1 / 27

Proof-Carrying Code & Proof-Carrying Authentication

Proof-Carrying Code & Proof-Carrying Authentication. Stuart Pickard CSCI 297 June 2, 2005. Papers. Proof-Carrying Code George C. Necula. POPL97, January 1997.

hiram-norris
Download Presentation

Proof-Carrying Code & Proof-Carrying Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proof-Carrying Code& Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005

  2. Papers Proof-Carrying Code George C. Necula. POPL97, January 1997. Proof-Carrying Authentication Andrew W. Appel and Edward W. Felten. 6th ACM Conference on Computer and Communications Security, November 1999.

  3. The “Proof-Carrying Code” paper is an extension on Tuesday’s presentation on Certifying Compilers. However, the “Proof-Carrying Authentication” is a new topic that uses similar logic to Proof-Carrying Code to prove the right of authentication.

  4. Proof-Carrying Code (quick review) Prof. Simha Stuart code proof Can Professor Simha trust me that my code is safe to run on his computer?

  5. Diagram from “Proof-Carrying Code” paper

  6. The Basic ideas of the paper: • General Proof Carrying Technique With Specific Implementations: • Safety Policy • Safety Proofs • Validation of Safety Proofs

  7. The implementation in the paper uses First-Order Predicate Logic as a basis to formalize the safety policy. The safety rules are expressed as a Floyd-style verification condition generator When given a program and a set of preconditions and postconditions the system can produce a verification condition predicate (VC) in First–Order Logic. If the VC can be proven using the proof rules associated with the logic, then the program satisfies the safety invariants. If the VC cannot be proven, then the program does not satisfy the safety invariants and is unsafe to run.

  8. So what is First-Order Predicate Logic? • First-order predicate calculus or first-order logic (FOL) permits the formulation of quantified statements such as "there exists an x such that..." • In our case: The statements that need to be quantified are the annotated lines of code where type verification is needed.

  9. The Typing Rules

  10. Theorem 3.1 • Any program with a valid verification condition starting in a state that satisfies the preconditions will only reference valid memory locations • Theorem: For any program Π, set of invariants Inv and postcondition Post such that Π0 = INV Pre, if ►VC (Π, Inv, Post) and the initial state satisfies the precondition Pre, then the program reads only from valid memory locations as they are defined by the typing rules, and if it terminates, it does so in a state satisfying the postcondition.

  11. Theorem 3.2 + Corollary • These theorems can be used to help prove adequacy of the first-order logic to guarantee type safety as defined by the safety policy

  12. Recap of Paper • Proof-Carrying code is a mechanism to allow code users to be guaranteed safe code in regards to their safety policy. • The main contribution of the paper was the fact that they implemented a system of program verification using certification (creating the proof on the code producer side) and proof validation (on the code user side)

  13. Paper number 2: “Proof-Carrying Authentication” • Main Idea: Say for example a client desired access to a server, but needed to be authenticated. The authors are purposing a strategy, analogous to Proof-Carrying Code, that makes the user construct a proof that shows they should have access. The server then verifies correctness of the proof and lets the user proceed

  14. Proof-Carrying Authentication Check Proof proof Access? Grant Access

  15. Example of Proof-Carrying Authentication Protocol • Suppose Stuart wanted to access an email server named GWU. The server receives a request from Stuart to “read Stuart’s email.” GWU’s control list says that Stuart can read his email. • But is the request really from Stuart? • How do we solve this?

  16. Add a Certificate Authority • The server GWU trusts the CA to guarantee key-to-name bindings, and the server also knows the CA’s public key. • Stuart then obtains a certificate signed by CA’s private key that says “Ks is Stuart’s public key.” Stuart then signs the message ”read Stuart’s email” with his private key. • With this information GWU can safely grant the request to “read Stuart’s email.”

  17. Constructing the Proof • The server GWU starts with the following assumptions: A1 = trustedCA(CA) A2 = keybind(Kc, CA) A3 = Stuart controls read Stuart’s email • With these assumptions published to Stuart, Stuart can prove to the server GWU that he should be able to read his email using high-order logic.

  18. Proof:

  19. How the Proof is checked: • First check the two digital signatures to establish the fact that Ks signed “read Stuart’s email” and Kc signed the keybind(Ks, S) • From assumption A1 we can prove C controls keybind(Ks, S) by the lemma trustedCA_e. • From A2 and a digital; signature we prove C(keybind(Ks, S)) by the keybind_e lemma.

  20. Proof Check continued • Now from the last two results (C controls keybind(Ks, S) and C(keybind(Ks, S))) we prove keybind(Ks, S) by the controls_e lemma. • From this result and a signature we prove S(read Stuart’s email) by the keybind_e lemma. • Finally, from assumption A3 and S(read Stuart’s email) we prove “read Stuart’s email” by controls_e. • Thus, the server GWU authenticates the user Stuart and allows him access to his email

  21. Note: All parts of the proof need to be true/ checked in order for authentication to occur

  22. Advantages • Just like Proof-Carrying Code, the burden is placed on one side. • It is easy to check a proof, but hard to create a proof. • The user takes the burden and leaves the server to perform the easy proof checking

  23. Implementation of previous example in Twelf • Twelf is an implementation of the Edinburgh Logical Framework. • A standard way of representing this protocol is needed and the code on the next slide is an example of the standard used in this paper.

  24. Twelf representation

  25. Overview • Overall, this example has shown that higher-order logic can be used for authentication purposes • The proofs can be small and not too difficult to create. • Also, proof checking is easy in comparison to proof creation.

  26. Sources • George C. Necula. Proof-Carrying Code POPL97, January 1997. • Andrew W. Appel and Edward W. Felten. Proof-Carrying Authentication 6th ACM Conference on Computer and Communications Security, November 1999. • Peter Lee http://www-2.cs.cmu.edu/Groups/fox/papers/necula-osdi96/node2.htmlTue Sep 17 15:37:44 EDT 1996

  27. Discussion

More Related