a robust machine code proof framework for highly secure
play

A Robust Machine Code Proof Framework for Highly Secure - PowerPoint PPT Presentation

Feb 14, 2024 •272 likes •552 views

A Robust Machine Code Proof Framework for Highly Secure Applications David Hardin Advanced Technology Center Rockwell Collins Eric Smith Stanford University Bill Young University of Texas at Austin UNCLASSIFIED SLIDE 1 Overview Overview

  1. A Robust Machine Code Proof Framework for Highly Secure Applications David Hardin Advanced Technology Center Rockwell Collins Eric Smith Stanford University Bill Young University of Texas at Austin UNCLASSIFIED SLIDE 1

  2. Overview Overview • Rockwell Collins Introduction • AAMP7G Microprocessor – MILS Certification • SHADE Program – AAMP7G tools – Microcryptol Verifying Compiler – AAMP7G Instruction Set Formal Model – Compositional Cutpoint Reasoning • Summary Advanced Technology Center UNCLASSIFIED

  3. Rockwell Collins Rockwell Collins A World Leader in Aviation Electronics and Airborne/ Mobile Communications Systems for Commercial and Military Applications Communications Navigation Automated Flight Control Displays / Surveillance Aviation Services In-Flight Entertainment Integrated Aviation Electronics Information Management Systems Advanced Technology Center UNCLASSIFIED

  4. The Problem – – High High- -Assurance for Security Assurance for Security The Problem Applications Applications • Flawed implementations can have grave consequences – So NSA performs intensive evaluations of critical encryption devices • Evaluation process is difficult – Increasingly numerous crypto implementations – Trusted experts are scarce – Review process is time-consuming and expensive – Optimized crypto algorithms are complex, easy to overlook corner cases • Highest Evaluation Assurance Level requires formal proofs – Industry has very little practical experience in this area Advanced Technology Center UNCLASSIFIED

  5. Rockwell Collins AAMP7G CPU Rockwell Collins AAMP7G CPU • Developed by RCI Advanced Technology AAMP7 die Center • Used in RCI GPS and Information Assurance products • High Code Density • Low Power Consumption (250 mW) • 100 MHz operation • Screened for full military temp range • Implements intrinsic partitioning Intrinsic partitioning • Computing Platform Enforces Data Isolation • “Separation Kernel in Hardware” X Y Z Advanced Technology Center UNCLASSIFIED

  6. AAMP7G Formal Verification AAMP7G Formal Verification Common Criteria EAL7 Proof Obligations Security Formal Verification Policy Formal Verification Abstract Abstract Model Model Code-to-Spec Reviews Low-Level Low-Level Kernel Kernel Model Model Microcode Microcode AAMP7 AAMP7G Advanced Technology Center UNCLASSIFIED

  7. AAMP7G Intrinsic Partitioning AAMP7G Intrinsic Partitioning Formal Verification Formal Verification Program Accomplishments � Developed formal description of separation for uniprocessor, multipartition system � Modeled trusted AAMP7G microcode � Constructed machine-checked proof that separation holds of AAMP7G model, using ACL2 � Model subject of intensive code-to-spec review � Satisfies NSA MILS formal methods evaluation requirements patterned after Common Criteria EAL7+ with respect to ADV � NSA MILS certificate granted in May 2005 � AAMP7G can concurrently process Unclassified through Top Secret Codeword information • RCI IR&D funded • Capability developed in multiyear RCI formal methods research program Advanced Technology Center UNCLASSIFIED

  8. Secure, High Assurance Development Secure, High Assurance Development Environment (SHADE) Environment (SHADE) Program Objectives � Provide a “nuts-and-bolts” partitioned development environment. � Develop tools and techniques to provide formal analysis at the instruction level for the AAMP7 processor � Develop a verifying compiler for an “embeddable” AAMP7G development board subset of the Cryptol cryptographic language targeting the AAMP7 � Demonstrate a convenient, high-assured toolchain path from high-level algorithm description to load image. RCI subcontractors: Galois Connections, University of Texas at Austin Eclipse-based AAMP7G development environment Advanced Technology Center UNCLASSIFIED

  9. SHADE Summary SHADE Summary Cryptol Spec Generate Generate AAMP7 ACL2 Code Spec Proof User Interface AAMP7 Simulator Linker/ Loader/ Debugger Configuration AAMP7 Advanced Technology Center UNCLASSIFIED

  10. AAMP7G Partition Views UNCLASSIFIED Advanced Technology Center

  11. ACL2 session Process Stack Disassembly AAMP7G ACL2 Formal Model Integration with Console Eclipse AAMP7G Tools Advanced Technology Center UNCLASSIFIED

  12. Cryptol Cryptol • Galois’ domain-specific language for cryptography algorithms http://www.cryptol.net • Cryptol features: • Purely functional • Size-indexed bitvector types, no limits on bitvector size • Lazy infinite streams • Not Turing-complete • µCryptol • Cryptol subset, tailored for systems with constrained memory • Formal semantics • Designed for verification • Creating a verifying compiler targeting the AAMP7G • See paper in HCSS06 Proceedings Advanced Technology Center UNCLASSIFIED

  13. Why a verifying compiler for µ µCryptol Cryptol? ? Why a verifying compiler for • Cryptographic systems need to be correct – NSA is a demanding customer • Cryptographic systems are difficult, expensive to certify – A verifying compiler could markedly reduce code-to-spec review costs and reduce time-to-market for cryptographic devices • Reference Cryptol specifications for common crypto algorithms are available • A domain-specific language, such as Cryptol, seems to present lower risk than attempting a verifying compiler for a general-purpose programming language • Cryptol is a Galois Connections design, so we can state its specification precisely • The AAMP7G is an “easy” code generation target (think JVM) • The AAMP7G is a Rockwell Collins design with a precise specification • Theorem prover technology has matured sufficiently to make this program feasible Advanced Technology Center UNCLASSIFIED

  14. 8 ) Example: factorial (mod 2 8 ) Example: factorial (mod 2 idx fac : B^32 -> B^8; 1 fac i = facs @@ i where { + rec idx : B^8^inf; 1 idx = [1] ## [x + 1 | x <- idx]; and facs : B^8^inf; facs facs = [1] ## [x * y | x <- facs | y <- idx]; }; * 1 Stream values: idx = [1, 2, 3, 4, 5, 6, 7, 8, …] facs = [1, 1, 2, 6, 24, 120, 208, 176, …] Advanced Technology Center UNCLASSIFIED

  15. Extended Verification Architecture Extended Verification Architecture Focus of this talk SHADE Compiler front-end middle-end generate μ Cryptol indexed canonical AAMP7 transforms transforms code program program program program shallow shallow shallow deep embedding embedding embedding embedding HOLCF ACL2 AAMP7 tail- HOLCF first-order translate first-order recursive state functions functions functions functions machine deep embedding of ACL2 in HOL Advanced Technology Center UNCLASSIFIED

  16. Machine code proofs Machine code proofs • If machine starts at a state satisfying program’s precondition (entrypoint assertion), then – Partial correctness : if the machine ever reaches an exitpoint state, then the first exitpoint reached satisfies the program’s postcondition (exitpoint assertion). – Termination : the machine will eventually reach an exitpoint • However, we don’t want to – write and verify a VCG – manually define a clock function • computes for each program state exactly how many steps are needed to reach the next exitpoint Advanced Technology Center UNCLASSIFIED

  17. AAMP7G Instruction- -Set Formal Model Set Formal Model AAMP7G Instruction • Provides instruction-level simulator for the AAMP7 • Written in ACL2 – ~100 KSLOC with all RCI support books – ~500 MB Lisp heap required • Can be used as a processor simulator, as well as a vehicle for proof – Validated by loading AAMP processor diagnostic tests into (simulated) memory, and running the model • Models complex instruction set, including exception handling, trap handling, thread context switching, floating point, etc. Advanced Technology Center UNCLASSIFIED

  18. Layers in the AAMP7G instruction- -level level Layers in the AAMP7G instruction model model END STATE START STATE Partition Step Thread Context Switches Subroutine Invocations Basic Blocks Abstract Instruction Steps Concrete Instruction Steps Microcode Steps Advanced Technology Center UNCLASSIFIED

  19. Instruction Abstraction Instruction Abstraction • Concrete instruction set level similar to microcode implementation • Abstract level models the overall effect of executing the instruction without necessarily modeling every microstep, e.g.: (defun vm-addu-expected-result (st) (modify st :pc (inc-pc 1 st) :tos (inc-tos 1 st) :memtmp8 *addu-opcode* :memtmp (get-stack-word 1 st) :ram (modify-ram st :stack-word 1 (+ (get-stack-word 0 st) (get-stack-word 1 st)) ))) Advanced Technology Center UNCLASSIFIED

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What Is Robust Code? Robust code A style of programming that

What Is Robust Code? Robust code A style of programming that

What Is Robust Code? Robust code A style of programming that prevents abnormal termina8on or unexpected ac8ons Handles bad input gracefully Detects

433 views • 12 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Robust Programming Style of programming that prevents abnormal termination and unexpected

Robust Programming Style of programming that prevents abnormal termination and unexpected

Robust Programming Style of programming that prevents abnormal termination and unexpected actions Code handles bad inputs reasonably Code assumes errors will occur and takes appropriate action Also called bomb-proof programming

833 views • 43 slides
ParSecureML: An Efficient Parallel Secure Machine Learning Framework on GPUs Zheng Chen , Feng

ParSecureML: An Efficient Parallel Secure Machine Learning Framework on GPUs Zheng Chen , Feng

49th International Conference on Parallel Processing - ICPP ParSecureML: An Efficient Parallel Secure Machine Learning Framework on GPUs Zheng Chen , Feng Zhang , Amelie Chi Zhou , Jidong Zhai+, Chenyang Zhang , Xiaoyong Du Renmin

570 views • 34 slides
A Machine-Assisted Proof of Gdel's Incompleteness Theorems Lawrence C. Paulson, Computer

A Machine-Assisted Proof of Gdel's Incompleteness Theorems Lawrence C. Paulson, Computer

A Machine-Assisted Proof of Gdel's Incompleteness Theorems Lawrence C. Paulson, Computer Laboratory, University of Cambridge The most misunderstood theorems in mathematics Gdels theorems have highly For the first time, both of

319 views • 28 slides
Metasm un framework pour code machine Yoann Guillot Plan Intro Applications Exemples

Metasm un framework pour code machine Yoann Guillot Plan Intro Applications Exemples

Metasm un framework pour code machine Yoann Guillot Plan Intro Applications Exemples Sommaire Prsentation du framework Aperu de larchitecture Fonctionnalits Ce qui devient possible Exemples ( Unrestricted ) Research &amp;

462 views • 17 slides
Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised

Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised

Robust Optimization &amp; Machine Learning 6. Robust Optimization Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised Learning Motivations Examples Thresholding and robustness Boolean data

724 views • 48 slides
Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M

Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M

Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M unchen 1 Motivation Proof carrying code (Lee, Necula) Why? Proofs are machine checkable (easily) Here: code carrying proofs Prospects:

541 views • 36 slides
Secure Computation of MIPS Machine Code Gordon, Katz, McIntosh, Wang Efficiency vs. Generality

Secure Computation of MIPS Machine Code Gordon, Katz, McIntosh, Wang Efficiency vs. Generality

Secure Computation of MIPS Machine Code Gordon, Katz, McIntosh, Wang Efficiency vs. Generality generality efficiency Domain specific languages that approximate certain high level languages. Constructions tailored towards particular

610 views • 28 slides
On Robust Temporal Structures in Highly Dynamic Networks Arnaud Casteigts (LaBRI, University of

On Robust Temporal Structures in Highly Dynamic Networks Arnaud Casteigts (LaBRI, University of

On Robust Temporal Structures in Highly Dynamic Networks Arnaud Casteigts (LaBRI, University of Bordeaux) J. work with Swan Dubois, Franck Petit, and John Michael Robson https://arxiv.org/abs/1703.03190 AATG@ICALP 2018 Highly dynamic networks

804 views • 49 slides
Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation

Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation

Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables All variables have values that

579 views • 15 slides
gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

Gerard Holzmann Nimble Research gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly recommended DO 178C: required as opposed to testing only expected behavior, or randomly poking the code with

635 views • 18 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Robust Uncertainty Principles: Exact Signal Reconstruction from Highly Incomplete Frequency

Robust Uncertainty Principles: Exact Signal Reconstruction from Highly Incomplete Frequency

1 Robust Uncertainty Principles: Exact Signal Reconstruction from Highly Incomplete Frequency Information Emmanuel Cand` es, California Institute of Technology Workshop on Wavelets and Multiscale Analysis, Oberwolfach, July 2004 Collaborators

544 views • 51 slides
Robust Uncertainty Principles: Exact Signal Reconstruction from Highly Incomplete Frequency

Robust Uncertainty Principles: Exact Signal Reconstruction from Highly Incomplete Frequency

1 Robust Uncertainty Principles: Exact Signal Reconstruction from Highly Incomplete Frequency Information Emmanuel Cand` es, California Institute of Technology SIAM Conference on Imaging Science, Salt Lake City, Utah, May 2004 Collaborators :

780 views • 31 slides
Accurate Garbage Collection in Uncooperative Environments with Lazy Pointer Stacks Jason

Accurate Garbage Collection in Uncooperative Environments with Lazy Pointer Stacks Jason

Accurate Garbage Collection in Uncooperative Environments with Lazy Pointer Stacks Jason Baker, Antonio Cunei, Filip Pizlo , Jan Vitek Purdue University New Programming Language Translate Compile Hard! Old Programming Language d l O

568 views • 39 slides
Programming Languages Closures-ish in Python and C++ Higher-order programming Higher-order

Programming Languages Closures-ish in Python and C++ Higher-order programming Higher-order

Programming Languages Closures-ish in Python and C++ Higher-order programming Higher-order programming, e.g., with map and filter , is great Language support for closures makes it very pleasant Without closures, we can still do it

601 views • 9 slides
Scope and Parameter Passing 1 / 19 Outline Overview Naming and scope Function/procedure calls

Scope and Parameter Passing 1 / 19 Outline Overview Naming and scope Function/procedure calls

Scope and Parameter Passing 1 / 19 Outline Overview Naming and scope Function/procedure calls Static vs. dynamic scope Parameter passing schemes 2 / 19 Review of naming Most languages provide a way to name and reuse stuff Naming concepts

206 views • 19 slides
Evaluating State and Local Business Incentives Cailin Slattery, Columbia GSB Owen Zidar,

Evaluating State and Local Business Incentives Cailin Slattery, Columbia GSB Owen Zidar,

Evaluating State and Local Business Incentives Cailin Slattery, Columbia GSB Owen Zidar, Princeton &amp; NBER Brookings Municipal Finance Conference July 14, 2020 Motivation State and local governments spend billions of dollars each year on

558 views • 38 slides
Lecture Outline Intermediate Code &amp; Intermediate code Local Optimizations Local

Lecture Outline Intermediate Code &amp; Intermediate code Local Optimizations Local

Lecture Outline Intermediate Code &amp; Intermediate code Local Optimizations Local optimizations 2 Compiler Design I (2011) Code Generation Summary Why Intermediate Languages? We have so far discussed ISSUE: ISSUE: When

338 views • 13 slides
Rebuilding Guile from the ground up A preview of Guile 2.2 GNU Hackers Meeting 2014 Andy

Rebuilding Guile from the ground up A preview of Guile 2.2 GNU Hackers Meeting 2014 Andy

Rebuilding Guile from the ground up A preview of Guile 2.2 GNU Hackers Meeting 2014 Andy Wingo wingo@igalia.com Hacking compiler tech at Igalia since 2011 Mostly JS engine feature work (V8, SpiderMonkey) Some work time on Guile How we

155 views • 15 slides
Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control

Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control

Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control Zachary Kincaid Azadeh Farzan University of Toronto January 18, 2013 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18,

751 views • 54 slides
Subroutines Parameters Passing Parameter Passing p. 1/7 Methods of Passing Parameters In

Subroutines Parameters Passing Parameter Passing p. 1/7 Methods of Passing Parameters In

Systems Architecture Subroutines Parameters Passing Parameter Passing p. 1/7 Methods of Passing Parameters In Registers Must document registers used Limited number of registers Uses fast on-chip registers Dictates register usage

462 views • 14 slides

More recommend