Towards a Theory of Secure Systems (CMU-CyLab-08-003)
نویسندگان
چکیده
We initiate a program to develop a principled theory of secure systems. Our main technical result is a formal logic for reasoning about a network of shared memory, multi-user systems. The logic is inspired by an existing logic for security protocols. It extends the attacker model and adds shared memory, time, and limited forms of access control. We prove soundness for the proof system in the presence of an attacker who controls the network and has partial control over shared memory on individual machines. We illustrate the use of the logic by proving a relevant security property of a part of the Trusted Computing Group’s remote attestation protocol.
منابع مشابه
Connectivity in Secure Wireless Sensor Networks under Transmission Constraints (CMU-CyLab-14-003)
In wireless sensor networks (WSNs), the Eschenauer–Gligor (EG) key pre-distribution scheme is a widely recognized way to secure communications. Although the connectivity properties of secure WSNs with the EG scheme have been extensively investigated, few results address physical transmission constraints. These constraints reflect real–world implementations of WSNs in which two sensors have to b...
متن کاملTowards Generating High Coverage Vulnerability-based Signatures with Protocol-level Constraint-guided Exploration (CMU-CyLab-08-009)
Signature-based input filtering is an important and widely deployed defense. But current signature generation methods have limited coverage and the generated signatures can be easily evaded by an attacker with small variations of the exploit message. In this paper, we propose protocol-level constraint-guided exploration, a new approach towards generating high coverage vulnerability-based signat...
متن کاملAttacking, Repairing, and Verifying SecVisor: A Retrospective on the Security of a Hypervisor (CMU-CyLab-08-008)
SecVisor is a hypervisor designed to guarantee that only code approved by the user of a system executes at the privilege level of the OS kernel [17]. We employ a model checker to verify the design properties of SecVisor and identify two design-level attacks that violate SecVisor’s security requirements. Despite SecVisor’s narrow interface and tiny code size, our attacks were overlooked in both ...
متن کاملA Sequent Calculus for Counterfactual Reasoning (CMU-CyLab-17-003)
Counterfactual conditions such as “if A were not true, then C would not have been true” have been formally studied by philosophers for causal claims for decades. Counterfactuals are often used informally in practice for diagnosing systems and identifying errors or misconfigurations. This paper develops a proof theory for counterfactual reasoning of Horn clauses, which have applications in domai...
متن کاملResults on Vertex Degree and K-Connectivity in Uniform S-Intersection Graphs (CMU-CyLab-14-004)
We present results related to the vertex degree in a uniform s-intersection graph which has received much interest recently. Specifically , we derive the probability distribution for the minimum vertex degree, and show that the number of vertices with an arbitrary degree converges to a Poisson distribution. A uniform s-intersection graph models the topology of a secure wireless sensor network e...
متن کامل