Formal Specification of Trusted Execution Environment APIs

被引:1
作者
Yu, Geunyeol [1 ]
Chae, Seunghyun [1 ]
Bae, Kyungmin [1 ]
Moon, Sungkun [2 ]
机构
[1] Pohang Univ Sci & Technol, Pohang, South Korea
[2] Samsung Elect, Hwasung, South Korea
来源
FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING, FASE 2024 | 2024年 / 14573卷
基金
新加坡国家研究基金会;
关键词
Trusted execution environments; formal specification; formal methods; model checking; rewriting logic; Maude;
D O I
10.1007/978-3-031-57259-3_5
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Trusted execution environments (TEEs) have emerged as a key technology in the cybersecurity domain. A TEE provides an isolated environment in which sensitive computations can be executed securely. Trusted applications running in TEEs are developed using standardized APIs that many hardware platforms for TEE adhere to. However, formal models tailored to standard TEE APIs are not well developed. In this paper, we present a formal specification of TEE APIs using Maude. We focus on Trusted Storage API and Cryptographic Operations API, which are foundational to mobile and IoT applications. The effectiveness of our approach is demonstrated through formal analysis of MQT-TZ, an open-source TEE application for IoT. Our formal analysis has revealed security vulnerabilities in the implementation of MQT-TZ, and we patch and confirm its integrity using model checking.
引用
收藏
页码:101 / 121
页数:21
相关论文
共 50 条
  • [21] Formal Specification of the MPI-2.0 Standard in TLA
    Li, Guodong
    Delisi, Michael
    Gopalakrishnan, Ganesh
    Kirby, Robert M.
    PPOPP'08: PROCEEDINGS OF THE 2008 ACM SIGPLAN SYMPOSIUM ON PRINCIPLES AND PRACTICE OF PARALLEL PROGRAMMING, 2008, : 283 - 284
  • [22] Formal Framework Supporting the Specification of the Interactions between Agents
    Mokhati, Farid
    Badri, Mourad
    Badri, Linda
    INFORMATICA-JOURNAL OF COMPUTING AND INFORMATICS, 2007, 31 (03): : 337 - 350
  • [23] Formal specification of concurrent systems
    Chadha, HS
    Baugh, JW
    Wing, JM
    ADVANCES IN ENGINEERING SOFTWARE, 1999, 30 (03) : 211 - 224
  • [24] A Formal Framework Supporting the Specification of the Interactions between Agents
    Mokhati, Farid
    Badri, Mourad
    Badri, Linda
    INFORMATICA-JOURNAL OF COMPUTING AND INFORMATICS, 2006, 30 (01): : 97 - 110
  • [25] Obscuro: A Bitcoin Mixer using Trusted Execution Environments
    Tran, Muoi
    Luu, Loi
    Kang, Min Suk
    Bentov, Iddo
    Saxena, Prateek
    34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018), 2018, : 692 - 701
  • [26] Fortress: Securing IoT Peripherals with Trusted Execution Environments
    Yuhala, Peterson
    Menetrey, James
    Felber, Pascal
    Pasin, Marcelo
    Schiavoni, Valerio
    39TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, SAC 2024, 2024, : 243 - 250
  • [27] The Untapped Potential of Trusted Execution Environments on Mobile Devices
    Ekberg, Jan-Erik
    Kostiainen, Kari
    Asokan, N.
    IEEE SECURITY & PRIVACY, 2014, 12 (04) : 29 - 37
  • [28] Remote Attestation Assurance Arguments for Trusted Execution Environments
    Usman, Ahmad B.
    Cole, Nigel
    Asplund, Mikael
    Boeira, Felipe
    Vestlund, Christian
    PROCEEDINGS OF THE 2023 ACM WORKSHOP ON SECURE AND TRUSTWORTHY CYBER-PHYSICAL SYSTEMS, SAT-CPS 2023, 2023, : 33 - 42
  • [29] Formal Specification of a Particular Banking Domain with RAISE Specification Language
    Nami, Mohammad Reza
    Malekpour, Abbas
    2008 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS, VOLS 1-3, 2008, : 7 - +
  • [30] Formal Specification and Verification of JXTA's Endpoint Routing Protocol
    Konga, Yannick L. Kala
    Djouani, Karim
    IEEE AFRICON 2011, 2011,
12345