New abstractions in applied pi-calculus and automated verification of protected executions

Protocols for the protected execution of programs,like those based on a hardware root of trust, will become offundamental importance for computer security. In parallel tosuch protocols, there is therefore a need to develop models andtools that allow formal specification and automated verificationof the desired security properties. Still, current protocols lackrealistic models and automated proofs of security. This is due toseveral challenges that we address in this paper.We consider the classical setting of applied pi-calculus andProVerif, that we enrich with several generic models that allowverification of protocols designed for a given computing platform.Our contributions include models for specifying platform statesand for dynamically loading and executing protected programs.We also propose a new method to make ProVerif terminate ona challenging search space the one obtained by allowing anunbounded number of extensions and resets for the platformconfiguration registers of the TPM.We illustrate our methods with the case study of a protocolfor a dynamic root of trust (based on a TPM), which includesdynamic loading, measurement and protected execution of pro-grams. We prove automatically with ProVerif that code integrityand secrecy of sealed data hold for the considered protocol.