A logic for secure stratified systems and its application to containerized systems

Hagen Lauer; Amin Sakzad; Carsten Rudolph; Surya Nepal

doi:10.1109/TrustCom/BigDataSE.2019.00081

A logic for secure stratified systems and its application to containerized systems

Hagen Lauer, Amin Sakzad, Carsten Rudolph, Surya Nepal

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

2 Citations (Scopus)

Abstract

We present the design and verification of a secure integrity measurement system for containerized systems. Containerization of applications allows fine-graded deployment and management of services and dependencies but also needs fine-graded security mechanisms. In this paper we provide formal abstractions for containerized systems by introducing LS^3, a formal model and logic with sub-domain constructs to represent stratified systems and their interactions. Using our formal model, we prove that the widely used Trusted Computing Group (TCG) based Integrity Measurement Architecture (IMA) securely extends trust measurements from boot to applications. However, IMA is not designed to make domain specific trust measurements and is consequently incapable of creating domain specific integrity reports. Current research aims to improve either trust measurement performance or comprehensiveness but does not improve the measurement function and its semantics to allow remote verification of measurements per domain. We present an enhanced trust measurement architecture design, which produces domain specific integrity measurements suitable for fine-graded remote attestation. Providing domain specific integrity reports eases system and sub-system verification and yields desirable properties such as measurement log stability and constrained disclosure for multi-domain systems. We verify and prove the correctness of our trust measurement architecture using our formal model.

Original language	English
Title of host publication	Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering
Editors	Liqun Chen, Ryan Ko, Liming Zhu
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	562-569
Number of pages	8
ISBN (Electronic)	9781728127767, 9781728127774
ISBN (Print)	9781728127781
DOIs	https://doi.org/10.1109/TrustCom/BigDataSE.2019.00081
Publication status	Published - 2019
Event	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019 - Rotorua, New Zealand Duration: 5 Aug 2019 → 8 Aug 2019 Conference number: 18th https://crow.org.nz/TrustCom2019 (Conference website) https://ieeexplore.ieee.org/xpl/conhome/8883860/proceeding (Proceedings)

Conference

Conference	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019
Abbreviated title	TrustCom 2019
Country/Territory	New Zealand
City	Rotorua
Period	5/08/19 → 8/08/19
Internet address	https://crow.org.nz/TrustCom2019 (Conference website) https://ieeexplore.ieee.org/xpl/conhome/8883860/proceeding (Proceedings)

Keywords

Formal Verification
Trusted Computing
Virtualization

Access to Document

10.1109/TrustCom/BigDataSE.2019.00081

Cite this

Lauer, H., Sakzad, A., Rudolph, C., & Nepal, S. (2019). A logic for secure stratified systems and its application to containerized systems. In L. Chen, R. Ko, & L. Zhu (Eds.), Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (pp. 562-569). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/TrustCom/BigDataSE.2019.00081

Lauer, Hagen ; Sakzad, Amin ; Rudolph, Carsten et al. / A logic for secure stratified systems and its application to containerized systems. Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering. editor / Liqun Chen ; Ryan Ko ; Liming Zhu. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2019. pp. 562-569

@inproceedings{fd3eb27680d147f58514783ba1e4dde1,

title = "A logic for secure stratified systems and its application to containerized systems",

abstract = "We present the design and verification of a secure integrity measurement system for containerized systems. Containerization of applications allows fine-graded deployment and management of services and dependencies but also needs fine-graded security mechanisms. In this paper we provide formal abstractions for containerized systems by introducing LS^3, a formal model and logic with sub-domain constructs to represent stratified systems and their interactions. Using our formal model, we prove that the widely used Trusted Computing Group (TCG) based Integrity Measurement Architecture (IMA) securely extends trust measurements from boot to applications. However, IMA is not designed to make domain specific trust measurements and is consequently incapable of creating domain specific integrity reports. Current research aims to improve either trust measurement performance or comprehensiveness but does not improve the measurement function and its semantics to allow remote verification of measurements per domain. We present an enhanced trust measurement architecture design, which produces domain specific integrity measurements suitable for fine-graded remote attestation. Providing domain specific integrity reports eases system and sub-system verification and yields desirable properties such as measurement log stability and constrained disclosure for multi-domain systems. We verify and prove the correctness of our trust measurement architecture using our formal model.",

keywords = "Formal Verification, Trusted Computing, Virtualization",

author = "Hagen Lauer and Amin Sakzad and Carsten Rudolph and Surya Nepal",

year = "2019",

doi = "10.1109/TrustCom/BigDataSE.2019.00081",

language = "English",

isbn = "9781728127781",

pages = "562--569",

editor = "Chen, {Liqun } and Ko, {Ryan } and Zhu, {Liming }",

booktitle = "Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019, TrustCom 2019 ; Conference date: 05-08-2019 Through 08-08-2019",

url = "https://crow.org.nz/TrustCom2019, https://ieeexplore.ieee.org/xpl/conhome/8883860/proceeding",

}

Lauer, H, Sakzad, A , Rudolph, C & Nepal, S 2019, A logic for secure stratified systems and its application to containerized systems. in L Chen, R Ko & L Zhu (eds), Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering. IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 562-569, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019, Rotorua, New Zealand, 5/08/19. https://doi.org/10.1109/TrustCom/BigDataSE.2019.00081

A logic for secure stratified systems and its application to containerized systems. / Lauer, Hagen; Sakzad, Amin ; Rudolph, Carsten et al.
Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering. ed. / Liqun Chen; Ryan Ko; Liming Zhu. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2019. p. 562-569.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - A logic for secure stratified systems and its application to containerized systems

AU - Lauer, Hagen

AU - Sakzad, Amin

AU - Rudolph, Carsten

AU - Nepal, Surya

N1 - Conference code: 18th

PY - 2019

Y1 - 2019

N2 - We present the design and verification of a secure integrity measurement system for containerized systems. Containerization of applications allows fine-graded deployment and management of services and dependencies but also needs fine-graded security mechanisms. In this paper we provide formal abstractions for containerized systems by introducing LS^3, a formal model and logic with sub-domain constructs to represent stratified systems and their interactions. Using our formal model, we prove that the widely used Trusted Computing Group (TCG) based Integrity Measurement Architecture (IMA) securely extends trust measurements from boot to applications. However, IMA is not designed to make domain specific trust measurements and is consequently incapable of creating domain specific integrity reports. Current research aims to improve either trust measurement performance or comprehensiveness but does not improve the measurement function and its semantics to allow remote verification of measurements per domain. We present an enhanced trust measurement architecture design, which produces domain specific integrity measurements suitable for fine-graded remote attestation. Providing domain specific integrity reports eases system and sub-system verification and yields desirable properties such as measurement log stability and constrained disclosure for multi-domain systems. We verify and prove the correctness of our trust measurement architecture using our formal model.

AB - We present the design and verification of a secure integrity measurement system for containerized systems. Containerization of applications allows fine-graded deployment and management of services and dependencies but also needs fine-graded security mechanisms. In this paper we provide formal abstractions for containerized systems by introducing LS^3, a formal model and logic with sub-domain constructs to represent stratified systems and their interactions. Using our formal model, we prove that the widely used Trusted Computing Group (TCG) based Integrity Measurement Architecture (IMA) securely extends trust measurements from boot to applications. However, IMA is not designed to make domain specific trust measurements and is consequently incapable of creating domain specific integrity reports. Current research aims to improve either trust measurement performance or comprehensiveness but does not improve the measurement function and its semantics to allow remote verification of measurements per domain. We present an enhanced trust measurement architecture design, which produces domain specific integrity measurements suitable for fine-graded remote attestation. Providing domain specific integrity reports eases system and sub-system verification and yields desirable properties such as measurement log stability and constrained disclosure for multi-domain systems. We verify and prove the correctness of our trust measurement architecture using our formal model.

KW - Formal Verification

KW - Trusted Computing

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=85075184698&partnerID=8YFLogxK

U2 - 10.1109/TrustCom/BigDataSE.2019.00081

DO - 10.1109/TrustCom/BigDataSE.2019.00081

M3 - Conference Paper

SN - 9781728127781

SP - 562

EP - 569

BT - Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering

A2 - Chen, Liqun

A2 - Ko, Ryan

A2 - Zhu, Liming

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019

Y2 - 5 August 2019 through 8 August 2019

ER -

Lauer H, Sakzad A , Rudolph C, Nepal S. A logic for secure stratified systems and its application to containerized systems. In Chen L, Ko R, Zhu L, editors, Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2019. p. 562-569 doi: 10.1109/TrustCom/BigDataSE.2019.00081

A logic for secure stratified systems and its application to containerized systems

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this