By Topic

Formal Analysis of a Response Mechanism for TCG TOCTOU Attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
3 Author(s)
Xiaolin Chang ; Sch. of Comput. & Inf. Technol., Beijing JiaoTong Univ., Beijing, China ; Bin Xing ; Ying Qin

LWRM was a method for defeating TCG TOCTOU attacks with less overhead during the normal system execution. However, its security capability was evaluated only through experiments. The uncertainty in real experiments may hide the design-level errors. In this paper we explore applying model checking based formal verification techniques to verify whether LWRM can achieve the declared security properties. We first propose a method of modeling LWRM, a kernel-space mechanism, in PROMELA language. Then we detect the design-level vulnerabilities by using SPIN. At last we verify our analysis via experiments and present the challenges to mitigate the vulnerabilities.

Published in:

Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on

Date of Conference:

2-4 Nov. 2012