system security integration through hardware and ... - darpa2015 mitre-recorded hardware...

Distribution Statement A – Approved for Public Release, Distribution Unlimited www.darpa.mil System Security Integration Through Hardware and Firmware (SSITH) Eliminate hardware vulnerabilities • Many cyber attacks are software exploiting hardware vulnerabilities • SSITH closes hardware loopholes by restricting system to allowed states • Verified using formal methods SSITH Performers SSITH Technical Approach Charles Stark Draper Lab SRI International Massachusetts Institute of Technology University of California, San Diego University of Michigan Lockheed Martin RMS Background Galois, Inc. Prime POC Charles Stark Draper Laboratory Arun Thomas [email protected] Lockheed Martin RMS Jim Eiche [email protected] MIT Adam Chlipala [email protected] SRI International Robert Watson [email protected] UC San Diego Dean M. Tullsen [email protected] University of Michigan Todd Austin [email protected] Galois, Inc. Joe Kiniry [email protected] Electronic Systems Need Better Hardware Protection SSITH eliminates whole classes of hardware vulnerabilities and will address current and future vulnerabilities Today: Patch and Pray Tomorrow: SSITH * 2800 vulnerability instances 2800 software patches SSITH will protect against all 7 hardware classes * 2015 MITRE-recorded hardware vulnerabilities Technical Approach Automated system security metrics framework and tools; objective analysis; uses formal methods; GFE IP development and support: RISC-V baseline for evaluation. Technical Approach Tags on every word of data and every instruction implement bounds checking and permissions; encapsulation; formal methods to verify security; security architecture extended to DMA engines Technical Approach Hardware security compiler with end-to- end formal verification; generic support for tagging policies; compartmentalized secure enclaves. Technical Approach Anti-fragility approach learns from attacks; machine learning based on Hardware Performance Registers; efficient X86 implementation leveraging micro-ops. Technical Approach High entropy (hard to hack) plus rapid churning (no time to exploit) to mediate “undefined semantics”; tagging; encryption; relocation of memory areas. Technical Approach Combination of efficient tagging, fenced regions, protection domains, per-thread keying, and memory encryption; security hardware in parallel with CPU; No source changes (binary analysis). Technical Approach Every word has metadata + every instruction is checked based on flexible security micro-policies defined in software (DSL); compartmentalization; PPASS workbench. PM: Linton Salmon DARPA/MTO Design & Security

Upload: others

Post on 10-Feb-2021

2 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Distribution Statement A – Approved for Public Release, Distribution Unlimited

www.darpa.mil

System Security Integration Through Hardware and Firmware (SSITH)

Eliminate hardware vulnerabilities• Many cyber attacks are software

exploiting hardware vulnerabilities• SSITH closes hardware loopholes by

restricting system to allowed states• Verified using formal methods

SSITH Performers SSITH Technical Approach

Charles Stark Draper Lab SRI International Massachusetts Institute of Technology

University of California, San DiegoUniversity of MichiganLockheed Martin RMS

Background

Galois, Inc.

Prime POC

Charles Stark Draper Laboratory

Arun [email protected]

Lockheed Martin RMS Jim [email protected]

MIT Adam [email protected]

SRI International Robert [email protected]

UC San Diego Dean M. [email protected]

University of Michigan Todd [email protected]

Galois, Inc. Joe [email protected]

Electronic Systems Need Better Hardware Protection

SSITH eliminates whole classes of hardware vulnerabilities and will address current and future vulnerabilities

Today: Patch and Pray Tomorrow: SSITH*2800 vulnerability instances

2800 software patchesSSITH will protect against

all 7 hardware classes

*2015 MITRE-recorded hardware vulnerabilities

Technical ApproachAut om a t e d s ys t e m s e curit y m e t ric s fra m e w ork a nd t ools ; ob je c t ive a na lys is ; us e s form a l m e t hod s ; GFE IP d e ve lop m e nt a nd s up p ort : RISC- V b a s e line for e va lua t ion .

Technical ApproachTa gs on e ve ry w ord of d a t a a nd e ve ry ins t ruc t ion im p le m e nt b ound s che cking a nd p e rm is s ions ; e nca p s u la t ion ; form a l m e t hod s t o ve rify s e curit y; s e curit y a rch it e c t u re e xt e nd e d t o DMA e ngine s

Technical ApproachHa rd w a re s e curit y com p ile r w it h e nd - t o-e nd form a l ve rifica t ion ; ge ne ric s up p ort for t a gging p olic ie s ; com p a rt m e nt a lize d s e cure e nc la ve s .

Technical ApproachAnt i- fra gilit y a p p roa ch le a rns from a t t a cks ; m a ch ine le a rn ing b a s e d on Ha rd w a re Pe rform a nce Re gis t e rs ; e ffic ie n t X86 im p le m e nt a t ion le ve ra ging m ic ro- op s .

Technical ApproachHigh e n t rop y (ha rd t o ha ck) p lus ra p id churn ing (no t im e t o e xp lo it ) t o m e d ia t e “und e fine d s e m a nt ic s ”; t a gging; e nc ryp t ion ; re loca t ion of m e m ory a re a s .

Technical ApproachCom b ina t ion of e ffic ie n t t a gging, fe nce d re gions , p ro t e c t ion d om a ins , p e r- t h re a d ke ying, a nd m e m ory e nc ryp t ion ; s e curit y ha rd w a re in p a ra lle l w it h CPU; No s ource cha nge s (b ina ry a na lys is ).

Technical ApproachEve ry w ord ha s m e t a d a t a + e ve ry ins t ruc t ion is che cke d b a s e d on fle xib le s e curit y m ic ro- p olic ie s d e fine d in s oft w a re (DSL); com p a rt m e nt a liza t ion ; PPASS w orkb e nch .

PM: Linton Salmon DARPA/MTO

De s ign & Se curit y
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]