Specifying and Verifying Hardware for Tamper-Resistant Software

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David Lie Articles by John Mitchell Articles by Chandramohan A. Thekkath Articles by Mark Horowitz

2003 IEEE Symposium on Security and Privacy

Berkeley, CA

May 11-May 14

ISBN: 0-7695-1940-7

	ASCII Text	x
	David Lie, John Mitchell, Chandramohan A. Thekkath, Mark Horowitz, "Specifying and Verifying Hardware for Tamper-Resistant Software," Security and Privacy, IEEE Symposium on, pp. 166, 2003 IEEE Symposium on Security and Privacy, 2003.

	BibTex	x
	@article{ 10.1109/SECPRI.2003.1199335, author = {David Lie and John Mitchell and Chandramohan A. Thekkath and Mark Horowitz}, title = {Specifying and Verifying Hardware for Tamper-Resistant Software}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2003}, issn = {1540-7993}, pages = {166}, doi = {http://doi.ieeecomputersociety.org/10.1109/SECPRI.2003.1199335}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Specifying and Verifying Hardware for Tamper-Resistant Software SN - 1540-7993 SP EP A1 - David Lie, A1 - John Mitchell, A1 - Chandramohan A. Thekkath, A1 - Mark Horowitz, PY - 2003 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

David Lie, Stanford University

John Mitchell, Stanford University

Chandramohan A. Thekkath, Stanford University

Mark Horowitz, Stanford University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SECPRI.2003.1199335

We specify a hardware architecture that supports tamper-resistant software by identifying an "idealized" model, which gives the abstracted actions available to a single user program. This idealized model is compared to a concrete "actual" model that includes actions of an adversarial operating system. The architecture is verified by using a finite-state enumeration tool (a model checker) to compare executions of the idealized and actual models. In this approach, software tampering occurs if the system can enter a state where one model is inconsistent with the other. In performing the verification, we detected an replay attack scenario and were able to verify the security of our solution to the problem. Our methods were also able to verify that all actions in the architecture are required, as well as come up with a set of constraints on the operating system to guarantee liveness for users.

Citation:

David Lie, John Mitchell, Chandramohan A. Thekkath, Mark Horowitz, "Specifying and Verifying Hardware for Tamper-Resistant Software," sp, pp.166, 2003 IEEE Symposium on Security and Privacy, 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.