Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enable Extreme Security with

Published byMonika Zemanová Modified over 5 years ago

Similar presentations

Presentation on theme: "Enable Extreme Security with"— Presentation transcript:

1 Enable Extreme Security with
DornerWorks Enable Extreme Security with seL4

2 GETTING STARTED Visit DornerWorks.com/sel4-microkernel
Learn more about seL4 Get the source code

3 PROBLEM How do you show security?

4 PROBLEM ‘Is this actually secure?’
The traditional approach uses very detailed design and penetration testing together. This often leads to a long development cycle of design, develop, pen. test, design fixes for bugs/vulnerabilities, develop, pen. test, etc. Even after you are ready for release, security vulnerabilities and bugs are often still discovered. This results in long term maintenance and providing customers with frequent security patches, leaving them to ask, "Is this actually secure?"

5 SOLUTION Formally proven seL4 microkernel

6 THE PROOF You can’t make these claims without a proof

7 THE PROOF Formally proven seL4 microkernel
The formal proof accomplishes the following: The binary code of the seL4 microkernel correctly implements the behavior described in its abstract specification and nothing more. This is important because it means that the following can't occur: Undefined behavior Memory leaks Buffer overflows Null pointer dereferences (Pointer errors in general) Arithmetic overflows and exceptions

8 THE PROOF Formally proven seL4 microkernel
The specification and the seL4 binary satisfy the classic security properties called integrity and confidentiality. Integrity means that data cannot be changed without permission, and confidentiality means that data cannot be read without permission. This is significant for any solution that requires extreme security and/or safety. These properties are the backbone for systems that rely on isolation. This makes seL4 an attractive solution for systems that may not have extreme security requirements, but still want proven isolation between separate software components. There is no way you could make these claims without proof.

9 VERIFIED HW Make the most of seL4

10 VERIFIED HARDWARE Make the most of the seL4 microkernel
The seL4 microkernel offers extreme security when deployed on a verified hardware platform Data61 developed seL4 to “provide a reliable, secure, fast, and verified foundation for building trustworthy systems.” Verified extreme security on the i.MX6 SOC Sabre Lite platform. Functionally correct security on the x64 PC99 (64-bit) and NVIDIA Tegra K1 TK1-SOM platforms. It works on ARM and x86 platforms as well (verification may not be available). DornerWorks has provided open source binary verification tools for the microkernel, and is expanding the seL4 ecosystem through key partnerships with organizations aligned with aerospace and defense.

11 OPEN SOURCE Formally proven seL4 microkernel

12 OPEN SOURCE Formally proven seL4 microkernel
Most solutions that already have a security certification have expensive licensing costs seL4 has no licensing costs and is free to use. The seL4 kernel is licensed under GPLv2 The seL4 libraries and tools are mostly licensed under BSD

13 OPEN SOURCE Formally proven seL4 microkernel
Open source software has many benefits Check out – “Open Source Software Can Enable These 9 Benefits in Your Technology Development” for more ideas

14 seL4 DESIGN Formally proven seL4 microkernel

15 seL4 DESIGN Formally proven seL4 microkernel
The proof of seL4 informs its design. Therefore, it is important to understand some of its less conventional implementations.

16 KERNEL VS. USER Formally proven seL4 microkernel

17 KERNEL VS. USER Formally proven seL4 microkernel
Kernel space and user space are well known concepts for all operating systems, but since seL4 is a microkernel, a specific approach is taken. The kernel is left as small as possible and components that would traditionally be in that space are pushed out to the user space. Examples: Device drivers Libraries Stacks

18 KERNEL VS.USER Formally proven seL4 microkernel

19 CAPABILITIES Formally proven seL4 microkernel

20 CAPABILITIES Formally proven seL4 microkernel
Capabilities are a mechanism that is used to grant access to specific resources in the system. The reason why capabilities form the basis of security in seL4 is the fact that the kernel keeps track of everything in the capability derivation tree and a capability is required for any operation on a kernel object. This prevents bad actor threads from gaining access to a resource in any other thread that they are not given access.

21 UNTYPED MEMORY Formally proven seL4 microkernel

22 UNTYPED MEMORY Formally proven seL4 microkernel
When seL4 boots, unused memory is given to the root thread. The application running as the root thread must “Re-Type” this memory as other kernel objects which can then be passed around to build up and architect the system. This is the building block for virtual memory spaces, capability spaces, thread control blocks, and other kernel objects.

23 ENDPOINTS & IPC Formally proven seL4 microkernel

24 ENDPOINTS Formally proven seL4 microkernel
Allow small amounts of data and capabilities to be transferred between two threads Invoked with seL4 kernel system calls Blocking and Non-Blocking choices Requires two threads to have the capability to the same endpoint

25 INTER-PROCESS COMMS Formally proven seL4 microkernel
The mechanism for thread-to-thread and thread-to-kernel communication. Messages can be sent to either an “Endpoint” or other kernel objects. Controlled by the kernel, so data only goes to where it is configured to go. Useful for communication data. Larger files should be transferred through other means, such as shared data.

26 seL4 KERNEL API Formally proven seL4 microkernel

27 seL4 KERNEL API Circumventing the API negates the proof
Formally proven seL4 microkernel To take advantage of the isolation and security properties offered by seL4, a system designer must utilize the API correctly. In order to build a secure system: Use primitives and mechanisms made available by the seL4 kernel Develop applications to adhere to seL4 system API calls Circumventing the API negates the proof

28 ARCHITECTING Formally proven seL4 microkernel

29 ARCHITECTING Formally proven seL4 microkernel
You can create isolated environments and dole out access to seL4 resources and mechanisms at this point, but there are other tools that help a system designer focus on high-level concepts: Data61 has developed CAmkES (Componentized Architecture for microkernel Embedded Systems) which allows you to think about your system as isolated components and connections. DornerWorks can help you architect a system either way and has experience porting applications running on FreeRTOS to CAmkES.

30 EXTREME SECURITY with mathematical proof

31 EXTREME SECURITY with mathematical proof
Stay ahead of costly, brand damaging cyber threats DornerWorks will help you fill in the gaps to enhance your security story. seL4 Center of Excellence Members: DornerWorks, Intelligent Automation, Inc. and US DARPA Mission: build up the seL4 ecosystem with an avenue for defense-focused product developers to work with a US-based company on implementing seL4 into their system.

32 UPCOMING EVENTS Supercharge your seL4 development

33 UPCOMING EVENTS Supercharge your seL4 development SAE Training Seminar
2-day seminar, March 7-8 Get to know seL4, its associated proof, and all of its software components Determine if seL4 is a good choice for your security solutions Develop and build basic seL4 applications Describe what the formal proof implies about seL4 Identify capability-based systems Future DornerWorks webinars TBA

34 KEEP IT GOING Continue the conversation on seL4

35 seL4 Communities Join us and expand the seL4 ecosystem LinkedIn
seL4 Microkernel Development and Engineering seL4 mailing list COMING SOON seL4 discourse group seL4 JIRA

36 Thank you! ENABLE EXTREME SECURITY WITH THE seL4 MICROKERNEL
Start your project today! to schedule a free consultation.

Download ppt "Enable Extreme Security with"

Similar presentations

Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Www.xtUML.org © 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.

© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Challenges in KeyStone Workshop Getting Ready for Hawking, Moonshot and Edison.

Challenges in KeyStone Workshop Getting Ready for Hawking, Moonshot and Edison.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)

1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)
Choosing a Formal Method Mike Weissert COSC 481. Outline Introduction Reasons For Choosing Formality Application Characteristics Criteria For A Successful.

Choosing a Formal Method Mike Weissert COSC 481. Outline Introduction Reasons For Choosing Formality Application Characteristics Criteria For A Successful.
If it’s not automated, it’s broken!

If it’s not automated, it’s broken!
Computer System Structures

Computer System Structures
Benefits of a Virtual SIL

Benefits of a Virtual SIL
Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.

Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.

SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Operating System Structures

Operating System Structures
Kernel Design & Implementation

Kernel Design & Implementation
Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir. A.C. Verschueren Eindhoven University of Technology Section of Digital.

Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir. A.C. Verschueren Eindhoven University of Technology Section of Digital.
Continuous Delivery- Complete Guide

Continuous Delivery- Complete Guide
Current Generation Hypervisor Type 1 Type 2.

Current Generation Hypervisor Type 1 Type 2.
Process Management Process Concept Why only the global variables?

Process Management Process Concept Why only the global variables?
cFE FSW at APL & FSW Reusability

cFE FSW at APL & FSW Reusability
IOT Critical Impact on DC Design

IOT Critical Impact on DC Design

Similar presentations

Ads by Google