Presentation is loading. Please wait.

Presentation is loading. Please wait.

White-box Software Isolation with Fully Automated Black- box Proofs Jiaqi Tan Rajeev Gandhi, Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon.

Published byMaude Rogers Modified over 9 years ago

Similar presentations

Presentation on theme: "White-box Software Isolation with Fully Automated Black- box Proofs Jiaqi Tan Rajeev Gandhi, Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon."— Presentation transcript:

1 White-box Software Isolation with Fully Automated Black- box Proofs Jiaqi Tan Rajeev Gandhi, Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon University FMCAD 2015 Student Forum

2 Motivation Software Isolation Safety property of software: External user input cannot subvert and control software execution Ensures software is safe from potentially malicious input Where is it important? Safety-critical systems e.g., medical devices, avionics, cars Lack of isolation  Security vulnerabilities  Potentially catastrophic accidents Why White-box Isolation? Safety-critical systems: Need high-assurance Programmers need to see what safety-checks are doing Why Black-box Proofs? Many connected, potentially safety-critical Internet-of-Things devices  Many programmers writing code for such devices Need fully-automated, black-box (no expert input) proofs Jiaqi Tan © September 15http://www.pdl.cmu.edu/2

3 Black-Box Software Isolation Proofs Jiaqi Tan © September 15http://www.pdl.cmu.edu/3 Machine -code Source- code (e.g., C) Compilation void arraycopy(int *src, int *dst, int n) { unsigned int i; for (int i = 0; i < n; i++) { dst[i] = src[i]; } Computed memory write target: Dangerous Source-code Machine-code Key Insight 1: Potential isolation violations evident in machine-code  We can automate isolation proofs in machine-code

4 White-Box Software Isolation: Locations Jiaqi Tan © September 15http://www.pdl.cmu.edu/4 Machine -code Source- code (e.g., C) Compilation void arraycopy(int *src, int *dst, int n) { unsigned int i; for (int i = 0; i < n; i++) { dst[i] = src[i]; } Computed memory write target: Dangerous Debug information helps us resolve this (for unoptimized code) Source-code Machine-code Key Insight 2: We can identify source-code locations from machine-code addresses for potential isolation violations

5 White-Box Software Isolation: Hints for Remedies Jiaqi Tan © September 15http://www.pdl.cmu.edu/5 Source-code Machine-code void arraycopy (int *src, int *dst, int n) { unsigned int i; for (i = 0; i < n; ++i) { dst[i] = src[i]; } #define SAFE(array,idx) = …… if (SAFE(dst,i)) { }.... (safety check code).......... e1a02102 lsl r2, r2, #2 e51b1010 ldr r1, [fp, #-16] e0812002 add r2, r1, r2 e5922000 ldr r2, [r2] e50b3008 str r2 [r3] e51b3008 ldr r3, [fp, #-8] e2833001 add r3, r3, #1 e50b3008 str r3, [fp, #-8] e51b2018 ldr r2, [fp, #-24]...... Provides logic preconditions needed: Proves dangerous instruction is safe to run Compilation Machine- code Source-code (e.g., C) Compilation Key Insight 3: We can write code, SAFE(dst,i), which gives us the necessary logic pre-conditions for provable isolation

6 Visualization of Approach Jiaqi Tan © September 15http://www.pdl.cmu.edu/6 Machine- code Source-code (e.g., C) Software Isolation Proof Generation (AUSPICE) [1] Software Isolation Remedy Hint Generation Software isolation violations manifest in machine- code behavior  Prove isolation in machine- code Programmers can only observe this level of abstraction  Isolation enforcement mechanisms must be in source-code Compilation Safety Proof of Isolation Proof Success Proof Failure Hints for source- code remedies for safety violations Machine-code Addresses Responsible for Proof- Failure Programmer applies hints HOL4 and Cambridge ARM Logic [2] LLVM-Clang Tooling

7 References [1] Jiaqi Tan, Hui Jun Tay, Rajeev Gandhi, Priya Narasimhan. AUSPICE: Automatic Safety Property Verification for Unmodified Executables. In Working Conference on Verified Software: Tools, Theories and Experiments (VSTTE), July 2015. [2] Magnus Myreen, Anthony Fox, Michael Gordon. Hoare Logic for ARM Machine Code. In Fundamentals of Software Engineering (FSEN), 2007. Jiaqi Tan © September 15http://www.pdl.cmu.edu/7

Download ppt "White-box Software Isolation with Fully Automated Black- box Proofs Jiaqi Tan Rajeev Gandhi, Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Vulnerabilities in Embedded Harvard Architecture Processors Presented By: Michael J. Hohnka Cyber Vulnerabilities Lead Cyber Innovation Division Communications,

Vulnerabilities in Embedded Harvard Architecture Processors Presented By: Michael J. Hohnka Cyber Vulnerabilities Lead Cyber Innovation Division Communications,
Slides created by: Professor Ian G. Harris Efficient C Code  Your C program is not exactly what is executed  Machine code is specific to each ucontroller.

Slides created by: Professor Ian G. Harris Efficient C Code  Your C program is not exactly what is executed  Machine code is specific to each ucontroller.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
Starting Out with C++, 3 rd Edition 1 Chapter 1. Introduction to Computers and Programming.

Starting Out with C++, 3 rd Edition 1 Chapter 1. Introduction to Computers and Programming.
Cleanroom Engineering and the B-Method: A Comparison Drew Connelly.

Cleanroom Engineering and the B-Method: A Comparison Drew Connelly.
OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.

OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.
1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.

1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.

Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen.

JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen.
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

Similar presentations

Ads by Google