Deconstructing MinBFT for Security and Verifiability Vincent Rahli, - - PowerPoint PPT Presentation

▶

Apr 21, 2023 172 likes •335 views

Deconstructing MinBFT for Security and Verifiability Vincent Rahli, Francisco Rocha, Marcus V olp, and Paulo Esteves-Verissimo http://wwwen.uni.lu/snt/research/critix March 15, 2016 Vincent Rahli Deconstructing MinBFT March 15, 2016

SLIDE 1

Deconstructing MinBFT for Security and Verifiability

Vincent Rahli, Francisco Rocha, Marcus V¨

lp, and

Paulo Esteves-Verissimo http://wwwen.uni.lu/snt/research/critix March 15, 2016

Vincent Rahli Deconstructing MinBFT March 15, 2016 1/15

SLIDE 2

Meet The Team

Francisco Rocha Marcus V¨

J´ er´ emie Decouchant Paulo Esteves-Verissimo Vincent Rahli

Vincent Rahli Deconstructing MinBFT March 15, 2016 2/15

SLIDE 3

Overall Story

Resilience (fault-tolerance) Security Formal Correctness

Vincent Rahli Deconstructing MinBFT March 15, 2016 3/15

SLIDE 4

Overall Story

All services in the kernel

Vincent Rahli Deconstructing MinBFT March 15, 2016 4/15

SLIDE 5

Overall Story

Only keep the bare minimum in the kernel

Vincent Rahli Deconstructing MinBFT March 15, 2016 5/15

SLIDE 6

Overall Story

Build small/secure/verifiable components on top of Fiasco

Vincent Rahli Deconstructing MinBFT March 15, 2016 6/15

SLIDE 7

MinBFT

Byzantine fault-tolerant protocol similar to PBFT 2f ` 1 as opposed to 3f ` 1 in PBFT Uses a trusted counter (USIG)

Vincent Rahli Deconstructing MinBFT March 15, 2016 7/15

SLIDE 8

L4/Fiasco

Only program that runs in privileged processor mode Small: only has what cannot be implemented as the user level Provides memory isolation Selective trustworthiness (choose what to use at the user level)

Vincent Rahli Deconstructing MinBFT March 15, 2016 8/15

SLIDE 9

L4/Fiasco

Multi-processor support System calls using capabilities Communication through synchronized IPC calls L4RE (Runtime Environment) for application development

Vincent Rahli Deconstructing MinBFT March 15, 2016 9/15

SLIDE 10

Designed for Security

Small isolated verifiable components Easier/faster to restart Selective rejuvenation Small trusted base: L4/Fiasco

Vincent Rahli Deconstructing MinBFT March 15, 2016 10/15

SLIDE 11

Fast Recovery

Vincent Rahli Deconstructing MinBFT March 15, 2016 11/15

SLIDE 12

Verification

What guarantees do we get between VST & CompCert?

Vincent Rahli Deconstructing MinBFT March 15, 2016 12/15

SLIDE 13

Implementation

E.g., shared message buffer

Vincent Rahli Deconstructing MinBFT March 15, 2016 13/15

SLIDE 14

Progress so far

Designing BFT tasks at the Fiasco level Building and verifying a USIG C task

Vincent Rahli Deconstructing MinBFT March 15, 2016 14/15

SLIDE 15

Thank You!

We’re hiring

Vincent Rahli Deconstructing MinBFT March 15, 2016 15/15