SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED - - PowerPoint PPT Presentation

securify a compositional approach of building security
SMART_READER_LITE
LIVE PREVIEW

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED - - PowerPoint PPT Presentation

Nov 17, 2023 281 likes •422 views

1 SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Securify Architecture Reasoning with Untrusted Components

slide-1
SLIDE 1

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

1

Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018

slide-2
SLIDE 2

2

Securify Approach

OS / Micro Kernel Applications Libraries Hardware Hardware-aided Dynamic Security Analysis

Secure Micro- Kernel Verification Automatic Program Verification Model-based Secure Code Generation Security- Enhanced Library Verification Runtime Security Verification Hardware Verification

Compositional Security Reasoning with Untrusted Components

Securify Architecture

slide-3
SLIDE 3

Research Highlights

  • Detection of errors in the ARINC-653 standard for safety of

partitioning systems.

  • Recognized by the ARINC-653 Committee and revised

according to our proposed fixes.

  • Multi-Core separation micro-kernel Verification
  • Building demos using the verified micro-kernels
  • Library Verification and Safe Code Generation
  • Collaboration on generating secure libraries for Linux kernel and

critical components in autonomous vehicles

  • Runtime verification
  • Attack detection in CANBUS and Android for malware detection
  • Vulnerability Reported
  • 100+ CVE reported in commercial software with 100K USD bug

bounties

3

slide-4
SLIDE 4

4

High Assurance Systems Internet of Things Embedded Systems

Smart Home Aerospace Medical Devices Smart Nation ITS Defense Communication Devices Banking Devices

Fault Contemption Attack Isolation Foundational Secure Architecture Dynamic Monitoring Isolated Critical back- ends from Non-secure Front-ends

slide-5
SLIDE 5

Approaching Devices Security by Construction

5

Current Non-secure Architecture Proposed Secure Architecture HW Linux (Monolithic Kernel)

  • Drivers (Bugs)
  • Libraries (Bugs)
  • Security Mechanisms (NX, ASLR, etc.) (Bugs)
  • Control Access Mechanisms (Bugs).

Processes

Call to Buggy System/Library

HW Separation Micro-Kernel

Necessary and Sufficient set of verified services providing Spatial and temporal isolation

Security Monitor

Runtime monitor for dynamic security

Processes

Truly Isolated

Functional and memory safety correctness using safe code generation from specification

slide-6
SLIDE 6

Approaching Devices Security by Construction

6

HW Verified Separation Micro-Kernel

Necessary and Sufficient set of verified services providing Spatial and temporal isolation

Illegal System Call Legal System Call

Security Monitor

Runtime monitor for dynamic security

Verified Kernel Interface

Scheduling Actions Communication Actions Process Actions

slide-7
SLIDE 7

Monolithic Approach in AV

7

CAN BUS

Brake ECU Steering ECU Acceleration ECU

Self-Driving System User Interface Linux

GPS Driver CAN adaptor Driver Camera Driver WiFi Driver Bluetooth Driver

slide-8
SLIDE 8

Monolithic Approach in AV

8

CAN BUS

Brake ECU Steering ECU Acceleration ECU

Self-Driving System Vulnerable User Interface Linux

GPS Driver CAN adaptor Driver Camera Driver WiFi Driver Bluetooth Driver

CAN BUS easily accessible AV easy to hijack!!!

slide-9
SLIDE 9

A separation approach for AV Security

9

Separation Micro-Kernel CAN BUS

Brake ECU Steering ECU Acceleration ECU

CAN adaptor Driver

Self-Driving System

Camera Driver WiFi Driver Bluetooth Driver GPS Driver

Malicius User Interface Security Monitor

Isolated Components

  • Malicious Agents

do not have access to other domains

slide-10
SLIDE 10

A separation approach for AV Security

10

Separation Micro-Kernel CAN BUS

Brake ECU Steering ECU Acceleration ECU

CAN adaptor Driver

Self-Driving System

Camera Driver WiFi Driver Bluetooth Driver GPS Driver

Malicius User Interface Security Monitor

Verified Micro Kernel ensures that there are no kernel exploits able to affect the information flow.

slide-11
SLIDE 11

A separation approach for AV Security

11

Separation Micro-Kernel CAN BUS

Brake ECU Steering ECU Acceleration ECU

CAN adaptor Driver

Self-Driving System

Camera Driver WiFi Driver Bluetooth Driver GPS Driver

Malicius User Interface Security Monitor

Indirect access can be controlled:

  • limited

communication in the channel

  • Security Monitor

can control the information sent between domains

slide-12
SLIDE 12

Summary

12

  • Securify provides a secure architecture by construction with a

verified secure Separation kernel and run-time monitoring for dynamic security.

  • Separation Kernel provides a secure architecture for high

assurance systems.

  • Security can be enhanced with a trusted privileged system run-

time monitor.

  • Securify foundations can be used to provide a secure

architecture for IoT devices and IST, which naturally fixes most

  • f the problems of monolithic approaches.
slide-13
SLIDE 13

Thanks for your attention!

13