A Logic of Secure Systems and Its Application to Trusted Computing

Free registration required

Executive Summary

The authors present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication, and dynamically loading and executing unknown (and potentially un-trusted) code. The adversary's capabilities are constrained by the system interface as defined in the programming model (leading to the name CSI-ADVERSARY). They develop a sound proof system for reasoning about programs without explicitly reasoning about adversary actions. They use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols.

  • Format: PDF
  • Size: 208.5 KB