans M. Kaashoek. Alpaca: Extensible Authorization for Distributed Services. In Proc. of the Conference on Computer and Communications Security, Alexandria, VA, October 2007.

Digital Library

[27]

Dave Levin, John R. Douceur, Jacob R. Lorch, and Thomas Moscibroda. TrInc: Small Trusted Hardware for Large Distributed Systems. In Proc. of the Symposium on Networked System Design and Implementation, Boston, MA, April 2009.

Digital Library

[28]

Jinyuan Li, Maxwell Krohn, David Mazières, and Dennis Shasha. Secure Untrusted Data Repository. In Proc. of the Symposium on Operating Systems Design and Implementation, San Francisco, CA, December 2004.

Digital Library

[29]

David Lie, Chandramohan A. Thekkath, and Mark Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. In Proc. of the Symposium on Operating Systems Principles, Bolton Landing, NY, October 2003.

Digital Library

[30]

Umesh Maheshwari, Radek Vingralek, and William Shapiro. How to Build a Trusted Database System on Untrusted Storage. In Proc. of the Symposium on Operating Systems Design and Implementation, San Diego, CA, October 2000.

Digital Library

[31]

Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2010.

Digital Library

[32]

Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. Flicker: An Execution Infrastructure for TCB Minimization. In Proc. of the European Conference on Computer Systems, Glasgow, Scotland, April 2008.

Digital Library

[33]

Ralph C. Merkle. Protocols for Public Key Cryptosystems. In Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1980.

[34]

Ralph C. Merkle. A Certified Digital Signature. In Proc. of the International Cryptology Conference, Santa Barbara, CA, August 1989.

Digital Library

[35]

George C. Necula. Proof-Carrying Code. In Proc. of the Symposium on Principles of Programming Languages, pages 106--119, Paris, France, 1997.

Digital Library

[36]

Bryan Parno, Jonathan M. McCune, and Adrian Perrig. Bootstrapping Trust in Commodity Computers. In Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2010.

Digital Library

[37]

Birgit Pfitzmann, James Riordan, Christian Stüble, Michael Waidner, and Arnd Weber. The PERSEUS System Architecture. Technical Report RZ3335 (93381), IBM Research Division, Zurich, April 2001.

[38]

Rob Pike, Dave Presotto, Sean Dorward, Bob Flandrena, Ken Thompson, Howard Trickey, and Phil Winterbottom. Plan 9 from Bell Labs. Computing Systems, 8(3):221--254, Summer 1995.

[39]

Patrick Reynolds, Oliver Kennedy, Emin Gün Sirer, and Fred B. Schneider. Securing Bgp Using External Security Monitors. Technical Report TR2006--2065, Cornell University, Computing and Information Science, Ithaca, New York, December 2006.

[40]

Ahmad-Reza Sadeghi, Christian Stüble, and Marcel Winandy. Property-Based TPM Virtualization. In Proc. of the International Conference on Information Security, Hyderabad, India, December 2008.

Digital Library

[41]

Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Ronald Perez, Leendert van Doorn, John Linwood Griffin, and Stefan Berger. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. Technical Report RC23511 (W0502-006), IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, February 2005.

[42]

Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proc. of the USENIX Security Symposium, San Diego, CA, August 2004.

Digital Library

[43]

Luis F. G. Sarmenta, Marten van Dijk, Charles W. O'Donnell, Jonathan Rhodes, and Srinivas Devadas. Virtual Monotonic Counters and Count-limited Objects Using a TPM without a Trusted OS. In Proc. of the Workshop on Scalable Trusted Computing, Fairfax, VA, November 2006.

Digital Library

[44]

Fred B. Schneider, Kevin Walsh, and Emin Gün Sirer. Enforceable Security Policies. ACM Transactions on Information and System Security, 1(3), February 2000.

Digital Library

[45]

Fred B. Schneider, Kevin Walsh, and Emin Gün Sirer. Nexus Authorization Logic: Design Rationale and Applications. ACM Transactions on Information and System Security, 14(1), May 2011.

Digital Library

[46]

Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms. In Proc. of the Symposium on Operating Systems Principles, Brighton, UK, October 2005.

[47]

Arvind Seshadri, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. SWATT: Software-based Attestation for Embedded Devices. In Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2004.

[48]

Jonathan S. Shapiro, Jonathan M. Smith, and David J. Farber. EROS: A Fast Capability System. In Proc. of the Symposium on Operating Systems Principles, Kiawah Island, SC, December 1999.

Digital Library

[49]

Elaine Shi, Adrian Perrig, and Leendert van Doorn. BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In Proc. of the Symposium on Security and Privacy, 2005.

Digital Library

[50]

Emin Gün Sirer, Robert Grimm, Arthur J. Gregory, and Brian N. Bershad. Design and Implementation of a Distributed Virtual Machine for Networked Computers. In Proc. of the Symposium on Operating Systems Principles, Kiawah Island, SC, December 1999.

Digital Library

[51]

Ray Spencer, Stephen Smalley, Peter Loscocco, Mike Hibler, David Andersen, and Jay Lepreau. The Flask Security Architecture: System Support for Diverse Security Policies. In Proc. of the USENIX Security Symposium, Washington, DC, August 1999.

Digital Library

[52]

Richard Stallman. Can You Trust Your Computer? Available at http://www.gnu.org/philosophy/can-you-trust.html.

[53]

Marten van Dijk, Jonathan Rhodes, Luis F. G. Sarmenta, and Srinivas Devadas. Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks. In Proc. of the Workshop on Scalable Trusted Computing, Alexandria, VA, November 2007.

Digital Library

[54]

Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient Software-Based Fault Isolation. ACM SIGOPS Operating Systems Review, 27(5):203--216, December 1993.

Digital Library

[55]

Carsten Weinhold and Hermann Härtig. VPFS: Building a Virtual Private File System with a Small Trusted Computing Base. In Proc. of the European Conference on Computer Systems, Glasgow, Scotland, April 2008.

Digital Library

[56]

Dan Williams, Patrick Reynolds, Kevin Walsh, Emin Gün Sirer, and Fred B. Schneider. Device driver safety through a reference validation mechanism. In Proc. of the Symposium on Operating System Design and Implementation, San Diego, CA, December 2008.

Digital Library

[57]

Edward Wobber, Martín Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. Transactions on Computer Systems, 12(1), 1994.

Digital Library

[58]

Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. Making Information Flow Explicit in HiStar. In Proc. of the Symposium on Operating Systems Design and Implementation, Seattle, WA, November 2006.

Digital Library

Cited By

Tzialla IWang JZhu JPanda AWalfish M(2024)Efficient Auditing of Event-driven Web ApplicationsProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3650089(1208-1224)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3650089
Madhushanie NVidanagamachchi SArachchilage N(2024)Selfish mining attack in blockchain: a systematic literature reviewInternational Journal of Information Security10.1007/s10207-024-00849-523:3(2333-2351)Online publication date: 10-Apr-2024
https://doi.org/10.1007/s10207-024-00849-5
Sheff IWang XBabel KNi Hvan Renesse RMyers A(2023)Charlotte: Reformulating Blockchains into a Web of Composable Attested Data Structures for Cross-Domain ApplicationsACM Transactions on Computer Systems10.1145/3607534Online publication date: 22-Jul-2023
https://dl.acm.org/doi/10.1145/3607534
Show More Cited By

Index Terms

Logical attestation: an authorization architecture for trustworthy computing
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Nexus authorization logic (NAL): Design rationale and applications

Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for” operators. NAL enables authorization ...
A study of nonmonotonic reasoning
Understanding SPKI/SDSI using first-order logic

SPKI/SDSI is a language for expressing distributed access control policy, derived from SPKI and SDSI. We provide a first-order logic (FOL) semantics for SDSI, and show that it has several advantages over previous semantics. For example, the FOL ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SOSP '11: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles

October 2011

417 pages

ISBN:9781450309776

DOI:10.1145/2043556

General Chair:
Ted Wobber
MSR Silicon Valley
,
Program Chair:
Peter Druschel
MPI-SWS

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

INESC: Systems and Computer Engineering Institute
SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

SOSP '11

Sponsor:

INESC
SIGOPS

SOSP '11: ACM SIGOPS 23nd Symposium on Operating Systems Principles

October 23 - 26, 2011

Cascais, Portugal

Acceptance Rates

Overall Acceptance Rate 131 of 716 submissions, 18%

Upcoming Conference

SOSP '24

Sponsor:
sigops

ACM SIGOPS 30th Symposium on Operating Systems Principles

November 4 - 6, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

68
Total Citations
View Citations
842
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)6

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tzialla IWang JZhu JPanda AWalfish M(2024)Efficient Auditing of Event-driven Web ApplicationsProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3650089(1208-1224)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3650089
Madhushanie NVidanagamachchi SArachchilage N(2024)Selfish mining attack in blockchain: a systematic literature reviewInternational Journal of Information Security10.1007/s10207-024-00849-523:3(2333-2351)Online publication date: 10-Apr-2024
https://doi.org/10.1007/s10207-024-00849-5
Sheff IWang XBabel KNi Hvan Renesse RMyers A(2023)Charlotte: Reformulating Blockchains into a Web of Composable Attested Data Structures for Cross-Domain ApplicationsACM Transactions on Computer Systems10.1145/3607534Online publication date: 22-Jul-2023
https://dl.acm.org/doi/10.1145/3607534
Zhang ZZhang HWang JHu XLi JYu WYu PLi WCui BZhu GSood KWill BGuan H(2023)QKPT: Securing Your Private Keys in Cloud With Performance, Scalability and TransparencyIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.313740320:1(478-491)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3137403
Niemi ASovio SEkberg J(2022)Towards Interoperable Enclave Attestation: Learnings from Decades of Academic Work2022 31st Conference of Open Innovations Association (FRUCT)10.23919/FRUCT54823.2022.9770907(189-200)Online publication date: 27-Apr-2022
https://doi.org/10.23919/FRUCT54823.2022.9770907
Ferraiuolo ABehjati RSantoro TLaurie BTorres-Arias SMelara MSimon L(2022)Policy TransparencyProceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3560835.3564549(3-13)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560835.3564549
Kang LXue YJia WWang XKim JYoun CKang MLim HJacob BHuang J(2021)IceClave: A Trusted Execution Environment for In-Storage ComputingMICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3466752.3480109(199-211)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3466752.3480109
Renner JSanchez-Stern ABrown FLerner SStefan DFreund SYahav E(2021)Scooter & Sidecar: a domain-specific approach to writing secure database migrationsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454072(710-724)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454072
Chase JBaldin I(2021)Federated Authorization for Managed Data Sharing: Experiences from the ImPACT Project2021 International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN52240.2021.9522208(1-10)Online publication date: Jul-2021
https://doi.org/10.1109/ICCCN52240.2021.9522208
Tan CZhao CMu SWalfish MLu SHowell J(2020)COBRAProceedings of the 14th USENIX Conference on Operating Systems Design and Implementation10.5555/3488766.3488770(63-80)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.5555/3488766.3488770
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents