A logic for secure stratified systems and its application to containerized systems

Hagen Lauer, Amin Sakzad, Carsten Rudolph, Surya Nepal

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

1 Citation (Scopus)

Abstract

We present the design and verification of a secure integrity measurement system for containerized systems. Containerization of applications allows fine-graded deployment and management of services and dependencies but also needs fine-graded security mechanisms. In this paper we provide formal abstractions for containerized systems by introducing LS^3, a formal model and logic with sub-domain constructs to represent stratified systems and their interactions. Using our formal model, we prove that the widely used Trusted Computing Group (TCG) based Integrity Measurement Architecture (IMA) securely extends trust measurements from boot to applications. However, IMA is not designed to make domain specific trust measurements and is consequently incapable of creating domain specific integrity reports. Current research aims to improve either trust measurement performance or comprehensiveness but does not improve the measurement function and its semantics to allow remote verification of measurements per domain. We present an enhanced trust measurement architecture design, which produces domain specific integrity measurements suitable for fine-graded remote attestation. Providing domain specific integrity reports eases system and sub-system verification and yields desirable properties such as measurement log stability and constrained disclosure for multi-domain systems. We verify and prove the correctness of our trust measurement architecture using our formal model.

Original languageEnglish
Title of host publicationProceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering
EditorsLiqun Chen, Ryan Ko, Liming Zhu
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages562-569
Number of pages8
ISBN (Electronic)9781728127767, 9781728127774
ISBN (Print)9781728127781
DOIs
Publication statusPublished - 2019
EventIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019 - Rotorua, New Zealand
Duration: 5 Aug 20198 Aug 2019
Conference number: 18th
https://crow.org.nz/TrustCom2019 (Conference website)
https://ieeexplore.ieee.org/xpl/conhome/8883860/proceeding (Proceedings)

Conference

ConferenceIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019
Abbreviated titleTrustCom 2019
CountryNew Zealand
CityRotorua
Period5/08/198/08/19
Internet address

Keywords

  • Formal Verification
  • Trusted Computing
  • Virtualization

Cite this