Formal Analysis of a Response Mechanism for TCG TOCTOU Attacks

Abstract

LWRM was a method for defeating TCG TOCTOU attacks with less overhead during the normal system execution. However, its security capability was evaluated only through experiments. The uncertainty in real experiments may hide the design-level errors. In this paper we explore applying model checking based formal verification techniques to verify whether LWRM can achieve the declared security properties. We first propose a method of modeling LWRM, a kernel-space mechanism, in PROMELA language. Then we detect the design-level vulnerabilities by using SPIN. At last we verify our analysis via experiments and present the challenges to mitigate the vulnerabilities.