Formal methods: state of the art and future directions
ACM Computing Surveys (CSUR) - Special ACM 50th-anniversary issue: strategic directions in computing research
An Industrial Strength Theorem Prover for a Logic Based on Common Lisp
IEEE Transactions on Software Engineering
The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone?
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Formal Specification of Requirements for Payment Transactions in the SET Protocol
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Using a High-Performance, Programmable Secure Coprocessor
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Language generation and verification in the NRL protocol analyzer
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Fast, automatic checking of security protocols
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Model checking electronic commerce protocols
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Secure coprocessors in electronic commerce applications
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Towards a mechanically checked theory of computation: the ACL2 project
Logic-based artificial intelligence
Classification of malicious host threats in mobile agent computing
SAICSIT '02 Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
A Formal Security Model for Microprocessor Hardware
IEEE Transactions on Software Engineering
Authenticated Operation of Open Computing Devices
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Monotonicity and Partial Results Protection for Mobile Agents
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Verified Software: Theories, Tools, Experiments
Towards seamless mobility on pervasive hardware
Pervasive and Mobile Computing
A session key caching and prefetching scheme for secure communication in cluster systems
Journal of Parallel and Distributed Computing
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
CODESSEAL: Compiler/FPGA approach to secure applications
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
| Hi-index | 0.00 |
Secure coprocessors provide a foundation for many exciting electronic commerce applications, as previous work [20, 21] has demonstrated. As our recent work [6, 13, 14] has explored, building a high-end secure coprocessor that can be easily programmed and deployed by a wide range of third parties can be an important step toward realizing this promise. But this step requires trusting trusted hardware-and achieving this trust can be difficult in the face of a problem and solution space that can be surprisingly complex and subtle. Formal methods provide one means to express, verify, and analyze such solutions (and would be required for such a solution to be certified at FIPS 140-1 Level 4). This paper discusses our current efforts to apply these principles to the architecture of our secure coprocessor. We present formal statements of the security goals our architecture needs to provide; we argue for correctness by enumerating the architectural properties from which these goals can be proven; we argue for conciseness by showing how eliminating properties causes the goals to fail; but we discuss how simpler versions of the architecture can satisfy weaker security goals. We view this work as the beginning of developing formal models to address the trust challenges arising from using trusted hardware for electronic commerce.