1

Modeling and Analysis of Networked Secure Systems with Application to Trusted

Computing

Jason FranklinJoint work with Deepak Garg,

Dilsun Kaynar, and Anupam Datta

2

Motivation

• Despite progress in cryptography and security protocols, designing secure systems remains difficult

– Network protocols and cryptography rely on secure system assumption

• Problem: Attackers violate secure system assumption by exploiting system design flaws

• Solution: Prove security of system designs

3

Motivating Example

ClientSystem

Network

Network

Server System

4

Trusted Computing

• Question: How do we trust remote servers?

• Proposed Solution: Ask servers what programs they are running?– Server attests to (vouches for) its running software…

5

I’ll ask what programs they

have run!

How do I know if I can trust that server?

Hey server! What code

have you run?

Server System

Details of Proposed Solution

ClientSystem

Network Network

Network Protocol Analysis

System and Network Protocol AnalysisSince I last rebooted, I’ve run

0: Operating System1: Web Server

2: Shopping Cart Server

Request Reply

I trust those programs to

protect my data!

6

In this talk…

• Describe Logic of Secure Systems (LS^2)– Modeling system designs– Analysis of system designs

• Analyze trusted computing protocol

• Limitations, work in progress, and conclusion

7

Hey server! What code

have you run?

Server System

Modeling Protocols as Programs

ClientSystem

Network Networkrequest Reply

Client ≡

request := read question;

send request;

reply := receive;

match /reply/trusted/;

Server ≡

r := receive;

send reply;

Since I last rebooted, I’ve run

0: Operating System1: Web Server

2: Shopping Cart Server

I trust those programs to

protect my data!

8

Components of Model

ExplicitTime

EncryptionDecryption

Hash Sign/Verify

MemoryProtection

Memory

NetworkComm.

Threads

ControlFlow

Key:

AddedExisting

HardwareResets

TrustedComputing

9

Modeling Details

• Memory– Read and write named memory locations

• Example: d := read Mem[x];

• Memory Protection– Exclusive write locks

• Example: lock(Mem[x]);

• Explicit time– Ordering events

• Read at time TR, Write at time TW and TR < TW

– Expressing invariants• Mem[x] contains value V during interval (TR,TW)

10

Server System

New Adversary Model

ClientSystem

Network Network

I can remove, reorder, or

replay messages.

Standard Network Adversary

I can generate messages if I

know their components!

I’m a malicious local thread!

I can write to any unprotected memory location!

I can read any memory location!

I collude with the network adversary!

11

Overview of Protocol Analysis

Analysis

Suppose Client code executed then:

Server is executing trusted programs

Modeling

Client ≡

request := read question;

send request;

reply := receive;

match /reply/trusted/;

12

LS^2, what are you good for?

• Describe Logic of Secure Systems (LS^2)

• Analyze trusted computing protocol

• Limitations, work in progress, and conclusion

13

Hey server! What code

have you run?

MaliciousServer

System

Problems with Trusted Computing Protocol

ClientSystem

Network Networkrequest

Reply

Client ≡

request := read question;

send request;

reply := receive;

match /reply/trusted/;

MALICIOUS_Server ≡

r := receive;

send “linux”;

I trust those programs to

protect my data!

Since I last rebooted, I’ve run linux. Really, I have!

Since I last rebooted, I’ve run malicious code.

Mwhahaha!!!!

14

Server System

Solution: Trusted Coprocessor

ClientSystem

NetworkNetwork

TrustedCoprocessor

15

Trusted Coprocessor

• Trusted Computing– Augments platform with

trusted co-processor

• Coprocessor includes:– Crypto. Primitives– Keys– Append-only log

Coprocessor

Log : A B …

Log.append(A);Log.append(B);

16

Server with Coprocessor

Booting ≡

1. append log, os_code;

os := read os_code;

2. call os;

3. append log, web_server_code;

ws := read web_server_code;

4. call ws;Coprocessor

OS

Web Server

1. Append2. Call

4. Call 3. Append

Log = os_code web_server_code …

Server System

17

ClientSystem

Coprocessor Vouching for Log

Client_Receive ≡

s := receive;

verify s, seq(os_code, ws_code), K

Signer ≡

_ := receive;

w := read log;

s := sign w, K;

send s

Log = os_code ws_code …

s := SIGN K, (os_code, ws_code)

18

Protocol Analysis

Analysis

Suppose Client code executed then:

Server is executing trusted programs

Modeling

Client_Receive ≡

s := receive;

verify s, seq(os_code, ws_code), K

19

Trusted Computing Analysis

Reset

@ T R

Call t

o OS C

ode @

T OS

Read L

og @ T Rea

d

No Resets during TR to TRead

Begin EndVerify

Log @

T V

• Suppose that clients’s thread executes code Client_Receive in time interval [Begin, End) then the following properties hold:

20

Anyone See Security Vulnerability?

• Reset attack possible after read of log

Reset

@ T R

Call t

o OS C

ode @

T OS

Read L

og @ T Rea

d

No Resets during TR to TRead

Begin EndVerify

Log @

T V

Server Reset

Verification of Stale Data

Client believes server can be trusted!

21

Adversaries Attack Assumptions

• Assumptions:– Client is not running in coprocessor– Coprocessor does not reveal its private key– Coprocessor only executes Signer– Programs in memory are write locked

22

Up next…

• Describe Logic of Secure Systems (LS^2)– Designed for modeling and analysis of system

specifications

• Use LS^2 to analyze trusted computing protocols– Specify trusted computing protocols – State security properties and security proof – Discuss implications and analysis of proof

• Limitations, work in progress, and conclusion

23

Limitations and Work In Progress

• Control flow and context sensitive analysis• Composition theorems for modular analysis of

complex systems• Expanding access control policies• Analysis of other trusted computing protocols• Modeling layer diagrams

Hardware

Operating System

User Level Programs

Layer Diagram

24

Related Work

• LS^2 is derived from Protocol Composition Logic [Datta05-07]

• Related work on program correctness:– Concurrent separation logic [Brookes04]– Verification of concurrent systems [TLA,

Lamport84, Owicki&Gries76]

25

Conclusion

• LS^2 is logic for analysis of networked secure systems including local and network adversaries

• LS^2 models abstract memory protections, time, hardware resets, and security primitives

• Described formal analysis of trusted computing– Identified reset attack

• Ongoing work seeks to expand scope of LS^2

26

Take Home Points

• If you are designing secure systems: – LS^2 enables security analysis of system

design before you implement• Avoids costly and embarrassing vulnerabilities• Clarifies security properties of design

• Even if you are just using secure systems:– LS^2 can provide stronger guarantees about

your security

27

Questions?

• Theory of Secure Systems Project (ToSS) – http://www.cs.cmu.edu/~jfrankli/toss

• Publications and Manuscripts:– D. Garg, J. Franklin, D. Kaynar, A. Datta. “Towards a

Theory of Secure Systems” Cylab Technical Report, Feb. 2008.

– D. Garg, J. Franklin, D. Kaynar, A. Datta. “A Logic for Reasoning about Networked Secure Systems.” Under submission to FCS ’08.

– J. Franklin, D. Garg, D. Kaynar, A. Datta. “Modeling and Security Analysis of Trusted Computing.” In progress.

28

2