| 可信执行环境访问控制建模与安全性分析 |
| |
| 引用本文: | 苗新亮,常瑞,潘少平,赵永望,蒋烈辉. 可信执行环境访问控制建模与安全性分析[J]. 软件学报, 2023, 34(8): 3637-3658 |
| |
| 作者姓名: | 苗新亮 常瑞 潘少平 赵永望 蒋烈辉 |
| |
| 作者单位: | 数学工程与先进计算国家重点实验室(战略支援部队信息工程大学), 河南 郑州 450002;浙江大学 计算机科学与技术学院, 浙江 杭州 310027;浙江大学 计算机科学与技术学院, 浙江 杭州 310027;浙江省区块链与网络空间治理重点实验室, 浙江 杭州 310027 |
| |
| 基金项目: | 国家自然科学基金(61872016,62132014) |
| |
| 摘 要: | 可信执行环境(TEE)的安全问题一直受到国内外学者的关注. 利用内存标签技术可以在可信执行环境中实现更细粒度的内存隔离和访问控制机制, 但已有方案往往依赖于测试或者经验分析表明其有效性, 缺乏严格的正确性和安全性保证. 针对内存标签实现的访问控制提出通用的形式化模型框架, 并提出一种基于模型检测的访问控制安全性分析方法. 首先, 利用形式化方法构建基于内存标签的可信执行环境访问控制通用模型框架, 给出访问控制实体的形式化定义, 定义的规则包括访问控制规则和标签更新规则; 然后利用形式化语言B以递增的方式设计并实现该框架的抽象机模型, 通过不变式约束形式化描述模型的基本性质; 再次以可信执行环境的一个具体实现TIMBER-V为应用实例, 通过实例化抽象机模型构建TIMBER-V访问控制模型, 添加安全性质规约并运用模型检测验证模型的功能正确性和安全性; 最后模拟具体攻击场景并实现攻击检测, 评估结果表明提出的安全性分析方法的有效性.
|
| 关 键 词: | 内存标签 可信执行环境 访问控制 模型检测 安全性分析 |
| 收稿时间: | 2021-08-30 |
| 修稿时间: | 2021-10-14 |
Modeling and Security Analysis of Access Control in Trusted Execution Environment |
| |
| MIAO Xin-Liang,CHANG Rui,PAN Shao-Ping,ZHAO Yong-Wang,JIANG Lie-Hui. Modeling and Security Analysis of Access Control in Trusted Execution Environment[J]. Journal of Software, 2023, 34(8): 3637-3658 |
| |
| Authors: | MIAO Xin-Liang CHANG Rui PAN Shao-Ping ZHAO Yong-Wang JIANG Lie-Hui |
| |
| Affiliation: | State Key Laboratory of Mathematical Engineering and Advanced Computing (Strategic Support Force Information Engineering University), Zhengzhou 450002, China;College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China;College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China;Key Laboratory of Blockchain and Cyberspace Governance of Zhejiang Province, Hangzhou 310027, China |
| |
| Abstract: | The security of the trusted execution environment (TEE) has been concerned by Chinese and foreign researchers. Memory tag technology utilized in TEE helps to achieve finer-grained memory isolation and access control mechanisms. Nevertheless, prior works often rely on testing or empirical analysis to show their effectiveness, which fails to strongly guarantee the functional correctness and security properties. This study proposes a general formal model framework for memory tag-based access control and introduces a security analysis method in access control based on model checking. First, a general model framework for the access control model of TEE based on memory tag is constructed through a formal method, and those access control entities are formally defined. The defined rules include access control rules and tag update rules. Then abstract machines under the framework are incrementally designed and implemented with formal language B. In addition, the basic properties of the machines are formalized through invariant constraints. Next, a TEE implementation called TIMBER-V is used as an application case. The TIMBER-V access control model is constructed by instantiating these abstract machines, and the security properties are formally specified. Furthermore, the functional correctness and security of the models are verified based on model checking. Finally, this study simulates the specific attack scenarios, and these attacks are successfully detected. The evaluation results have proved the effectiveness of the security analysis method. |
| |
| Keywords: | memory tag trusted execution environment (TEE) access control model checking security analysis |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
