TCG TOCTOU攻击响应机制的形式化分析

2012 Fourth International Conference on Multimedia Information Networking and Security Pub Date : 2012-11-02 DOI:10.1109/MINES.2012.116

Xiaolin Chang, Bin Xing, Ying Qin

{"title":"TCG TOCTOU攻击响应机制的形式化分析","authors":"Xiaolin Chang, Bin Xing, Ying Qin","doi":"10.1109/MINES.2012.116","DOIUrl":null,"url":null,"abstract":"LWRM was a method for defeating TCG TOCTOU attacks with less overhead during the normal system execution. However, its security capability was evaluated only through experiments. The uncertainty in real experiments may hide the design-level errors. In this paper we explore applying model checking based formal verification techniques to verify whether LWRM can achieve the declared security properties. We first propose a method of modeling LWRM, a kernel-space mechanism, in PROMELA language. Then we detect the design-level vulnerabilities by using SPIN. At last we verify our analysis via experiments and present the challenges to mitigate the vulnerabilities.","PeriodicalId":208089,"journal":{"name":"2012 Fourth International Conference on Multimedia Information Networking and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Formal Analysis of a Response Mechanism for TCG TOCTOU Attacks\",\"authors\":\"Xiaolin Chang, Bin Xing, Ying Qin\",\"doi\":\"10.1109/MINES.2012.116\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"LWRM was a method for defeating TCG TOCTOU attacks with less overhead during the normal system execution. However, its security capability was evaluated only through experiments. The uncertainty in real experiments may hide the design-level errors. In this paper we explore applying model checking based formal verification techniques to verify whether LWRM can achieve the declared security properties. We first propose a method of modeling LWRM, a kernel-space mechanism, in PROMELA language. Then we detect the design-level vulnerabilities by using SPIN. At last we verify our analysis via experiments and present the challenges to mitigate the vulnerabilities.\",\"PeriodicalId\":208089,\"journal\":{\"name\":\"2012 Fourth International Conference on Multimedia Information Networking and Security\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Fourth International Conference on Multimedia Information Networking and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MINES.2012.116\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Fourth International Conference on Multimedia Information Networking and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MINES.2012.116","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

LWRM是一种在正常系统执行期间以较少开销击败TCG TOCTOU攻击的方法。然而，其安全性能仅通过实验来评估。真实实验中的不确定性可能隐藏了设计层面的错误。本文探索应用基于模型检查的形式化验证技术来验证LWRM是否能够实现声明的安全属性。本文首先提出了一种用PROMELA语言对核空间机制LWRM进行建模的方法。然后利用SPIN检测设计级漏洞。最后，我们通过实验验证了我们的分析，并提出了减少漏洞的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Formal Analysis of a Response Mechanism for TCG TOCTOU Attacks

LWRM was a method for defeating TCG TOCTOU attacks with less overhead during the normal system execution. However, its security capability was evaluated only through experiments. The uncertainty in real experiments may hide the design-level errors. In this paper we explore applying model checking based formal verification techniques to verify whether LWRM can achieve the declared security properties. We first propose a method of modeling LWRM, a kernel-space mechanism, in PROMELA language. Then we detect the design-level vulnerabilities by using SPIN. At last we verify our analysis via experiments and present the challenges to mitigate the vulnerabilities.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 Fourth International Conference on Multimedia Information Networking and Security

自引率

0.00%

发文量