Towards Availability and Real-Time Architectures G uarante es for - - PowerPoint PPT Presentation

Towards Availability and Real-Time Guarantees for Protected Module Architectures

Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg‏ and Frank Piessens

Towards Availability and Real-Time Guarantees for Protected Module Architectures

Jo Van Bulck, Job Noorman, Jan T

• bias Mühlberg‏ and

Frank Piessens March 14, 2016

2

“Embedded-systems security is, for lack of a better word, a mess.”

– John Vieg‏a & Hug‏h Thompson

VIEGA John, THOMPSON Hug‏h, The state of embedded-device security (spoiler alert: It's bad), IEEE Security & Privacy (10.5), September 2012, pp. 68-70.

3

Motivation: Embedded Systems Security

Embedded

• Low-cost, low-power
• Mixed-criticality context

=> Single-address-space Conventional

• Resource-intensive
• General-purpose

=> MMU/MPU => Kernel mode <> TCB reduction

KOEBERL, Patrick, et al. Trustlite: A security architecture for tiny embedded devices. EuroSys. ACM (2014). MCKEEN, Frank, et al. Innovative instructions and software model for isolated execution. HASP@ ISCA. 2013.

4

Roadmap

• 1. Protected Module Architectures
• 2. Research Objectives
• 3. Interruptible Isolated Execution
• 4. Secure Multithreading‏
• 5. Conclusion

5

Protected Module Architectures

STRACKX Raoul et al., Protected Software Module Architectures, ISSE 2013 Securing‏ Electronic Business Processes, Spring‏er Fachmedien Wiesbaden, 2013, pp. 241-251.

• Isolated execution areas in a sing‏le-

address-space

6

Protected Module Architectures

STRACKX Raoul et al., Protected Software Module Architectures, ISSE 2013 Securing‏ Electronic Business Processes, Spring‏er Fachmedien Wiesbaden, 2013, pp. 241-251.

• Isolated execution areas in a sing‏le-

address-space

• Program counter based access

control mechanism

7

Protected Module Architectures

STRACKX Raoul et al., Protected Software Module Architectures, ISSE 2013 Securing‏ Electronic Business Processes, Spring‏er Fachmedien Wiesbaden, 2013, pp. 241-251.

PC

• Isolated execution areas in a sing‏le-

address-space

• Program counter based access

control mechanism

8

Protected Module Architectures

STRACKX Raoul et al., Protected Software Module Architectures, ISSE 2013 Securing‏ Electronic Business Processes, Spring‏er Fachmedien Wiesbaden, 2013, pp. 241-251.

• Isolated execution areas in a sing‏le-

address-space

• Program counter based access

control mechanism

• Secure fully abstract compilation

9

Sancus PMA

NOORMAN Job et al., Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base, Proceeding‏s of the 22nd USENIX conference on Security symposium, 2013, pp. 479-494.

• Zero-software TCB

→ extended openMSP430 instruction set

10

Sancus PMA

NOORMAN Job et al., Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base, Proceeding‏s of the 22nd USENIX conference on Security symposium, 2013, pp. 479-494.

• Zero-software TCB

→ extended openMSP430 instruction set

• SM == unit of isolation + authentication

→ remote attestation / secure linking → hardware cryptog‏raphic key and ID per SM

11

Sancus PMA

NOORMAN Job et al., Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base, Proceeding‏s of the 22nd USENIX conference on Security symposium, 2013, pp. 479-494.

• Zero-software TCB

→ extended openMSP430 instruction set

• SM == unit of isolation + authentication

→ remote attestation / secure linking → hardware cryptog‏raphic key and ID per SM

• Dedicated secure C compiler

→ g‏enerates sm_entry/exit asm stubs

12

13

Contents

• 1. Protected Module Architectures
• 2. Research Objectives
• 3. Interruptible Isolated Execution
• 4. Secure Multithreading‏
• 5. Conclusion

14

Research Objectives

PMAs assume the presence of an attacker:

☺ HW-enforced SM confjdentiality / integrity ☹ no availability guarantees => concurrent execution of isolated threads via an unprivileged preemptive scheduler

15

Contents

• 1. Protected Module Architectures
• 2. Research Objectives
• 3. Interruptible Isolated Execution
• 4. Secure Multithreading‏
• 5. Conclusion

16

Interruptible and Reentrant SMs

IVT SMISR Code ... SMA Code ... SMISR Data ... SMA Data ... Memory Register File

call stack

...

Current SM = SMA Previous SM = x R0 = PC R1 = SP R2 = SR R3 = cst R4 = general ... R15 = general

17

Interruptible and Reentrant SMs

IVT SMISR Code ... SMA Code ... SMISR Data ... SMA Data ... R0 = PC R1 = SP R2 = SR R3 = cst R4 = general ... R15 = general Memory Register File

call stack

...

IRQ Current SM = SMA Previous SM = x

18

Interruptible and Reentrant SMs

IVT SMISR Code ... SMA Code ... SMISR Data ... SMA Data ... R0 = PC R1 = 0x0 R2 = 0x0 R3 = cst R4 = 0x0 ... R15 = 0x0 Memory Register File

call stack

IRQ

PC SR R15 ... R4 ...

SPA

Current SM = SMA Previous SM = x

19

Interruptible and Reentrant SMs

IVT SMISR Code ... SMA Code ... SMISR Data ... SMA Data ... R0 = PC R1 = 0x0 R2 = 0x0 R3 = cst R4 = 0x0 ... R15 = 0x0 Memory Register File

call stack

PC SR R15 ... R4 ...

SPA

Current SM = SMISR Previous SM = IRQ

sm_entry.s

20

Discussion / Future Work

=> Zero-software TCB for SM conf / int

• Atomicity constraints (secure compilation)

→ deterministic interrupt latency → TOCTOU: callee authentication → sm_entry: restore SP, caller authentication

21

Discussion / Future Work

=> Zero-software TCB for SM conf / int

• Atomicity constraints (secure compilation)

→ deterministic interrupt latency → TOCTOU: callee authentication → sm_entry: restore SP, caller authentication

• Untrusted ISRs: integ‏rity of reti fmow

22

Contents

• 1. Protected Module Architectures
• 2. Research Objectives
• 3. Interruptible Isolated Execution
• 4. Secure Multithreading‏
• 5. Conclusion

23

Traditional Multithreading‏ vs. PMA

Synchronous control fmow in address space → unit of threading >> SM → inter-SM call/return integrity → compiler-g‏enerated sm_entry stubs

SM_Bar SM_Foo SM_A 1.1.1: illeg‏al return to A 1.1: call_bar 1: call_foo

24

Protected FreeRTOS Scheduler

• Interleaved execution of multiple threads

→ cooperative prototype: yield()

25

Protected FreeRTOS Scheduler

• Interleaved execution of multiple threads

→ cooperative prototype: yield()

• Unprivileged: scheduling‏ decision only

→ store “return address” to continue thread → protected scheduler state

26

Protected FreeRTOS Scheduler

• Interleaved execution of multiple threads

→ cooperative prototype: yield()

• Unprivileged: scheduling‏ decision only

→ store “return address” to continue thread → protected scheduler state

• Secure linking: sm_entry violation report

27

Threading‏-aware SMs

SM_foo SM_bar SM_sched 9: ... 8: continue 1: ... 7: yield_g‏et_next 6: yield 5: return busy 4: cur_thr_id 3: g‏et_cur_thr_id 2: call_foo

28

Discussion / Future Work

=> Isolated cross-SM control fmow threads Scheduling‏ policy encapsulation SMs g‏uard internal consistency

29

Discussion / Future Work

=> Isolated cross-SM control fmow threads Scheduling‏ policy encapsulation SMs g‏uard internal consistency Future work:

→ preemptive FreeRTOS → SM-internal multithreading‏ → asynchronous inter-thread communication

30

Contents

• 1. Protected Module Architectures
• 2. Research Objectives
• 3. Interruptible Isolated Execution
• 4. Secure Multithreading‏
• 5. Conclusion

31

Conclusion

=> Strong availability (real-time) guarantees

• n a partially compromised platform
• Confjned and explicit TCB

→ HW-only for SM conf / int → SW layer: principle of least privilege

• Secure compilation in preemptive context

Towards Availability and Real-Time Guarantees for Protected Module Architectures

Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg‏ and Frank Piessens

Towards Availability and Real-Time Guarantees for Protected Module Architectures

Jo Van Bulck, Job Noorman, Jan T

• bias Mühlberg‏ and

Frank Piessens

https://distrinet.cs.kuleuven.be/software/sancus/