International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Composable Security Analysis of OS Services

Ran Canetti
Suresh Chari
Shai Halevi
Birgit Pfitzmann
Arnab Roy
Michael Steiner
Wietse Venema
Search ePrint
Search Google
Abstract: We provide an analytical framework for analyzing basic integrity properties of file systems, namely the binding of files to filenames and writing capabilities. A salient feature of our modeling and analysis is that it is *composable*: In spite of the fact that we analyze the filesystem in isolation, security is guaranteed even when the file system operates as a component within an arbitrary, and potentially adversarial system. Such secure composability properties seem essential when trying to assert the security of large systems. Our results are obtained by adapting the *Universally Composable* (UC) security framework to the analysis of software systems. Originally developed for cryptographic protocols, the UC framework allows the analysis of simple components in isolation, and provides assurance that these components maintain their behavior when combined in a large system, potentially under adversarial conditions.
  title={Composable Security Analysis of OS Services},
  booktitle={IACR Eprint archive},
  keywords={applications / Composable Security, File-System Security, Formal Models, Software Security},
  note={ 14714 received 15 Apr 2010},
  author={Ran Canetti and Suresh Chari and Shai Halevi and Birgit Pfitzmann and Arnab Roy and Michael Steiner and Wietse Venema},