Nowadays embedded devices collect various kinds of information and provide it to communication networks for further processing. These devices often provide critical functionalities that could be exploited by malicious parties. Using formal techniques is a natural way to increase the confidence in the overall embedded system security. However, the major research focus is on verifying only the correctness of encryption algorithms and their implementation in software and hardware and not the whole security process. Following novel research studies, many security requirements of an embedded architecture can be specified as Taint Properties, expressing properties related to information flow and access control. In this paper we define Taint Properties as a way to find out whether there is a path from src to dest, where src is an RTL signal seeded with the Taint and dest is a signal not to be reached by the Taint in order to satisfy the security requirements. In our scenario a Taint is an untrusted code following an illegal path from src to dest. We present a systematic approach to formalize generic security requirements, referring to a model abstraction, and their related Taint Properties of an embedded architecture. First, we present our model abstraction of two selected embedded secure architectures, then we define a portfolio of Taint Properties to verify key secrecy, isolation, attestation, confidentiality and availability features. We finally perform verification of previously defined formal security properties, hence presenting results on two selected embedded architectures proving the effectiveness of our approach.

Secure Embedded Architectures: Taint Properties Verification / Cabodi, Gianpiero; Camurati, Paolo Enrico; Finocchiaro, SEBASTIANO FABRIZIO; Loiacono, Carmelo; Savarese, Francesco; Vendraminetto, Danilo. - ELETTRONICO. - (2016). (Intervento presentato al convegno International Conference on Development and Application Systems) [10.1109/DAAS.2016.7492565].

Secure Embedded Architectures: Taint Properties Verification

CABODI, Gianpiero;CAMURATI, Paolo Enrico;FINOCCHIARO, SEBASTIANO FABRIZIO;LOIACONO, CARMELO;SAVARESE, FRANCESCO;VENDRAMINETTO, DANILO
2016

Abstract

Nowadays embedded devices collect various kinds of information and provide it to communication networks for further processing. These devices often provide critical functionalities that could be exploited by malicious parties. Using formal techniques is a natural way to increase the confidence in the overall embedded system security. However, the major research focus is on verifying only the correctness of encryption algorithms and their implementation in software and hardware and not the whole security process. Following novel research studies, many security requirements of an embedded architecture can be specified as Taint Properties, expressing properties related to information flow and access control. In this paper we define Taint Properties as a way to find out whether there is a path from src to dest, where src is an RTL signal seeded with the Taint and dest is a signal not to be reached by the Taint in order to satisfy the security requirements. In our scenario a Taint is an untrusted code following an illegal path from src to dest. We present a systematic approach to formalize generic security requirements, referring to a model abstraction, and their related Taint Properties of an embedded architecture. First, we present our model abstraction of two selected embedded secure architectures, then we define a portfolio of Taint Properties to verify key secrecy, isolation, attestation, confidentiality and availability features. We finally perform verification of previously defined formal security properties, hence presenting results on two selected embedded architectures proving the effectiveness of our approach.
2016
978-1-5090-1993-9
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2641771
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo