Copland分层认证规范的自动信任分析

23rd International Symposium on Principles and Practice of Declarative Programming Pub Date : 2021-09-06 DOI:10.1145/3479394.3479418

Paul D. Rowe, John D. Ramsdell, Ian D. Kretz

{"title":"Copland分层认证规范的自动信任分析","authors":"Paul D. Rowe, John D. Ramsdell, Ian D. Kretz","doi":"10.1145/3479394.3479418","DOIUrl":null,"url":null,"abstract":"In distributed systems, trust decisions are often based on remote attestations in which evidence is gathered about the integrity of subcomponents. Layered attestations leverage hierarchical dependencies among the subcomponents to bolster the trustworthiness of evidence. Copland is a declarative, domain-specific language for specifying complex layered attestations. How phrases are composed bears directly on the trustworthiness of the evidence they produce, and complex phrases become quite difficult to analyze by hand. We introduce an automated method for analyzing executions of attestations specified by Copland phrases in an adversarial setting. We develop a general theory of executions with adversarial corruption and repair events. Our approach is to enrich the Copland semantics according to this theory. Using the model finder Chase, we characterize all executions consistent with a set of initial assumptions. From this set of models, an analyst can discover all ways an active adversary can corrupt subcomponents without being detected by the attestation. These efforts afford trust policymakers the ability to compare attestations expressed as Copland phrases against trust policy in a way that encompasses both static and runtime concerns.","PeriodicalId":242361,"journal":{"name":"23rd International Symposium on Principles and Practice of Declarative Programming","volume":"48 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Automated Trust Analysis of Copland Specifications for Layered Attestations✱\",\"authors\":\"Paul D. Rowe, John D. Ramsdell, Ian D. Kretz\",\"doi\":\"10.1145/3479394.3479418\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In distributed systems, trust decisions are often based on remote attestations in which evidence is gathered about the integrity of subcomponents. Layered attestations leverage hierarchical dependencies among the subcomponents to bolster the trustworthiness of evidence. Copland is a declarative, domain-specific language for specifying complex layered attestations. How phrases are composed bears directly on the trustworthiness of the evidence they produce, and complex phrases become quite difficult to analyze by hand. We introduce an automated method for analyzing executions of attestations specified by Copland phrases in an adversarial setting. We develop a general theory of executions with adversarial corruption and repair events. Our approach is to enrich the Copland semantics according to this theory. Using the model finder Chase, we characterize all executions consistent with a set of initial assumptions. From this set of models, an analyst can discover all ways an active adversary can corrupt subcomponents without being detected by the attestation. These efforts afford trust policymakers the ability to compare attestations expressed as Copland phrases against trust policy in a way that encompasses both static and runtime concerns.\",\"PeriodicalId\":242361,\"journal\":{\"name\":\"23rd International Symposium on Principles and Practice of Declarative Programming\",\"volume\":\"48 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"23rd International Symposium on Principles and Practice of Declarative Programming\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3479394.3479418\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"23rd International Symposium on Principles and Practice of Declarative Programming","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3479394.3479418","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

在分布式系统中，信任决策通常基于远程证明，其中收集有关子组件完整性的证据。分层证明利用子组件之间的分层依赖关系来增强证据的可信度。Copland是一种声明性的、特定于领域的语言，用于指定复杂的分层认证。短语的构成方式直接关系到它们所产生的证据的可信度，而复杂的短语很难手工分析。我们介绍了一种自动化的方法来分析在对抗设置中由Copland短语指定的证明的执行情况。我们发展了一个具有对抗性腐败和修复事件的执行的一般理论。我们的方法是根据这一理论来丰富Copland语义。使用模型查找器Chase，我们描述了与一组初始假设一致的所有执行。从这组模型中，分析人员可以发现活动攻击者破坏子组件而不被认证检测到的所有方式。这些努力使信任政策制定者能够以一种包含静态和运行时关注点的方式，将以Copland短语表示的证明与信任策略进行比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Automated Trust Analysis of Copland Specifications for Layered Attestations✱

In distributed systems, trust decisions are often based on remote attestations in which evidence is gathered about the integrity of subcomponents. Layered attestations leverage hierarchical dependencies among the subcomponents to bolster the trustworthiness of evidence. Copland is a declarative, domain-specific language for specifying complex layered attestations. How phrases are composed bears directly on the trustworthiness of the evidence they produce, and complex phrases become quite difficult to analyze by hand. We introduce an automated method for analyzing executions of attestations specified by Copland phrases in an adversarial setting. We develop a general theory of executions with adversarial corruption and repair events. Our approach is to enrich the Copland semantics according to this theory. Using the model finder Chase, we characterize all executions consistent with a set of initial assumptions. From this set of models, an analyst can discover all ways an active adversary can corrupt subcomponents without being detected by the attestation. These efforts afford trust policymakers the ability to compare attestations expressed as Copland phrases against trust policy in a way that encompasses both static and runtime concerns.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

23rd International Symposium on Principles and Practice of Declarative Programming

自引率

0.00%

发文量