Saved in:
Bibliographic Details
Main Authors: Busi, Matteo, Focardi, Riccardo, Luccio, Flaminia
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2404.09518
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917639484342272
author Busi, Matteo
Focardi, Riccardo
Luccio, Flaminia
author_facet Busi, Matteo
Focardi, Riccardo
Luccio, Flaminia
contents Techniques for verifying or invalidating the security of computer systems have come a long way in recent years. Extremely sophisticated tools are available to specify and formally verify the behavior of a system and, at the same time, attack techniques have evolved to the point of questioning the possibility of obtaining adequate levels of security, especially in critical applications. In a recent paper, Bognar et al. have clearly highlighted this inconsistency between the two worlds: on one side, formal verification allows writing irrefutable proofs of the security of a system, on the other side concrete attacks make these proofs waver, exhibiting a gap between models and implementations which is very complex to bridge. In this paper, we propose a new method to reduce this gap in the Sancus embedded security architecture, by exploiting some peculiarities of both approaches. Our technique first extracts a behavioral model by directly interacting with the real Sancus system and then analyzes it to identify attacks and anomalies. Given a threat model, our method either finds attacks in the given threat model or gives probabilistic guarantees on the security of the system. We implement our method and use it to systematically rediscover known attacks and uncover new ones.
format Preprint
id arxiv_https___arxiv_org_abs_2404_09518
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Bridging the Gap: Automated Analysis of Sancus
Busi, Matteo
Focardi, Riccardo
Luccio, Flaminia
Cryptography and Security
Techniques for verifying or invalidating the security of computer systems have come a long way in recent years. Extremely sophisticated tools are available to specify and formally verify the behavior of a system and, at the same time, attack techniques have evolved to the point of questioning the possibility of obtaining adequate levels of security, especially in critical applications. In a recent paper, Bognar et al. have clearly highlighted this inconsistency between the two worlds: on one side, formal verification allows writing irrefutable proofs of the security of a system, on the other side concrete attacks make these proofs waver, exhibiting a gap between models and implementations which is very complex to bridge. In this paper, we propose a new method to reduce this gap in the Sancus embedded security architecture, by exploiting some peculiarities of both approaches. Our technique first extracts a behavioral model by directly interacting with the real Sancus system and then analyzes it to identify attacks and anomalies. Given a threat model, our method either finds attacks in the given threat model or gives probabilistic guarantees on the security of the system. We implement our method and use it to systematically rediscover known attacks and uncover new ones.
title Bridging the Gap: Automated Analysis of Sancus
topic Cryptography and Security
url https://arxiv.org/abs/2404.09518