Efficient TCB Reduction and Attestation (CMU-CyLab-09-003)

Towards a Theory of Secure Systems (CMU-CyLab-08-003)

We initiate a program to develop a principled theory of secure systems. Our main technical result is a formal logic for reasoning about a network of shared memory, multi-user systems. The logic is inspired by an existing logic for security protocols. It extends the attacker model and adds shared memory, time, and limited forms of access control. We prove soundness for the proof system in the pr...

A Logic of Secure Systems and its Application to Trusted Computing (CMU-CyLab-09-001)

We present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication, and dynamically loading and executing unknown (and potentially untrusted) code. The adversary’s capabi...

Efficient TCB Reduction and Attestation

We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to a remote verifier. TrustVisor only add...

Access Control for Home Data Sharing: Attitudes, Needs and Practices (CMU-CyLab-09-013, CMU-PDL-09-110)

As digital content becomes more prevalent in the home, nontechnical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create...

Warning Design Guidelines (CMU-CyLab-13-002)