Lecture 1 Page 1 CS 188, Winter 2011 Introduction CS 188 Secure Design for Embedded Systems Peter Reiher January 3, 2011
Lecture 1 Page 2 CS 188, Winter 2011 Purpose of Class To teach students about designing secure systems While also considering other important system requirements –Functionality –Power use Via actual system design
Lecture 1 Page 3 CS 188, Winter 2011 Description of Class General outline of class Prerequisites Grading Reading materials Office hours Web page
Lecture 1 Page 4 CS 188, Winter 2011 Outline of Class Not a lecture class –I’ll talk today and Wednesday, but no more lectures Based on actual design, building, and evaluation of a working system Using teams of students Working on assigned projects Grading based entirely on project elements
Lecture 1 Page 5 CS 188, Winter 2011 So What Will You Learn? Practical experience in designing systems with security goals Practical experience in designing systems for embedded platforms Practical experience in evaluating the power use of systems
Lecture 1 Page 6 CS 188, Winter 2011 How Will It Work? Teams of students will be assigned to one of five projects –4-5 students per team Each team will design and built a working system Presenting results at the end of the class
Lecture 1 Page 7 CS 188, Winter 2011 Choosing Projects I will present the five projects later today Each student will send an ordered list of the projects he prefers I will assign team members and projects –I’ll listen to particular appeals for team membership –But don’t guarantee I’ll agree to them
Lecture 1 Page 8 CS 188, Winter 2011 Class Activities Each team will meet with the professor and TA each week –To discuss progress and problems Teams will create and defend a design Teams will build to that design Teams will evaluate their prototype And present their results
Lecture 1 Page 9 CS 188, Winter 2011 The Design Platform The Intel ATOM –A popular platform for embedded systems –X86-based Running the Linux OS Augmented with special power- measurement capabilities
Lecture 1 Page 10 CS 188, Winter 2011 The LEAP Technology A power-measurement technology developed at UCLA –By Prof. William Kaiser Allows unprecedented detailed measurement of power use
Lecture 1 Page 11 CS 188, Winter 2011 The Atom LEAP Platform
Lecture 1 Page 12 CS 188, Winter 2011 Another View
Lecture 1 Page 13 CS 188, Winter 2011 More On LEAP LEAP allows energy measurement of individual system components Also allows measurement of power use by particular pieces of code –Controllable by the programmer
Lecture 1 Page 14 CS 188, Winter 2011 What Can You Measure? CPU power use Memory power use Disk power use Bridge power use Individual power costs for each component
Lecture 1 Page 15 CS 188, Winter 2011 Energy Calipers Technique used to measure power costs of particular code Essentially establishes a start and end point in code for measurement Gives power use of that code for each measured component
Lecture 1 Page 16 CS 188, Winter 2011 How Does It Work? An external DAQ samples power use A clock signal synchronizes the DAQ outputs and the energy calipers –Indicated when the code was entered and exited Since signals are synchronized, software can assign power to code –Sync granularity is 100 msec
Lecture 1 Page 17 CS 188, Winter 2011 LEAPFrog LEAP For Repetitive, Organized Gathering Tool to make experimentation with LEAP easier –Eases running multiple experiments –Better user interface for LEAP –Better formatting of results
Lecture 1 Page 18 CS 188, Winter 2011 Prerequisites CS111 (Operating Systems) CS 136 (Computer Security) If you aren’t familiar with this material, you’ll be at a disadvantage –Talk to me if you want to take this class, anyway Some knowledge of embedded systems won’t hurt
Lecture 1 Page 19 CS 188, Winter 2011 Teaching Assistant Peter Peterson No formal recitation sections But will work closely with students on the Atom LEAPs Will also work with me on group meetings Office hours: TBA
Lecture 1 Page 20 CS 188, Winter 2011 Grading All based on projects No tests, no homeworks Project design – 20% Weekly updates (weeks 2-9) – 40% Final presentation – 10% Final report – 30%
Lecture 1 Page 21 CS 188, Winter 2011 Class Format Few lectures –Today, we talk about the class organization –Wednesday, we talk about evaluation issues Group presentation in last week No class meetings in weeks 2-9
Lecture 1 Page 22 CS 188, Winter 2011 Weekly Group Meetings One hour meeting every week for each group Some during scheduled hours Others at mutual convenience With professor and TA Attendance is mandatory for all group members
Lecture 1 Page 23 CS 188, Winter 2011 What Happens at the Group Meetings? Each is a research meeting for that group To present and discuss design and implementation issues To update professor on progress
Lecture 1 Page 24 CS 188, Winter 2011 Your Basic Schedule Week 1: Choose projects Week 2-3: Design your project and security evaluation of its design Week 4-7: Implementation of project Week 8-9: Performance, power, security evaluation of project Week 10: Present your project
Lecture 1 Page 25 CS 188, Winter 2011 Reading Materials No required reading materials There’s one copy of an Atom book that I can share with the class Some materials related to the projects produced by Peter Peterson Other materials made available on web site
Lecture 1 Page 26 CS 188, Winter 2011 Office Hours MW 2-3 Held in 3532F Boelter Hall Other times available by prior arrangement Above and beyond weekly group meetings
Lecture 1 Page 27 CS 188, Winter 2011 Class Web Page Slides for lectures will be posted there –But there are only two lectures –In 6-up PDF form or Powerpoint Schedule for group meetings posted there Materials for using Atom LEAPS there
Lecture 1 Page 28 CS 188, Winter 2011 Why a Class on Secure Software Design? Software is usually designed to meet some particular need That need is usually not security- related But software designed without considering security won’t be secure –And it won’t be easy to fix that
Lecture 1 Page 29 CS 188, Winter 2011 How Do You Learn Secure Design? Primarily by doing it There are some principles and approaches that help But you really only get there through practice You’re going to get some practice here
Lecture 1 Page 30 CS 188, Winter 2011 The Tricky Thing About Security Design Again, the primary goal of the software isn’t to be secure It has to meet functionality goals first And performance goals And, for embedded systems, power goals AND it has to be secure A classic example of engineering tradeoffs
Lecture 1 Page 31 CS 188, Winter 2011 So What Will You Be Doing? You’ll be assigned one of five projects –All security related You’ll design software to solve a problem You’ll implement that software on the ATOM You’ll use LEAP to investigate its power properties
Lecture 1 Page 32 CS 188, Winter 2011 The zPad A fictional project to develop a power- aware highly secure pad computer Atom is a reasonable hardware platform for it –Linux is underlying software You will work on important pieces of the system
Lecture 1 Page 33 CS 188, Winter 2011 The Five Projects CryptoFlex PowerZone OffLoading ElectricSandbox CryptoDisk
Lecture 1 Page 34 CS 188, Winter 2011 CryptoFlex Alter crypto used for network transmissions Based on power status and security posture Reduce crypto strength when power is low Prioritize use of crypto among different transmissions to minimize power use Students build part of system that makes decisions and alters crypto accordingly
Lecture 1 Page 35 CS 188, Winter 2011 PowerZone Depending on threat level and power status, allow security apps to alter behavior –E.g., firewalls and antivirus software –Delaying scans, prioritizing operations, etc. General interface for apps to make these decisions Build general framework and two sample apps using it
Lecture 1 Page 36 CS 188, Winter 2011 OffLoading Certain security-related operations use a lot of power –E.g., PK authentication Could offload some operations to a server –Which would require wireless transmissions, which also burn power When will this win? Investigate this idea and build framework to test when it wins and loses
Lecture 1 Page 37 CS 188, Winter 2011 ElectricSandbox Untrusted code can be run in a sandbox to provide greater protection But at what power cost? –Different sandboxing approaches might have different costs Design basic sandboxing systems and investigate power costs of running them
Lecture 1 Page 38 CS 188, Winter 2011 CryptoDisk Data can be protected on disk via full-disk encryption –Which can be done in hardware or software Which is more suitable for this kind of device? Build software full disk encryption and investigate performance costs of SW and HW full disk encryption
Lecture 1 Page 39 CS 188, Winter 2011 Common Elements of Projects All require design All require software implementation All require security evaluation All require performance evaluation All require energy use evaluation
Lecture 1 Page 40 CS 188, Winter 2011 Security Design All five projects are security related But it’s equally important that the systems you build are secure –In design and implementation Requires attention to secure design and coding techniques And security evaluations
Lecture 1 Page 41 CS 188, Winter 2011 Evaluating Your Systems Must evaluate your system for functionality, performance, power, and security Each is different kind of evaluation –And each particular to the project But all require experimentation –Some material on that presented next class