Supporting Security at the Gate Level: Opportunities and Misconceptions Tim Sherwood UC Santa Barbara.

Slides:



Advertisements
Similar presentations
1 Complete Information Flow Tracking from the Gates Up Tiwari, Wassel, Mazloom, Mysore, Chong, Sherwood, UCSB, ASPLOS 2009 Shimin Chen LBA Reading Group.
Advertisements

Emmett Witchel Krste Asanović MIT Lab for Computer Science Hardware Works, Software Doesn’t: Enforcing Modularity with Mondriaan Memory Protection.
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha.
Computer Abstractions and Technology
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
CS 325: Software Engineering January 13, 2015 Introduction Defining Software Engineering SWE vs. CS Software Life-Cycle Software Processes Waterfall Process.
PART 4: (2/2) Central Processing Unit (CPU) Basics CHAPTER 13: REDUCED INSTRUCTION SET COMPUTERS (RISC) 1.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
11/14/05ELEC Fall Multi-processor SoCs Yijing Chen.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Scheduling Reusable Instructions for Power Reduction J.S. Hu, N. Vijaykrishnan, S. Kim, M. Kandemir, and M.J. Irwin Proceedings of the Design, Automation.
Chapter 13 Embedded Systems
CS 300 – Lecture 2 Intro to Computer Architecture / Assembly Language History.
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
CprE 458/558: Real-Time Systems
EE694v-Verification-Lect5-1- Lecture 5 - Verification Tools Automation improves the efficiency and reliability of the verification process Some tools,
Introduction to Software Testing
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
An Overview of Virtual Machine Architectures by J.E. Smith and Ravi Nair presented by Sebastian Burckhardt University of Pennsylvania CIS 700 – Virtualization.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Advances in Language Design
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Slide 1 Copyright © 2003 Encapsule Systems, Inc. Hyperworx Platform Brief Modeling and deploying component software services with the Hyperworx™ platform.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Hardware Trust Implications of 3-D Integration Ted Huffmire (NPS), Timothy Levin (NPS), Michael Bilzor (NPS), Cynthia E. Irvine (NPS), Jonathan Valamehr.
Emerging Technologies: A CompSci Perspective UC SANTA BARBARA Tim Sherwood.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Levels of Architecture & Language CHAPTER 1 © copyright Bobby Hoggard / material may not be redistributed without permission.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.
PRESENTED BY :BIREN KUMAR SAMAL ADMISSION NO:22I&E/2000.
SJSU SPRING 2011 PARALLEL COMPUTING Parallel Computing CS 147: Computer Architecture Instructor: Professor Sin-Min Lee Spring 2011 By: Alice Cotti.
PhD Defense Mohit Tiwari University of California, Santa Barbara Design and Verification of Information Flow Secure Systems.
Spring 2003CSE P5481 VLIW Processors VLIW (“very long instruction word”) processors instructions are scheduled by the compiler a fixed number of operations.
Chapter 1 Computer Abstractions and Technology. Chapter 1 — Computer Abstractions and Technology — 2 The Computer Revolution Progress in computer technology.
System-level power analysis and estimation September 20, 2006 Chong-Min Kyung.
Computer Architecture 2 nd year (computer and Information Sc.)
MK++ A High Assurance Operating System Kernel Shai Guday David Black.
CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.
Introduction Why are virtual machines interesting?
Simultaneous Information Flow Security and Circuit Redundancy in Boolean Gates Ryan Kastner Department of Computer Science & Engineering.
What’s Ahead for Embedded Software? (Wed) Gilsoo Kim
Chapter 1 Basic Concepts of Operating Systems Introduction Software A program is a sequence of instructions that enables the computer to carry.
Software Systems Division (TEC-SW) ASSERT process & toolchain Maxime Perrotin, ESA.
A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.
Homework Reading Machine Projects Labs
CSCE 548 Secure Software Development Risk-Based Security Testing
Support for Program Analysis as a First-Class Design Constraint in Legion Michael Bauer 02/22/17.
Definition CASE tools are software systems that are intended to provide automated support for routine activities in the software process such as editing.
ECE354 Embedded Systems Introduction C Andras Moritz.
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
Microarchitecture.
Microprocessor and Assembly Language
runtime verification Brief Overview Grigore Rosu
Foundations of Computer Science
CSCI1600: Embedded and Real Time Software
Introduction to Software Testing
A High Performance SoC: PkunityTM
An Overview of Virtual Machine Architectures
Software Verification, Validation, and Acceptance Testing
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
CSCI1600: Embedded and Real Time Software
Chapter 4 The Von Neumann Model
Presentation transcript:

Supporting Security at the Gate Level: Opportunities and Misconceptions Tim Sherwood UC Santa Barbara

Sketchy Assumption #1 Anything that doesnt run x86, or an existing general purpose operating system, or allow the full generality of a systems we have today, is not important.

Software Everywhere critical infrastructure increasingly connected to the web (200,000 ICD/year in US alone) ability to run windows is not a bar for archiecture

Boeing 787 has shared ARINC 629 bus Flight Control Network Passenger Network Doing it right today is expensive The proposed architecture of the 787 […] allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. FAA, 14 CFR Part 25 [Docket No. NM364] High-Assurance Systems need to be verifiably: Secure, Reliable, and Predictable

Assurance Evaluation Complexity RedHat Linux: Best Effort Safety (EAL 4+) o $30-$40 per LOC Integrity RTOS: Design for Formal Evaluation (EAL 6+) o $1,000 per LOC o More evaluation of process, not end artifact Need ways to understand the artifact o Lots of great work already here at the software layer o Why should hardware people get involved?

Hardware Scaling The Good: Processing Capabilities are Scaling o more cores / chip o faster performance through speculation, prediction, caching, parallelism o allows for deeper system integration, custom functionality, and more feature rich software to run everywhere The Bad: Increasingly Coupled Subsystems o predictors, caches, buffers, parallelism lead to complex timing variations and complicated definitions of correctness o systems are increasingly coupled The Ugly: System Complexity Growing o evaluation complexity growing dramatically o Architectures are working AGAIST us here Core Predictors and Hidden State Special Purpose Logic / Interconnect

Sketchy Assumption #2 All hardware is fully correct, it is software only that is the problem! Reality: o Definition of correct is hard. Any model of what the machines does is wrong ( ISA, simple models ) o Processors have bugs o How do we know what the effect of the hardware implementation will have on software properties?

Properties Cross Abstractions Security, Realtime, and Safety properties are a function of interactions across levels of abstraction make evaluation, debugging, optimization, and analysis very difficult Applications Language Logic Gates Microarchitecture Instruction Set Compiler/OS Security Properties

SketchyAssumption #3 Well, it is impossible to say anything about the system properties (including software) at the hardware level. Especially if there are bugs. Reality: o Hardware sits below all of the software system definition. o Provides a way to unify timing channels, implicit flows, explicit flows o Sound but not perfectly precise, you give things up due to the semantic gap o Basic science required!

Hardware Design for Software Security Verification Applications Language Logic Gates Microarchitecture Instruction Set Compiler/OS Security Properties Instr Mem +4 jump target R1 R2 through decode PC Predicate s Reg File old value Data Memory hig h low Lease Unit Timer PC Memory timer expired? Restore PC Sound Information Flow Analysis Hardware/Software Design for Verifiable Security

Formalization of Information Flow Trusted vs. Untrusted Tasks o Trusted: processes which are critical to the correct functionality of the space vehicle systems o Untrusted: mission processes, diagnostics, anything whose malfunction will not cause a vehicle loss Enforce the property of non-interference: o Verify information never flows from high to low. o Untrusted information is never used to make critical (trusted) decisions nor to determine the schedule (real-time) Technique for general lattice policies o e.g. Secret = High, Unclassified = Low router X passenger avionics

Formalizing Information Flow ab o ba o b t t a t Automatically generate logic that tracks labels Tracking Logic is compositional Captures timing channels, and real time constraints Security Constraints can be expressed and hardware assertions Mohit Tiwari, Hassan Wassel, Bita Mazloom, Shashidhar Mysore, Frederic Chong, and Timothy Sherwood. Complete Information Flow Tracking from the Gates Up Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March Washington, DC Jason Oberg, Wei Hu, Ali Irturk, Mohit Tiwari, Timothy Sherwood and Ryan Kastner Theoretical Analysis of Gate Level Information Flow Tracking, Proceedings of the 47th Design Automation Conference (DAC), June 2010.

Shadow Logic Composition ba o s t o asa t t s bsb t t s a b s o

Sketchy Assumption #4 Look at all those gates! Gate level techniques will kill your performance and efficiency! Reality: o You only need hardware to help with dynamic checks. o This shadow hardware can be used for static analysis

GLIFT Verification Flow Digital Design 1011 clock test inputs stat e output 01 Specification of unknown bits 1. Abstraction 10 clock abstract inputs state abstract output ** a a a 10 state input ** * 1 Abstract Design 2. Augmentation 1 0 clock labeled inputs state labeled output * L L L T T U U * U U 1 U T * U T Information flow lattice Augmented Design This is analysis, what about design?

Brief History Rev 1: Provable properties (but miserable to program) Rev 2: Execution Leases Rev 3: Full prototype system (with partitionable caches, pipelining, IO, etc.) Rev 4: Multiprocessor with NoC Rev 5: ???

Cross-University Laboratory for Trustworthy Embedded Systems Applications Language Logic Gates Architecture Compiler/OS Kastner, UCSD Chong, UCSB Sherwood, UCSB Hardekopf, UCSB Bultan, UCSB Metodi, Aerospace Irvine, NPS Huffmire, NPS Analysis Verification

Thank you to the students! Ali Irturk, Bita Mazloom, Cynthia Irvine, Dejun Mu, Hassan Wassel, Jason Oberg, Jonny Valamehr, Mohit Tiwari, Vineeth Kashyap, Wei Hu, Xun Li, Ying Gao, Varun Jain

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.