How To Build A Provably Secure Execution Platform For Embedded Systems

Size: px

Start display at page:

Download "How To Build A Provably Secure Execution Platform For Embedded Systems"

Cuthbert King
3 years ago
Views:

1 Provably Secure Execution Platforms for Embedded Systems ---- The PROSPER Project Mads Dam KTH Royal Institute of Technology Programvara för konkurrenskraft, SSF, Vinnova, 10 Feb 2015

2 The Evolving Security Landscape Increasing attack surfaces Increasing aggregate value Increasing attack sophistication Increasing demand for strong security solutions Industrial pull for strong verification techniques Significant exploitation potential

Increasing demand for strong security solutions Industrial

3 It s the Execution Platform, Stupid! Processor hardware: a shared commodity - User, payment provider, media owner, platform provider, operating system, - All need private, tamperproof storage and cpu cycles - Without this, security will remain fragile Need trustworthy execution environments - Allow secure sharing of hardware - Memory isolation - Minimal - Open to scrutiny

provider, operating system, - All need private, tamperproof storage and cpu cycles - Without

4 Secure Virtualization Applications OS Applications Secure OS Hypervisor CPU

5 PROSPER Objectives Build the next-generation framework for fully verified, secure hypervisors for embedded systems Demonstrate utility using - Commodity hardware ARMv7/v8, MIPS, - Commodity software Linux, RTOS, Develop the required verification technology - Theory - Tools - For security formalization and analysis - For hypervisor development

ARMv7/v8, MIPS, - Commodity software Linux, RTOS, Develop the required verification

6 Demonstrator: Provably Secure Kernel Updates in Linux on ARM Network driver Monitor Hypervisor Objective: Execute only signed programs

7 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed

8 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed, AND Hypervisor is never tampered with

9 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed, AND Hypervisor is never tampered with, AND Monitor is never tampered with

10 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed, AND Hypervisor is never tampered with, AND Monitor is never tampered with, AND No memory page is ever simultaneously write and execute enabled,

Then: Only signed code is ever executed, AND Hypervisor is never tampered with, AND

11 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed This is a big deal!

12 Theorem: Assume: What Does This Give Us? 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed This is a big deal! Theorem about security inside COTS OS No Linux bug can cause unsigned code to be executed Use to bootstrap many provably secure services

Then: Only signed code is ever executed This is a big deal!

13 How Do We Do This? Theorem proving + binary verification Formal processor ISA specification - Including memory management unit - Large task Top level security specification: Processor + idealized MMU behaviour Low level implementation Proof of equivalence Repeat as needed

14 PROSPER Results So Far Hypervisor #1: Separation kernel for ARMv7 Fully verified at assembly level Papers in CCS 13, CPP 13, TrustED 13 Hypervisor #2: Linux-on-ARM hypervisor Partially verified at assembly level Papers in CCS 14, Sofsem 15 Lots of auxiliary theory and tools

13 Hypervisor #2: Linux-on-ARM hypervisor Partially verified at

15 PROSPER Results To Come Hypervisor #3: Linux-on-ARM hypervisor for 64 bit ARMv8 Much more complex hardware: - Multicore essential - Virtualization support To do: ISA-level multicore model + validation Processor architecture analysis tool Verification support for concurrent machine code Hypervisor design and analysis

do: ISA-level multicore model + validation Processor architecture analysis tool

16 Spin-offs and Collaborations Vinnova UDI project HASPOC w. Ericsson, Sectra, T2Data, Tutus, Atsec, SICS, KTH 1 patent application 2 PhD s completed Open source hypervisor release SICS project with Ericsson Research EU FP7 project UaESMC, KTH MONITOR project KTH-Ericsson HOL4 Cambridge team (Fox, Myreen) TU-Berlin and DT Labs (Seifert) INRIA/IRISA/DGA Rennes...

Open source hypervisor release SICS project with Ericsson Research EU FP7 project UaESMC,

17 Team At KTH: Mads Dam, Prof, PI Roberto Guanciale, postdoc Christoph Baumann, postdoc Hamed Nemati, PhD student MSc students (Andreas Lundblad, PhD) (Gurvan le Guernic, postdoc) (Narges Khakpour, postdoc) (Musard Balliu, PhD) At SICS: Christian Gehrmann, PhD, co-pi Arash Vahidi, PhD Oliver Schwarz, PhD student Viktor Do, researcher MSc students

postdoc) (Narges Khakpour, postdoc) (Musard Balliu, PhD) At SICS: Christian Gehrmann,

18 Main Publications Schwarz, Gehrmann, Securing DMA through Virtualization, IEEE Workshop on Complexity in Engineering, June 2012, Aachen, Germany. Balliu, Dam, Le Guernic. ENCOVER: Symbolic Exploration for Information Flow Security. In Proc. CSF '12. Dam, Lundblad, le Guernic: TreeDroid: a tree automaton based approach to enforcing data processing policies", Proc. CCS'12 Vahidi, Jämthagen, "Secure RPC in embedded systems - Evaluation of some GlobalPlatform implementation alternatives, 8th Workshop on Embedded Systems Security, 2013 Dam, Guanciale, Khakpour, Nemati, Schwarz, "Formal Verification of Information Flow Security for a Simple ARM-Based Separation Kernel", CCS 13 Khakpour, Schwarz, Dam, "Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties", Proc CPP 13 Dam, Guanciale, Nemati, Machine code verification of a tiny ARM hypervisor, in Proc. TrustED 13 Lundblad, Inlined reference monitors: Certification, concurrency, and tree based monitoring, PhD thesis, KTH, 2013 M. Balliu: A Logic for Information Flow Analysis of Distributed Programs. Proc. 18th Nordic Conference on Secure IT Systems, NordSec 2013, Ilulissat, Greenland, October 18-21, M. Dam, R. Guanciale, N. Khakpour "Method and Approach for Kernel Security Analysis," PCT pat. application no. PCT/EP2013/059602, 2013 O. Schwarz, C. Gehrmann, V. Do. Affordable Separation on Embedded Platforms: Soft Reboot Enabled Virtualization on a Dual Mode System, Proc. Trust 14, Balliu, Dam, Guanciale: Automating information flow analysis of low level code, CCS 14 Schwarz, Dam: Formal verification of secure user mode device execution with DMA, HVC 14 Nemati, Guanciale, Dam: Trustworthy isolation of the ARMv7 memory subsystem, Sofsem 15 Musard Balliu: Logics for information flow security: From specification to implementation, PhD thesis, KTH, 2014.

CCS'12 Vahidi, Jämthagen, "Secure RPC in embedded systems - Evaluation of some GlobalPlatform implementation alternatives, 8th Workshop on Embedded Systems Security, 2013 Dam, Guanciale, Khakpour,

Research in Embedded Systems at the CSC School

Research in Embedded Systems at the CSC School Prof. Mads Dam Theoretical Computer Science School of Computer Science and Communication mfd@kth.se, tel.08-790 6229 CSC Departments CB Computational Biology