Paper 2010/213

Composable Security Analysis of OS Services

Ran Canetti, Suresh Chari, Shai Halevi, Birgit Pfitzmann, Arnab Roy, Michael Steiner, and Wietse Venema


We provide an analytical framework for analyzing basic integrity properties of file systems, namely the binding of files to filenames and writing capabilities. A salient feature of our modeling and analysis is that it is *composable*: In spite of the fact that we analyze the filesystem in isolation, security is guaranteed even when the file system operates as a component within an arbitrary, and potentially adversarial system. Such secure composability properties seem essential when trying to assert the security of large systems. Our results are obtained by adapting the *Universally Composable* (UC) security framework to the analysis of software systems. Originally developed for cryptographic protocols, the UC framework allows the analysis of simple components in isolation, and provides assurance that these components maintain their behavior when combined in a large system, potentially under adversarial conditions.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Composable SecurityFile-System SecurityFormal ModelsSoftware Security
Contact author(s)
shaih @ alum mit edu
2011-04-27: revised
2010-04-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ran Canetti and Suresh Chari and Shai Halevi and Birgit Pfitzmann and Arnab Roy and Michael Steiner and Wietse Venema},
      title = {Composable Security Analysis of OS Services},
      howpublished = {Cryptology ePrint Archive, Paper 2010/213},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.