Framework for Design Validation of Security Architectures Page: 12
The following text was automatically extracted from the image on this page using optical character recognition software:
Table 4: Verifications and Attacks
# Security Property Attack Mechanism Results
1 Binding TSM to Secrets Attack the persistent storage protected Physical possession of PASS
by one TSM from another TSM when SP device
the DRK is changed.
2 Confidentiality & In- Attacks secure memory outside pro- Virtual/physical mem- PASS
tegrity of Secure Memory tected mode through eavesdropping, ory access to TSM
spoofing, and splicing. pages
Confidentiality & In- Attacks on registers during an interrupt OS access to saved PASS
tegrity of General Regis- of a TSM through eavesdropping, spoof- process context
ters ing, splicing, and replay.
Access HW Master Se- Attack the SP master secrets (DRK & Unprotected applica- PASS
crets SRH) from outside protected mode tion execution
Integrity of TSM Code Attacks on TSM code before and during Disk access or access Not Yet
execution through spoofing and splic- to text pages in mem- Tested
3 Confidentiality & In- Attack the TSM's secure storage, cre- Disk access or access PASS
tegrity of Persistent ated using DRK and SRH, on disk or to data pages in mem-
Secure Storage when loading into memory. ory
Binding Security Policies Attack the TSM's enforcement of secu- Disk access or access PASS
to Keys rity policies on the use of keys in its to data pages in mem-
persistent storage, and the secrets those ory
its software interactions. It also enables testing various
software applications using the new security hardware,
unlike a new hardware prototype which does not have
an OS running on it.
Our framework serves as a rapid prototyping vehicle
for black-box or white-box testing of security proper-
ties. It can utilize and integrate multiple event sources
and attack mechanisms from the hardware and software
layers of the system under test. These mechanisms can
test both low-level mechanisms and high-level applica-
tion behavior. As a result, a full range of attacks are
realizable on the hardware, operating system, and ap-
Finally, we implement the SP architecture in our frame-
work and test its security mechanisms thoroughly. We
demonstrate that the full trust chain of the architecture
holds up under attack, using a real TSM for remote key-
 J. S. Dwoskin and R. B. Lee, "Hardware-rooted
Trust for Secure Key Management and Tran-
sient Trust," in ACM Conference on Computer
and Communications Security (CCS), (Alexandria,
VA), pp. 389-400, October 2007.
 R. P. Goldberg, Architectural Principles for Virtual
Computer Systems. PhD thesis, Harvard Univer-
 R. Goldberg, "Survey of Virtual Machine Re-
search," IEEE Computer, pp. 34-45, June 1974.
 M. Rosenblum and T. Garfinkel, "Virtual machine
monitors: current technology and future trends,"
IEEE Computer, vol. 38, no. 5, pp. 39-47, 2005.
 R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. S.
Dwoskin, and Z. Wang, "Architecture for Protect-
ing Critical Secrets in Microprocessors," in Intl.
Symposium on Computer Architecture (ISCA),
pp. 2-13, 2005.
 "OKL4 Microkernel." Open Kernel Labs, http:
 G. Popek and R. P. Goldberg, "Formal Require-
ments for Virtualizable 3rd Generation Architec-
tures," Communications of the A.C.M., vol. 17,
no. 7, pp. 412-421, 1974.
 "VMware Workstation." VMware Inc., http: //
www . vmware . com.
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
Dwoskin, Jeffrey Scott, 1980-; Gomathisankaran, Mahadevan & Lee, Ruby Bei-Loh. Framework for Design Validation of Security Architectures, report, November 17, 2008; [Princeton, New Jersey]. (digital.library.unt.edu/ark:/67531/metadc130192/m1/12/: accessed March 23, 2017), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT College of Engineering.