verified sel4 on secure risc v processors
play

Verified seL4 on Secure RISC-V Processors and Other News in seL4 - PowerPoint PPT Presentation

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser LCA, Gold Coast, QLD, 2020-01-15 https://trustworthy.systems What is seL4? A 30-Year Dream 3 | LCA |


  1. Verified seL4 on Secure RISC-V Processors … and Other News in seL4 Land Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser • LCA, Gold Coast, QLD, 2020-01-15 https://trustworthy.systems

  2. What is seL4?

  3. A 30-Year Dream 3 | LCA | Gold Coast | Jan'20

  4. seL4: The Dream Come True! The world’s first operating- World’s most system kernel with provable advanced mixed- security enforcement Open Source criticality OS The world’s only The world’s fastest protected-mode OS microkernel, designed with complete, sound for real-world use timeliness analysis 4 | LCA | Gold Coast | Jan'20

  5. L4: 25 Years High-Performance Microkernels seL4: The latest member of the L4 microkernel family API Inheritance L4-embed. iOS secure Code Inheritance enclave OKL4-µKernel L4/MIPS OKL4-Microvisor Qualcomm modem chips L4/Alpha Codezero L3→L4 “X” Hazelnut Pistachio Fiasco Fiasco.OC GMD/IBM/Karlsruhe UNSW/NICTA/Data61 OK Labs Nova Dresden P4 → PikeOS Other (commercial) 93 94 95 01 02 03 04 05 06 07 08 09 10 11 12 96 97 98 99 00 5 | LCA | Gold Coast | Jan'20

  6. A Microkernel is not an OS VM Device drivers, file systems, crypto, Strong power management, virtual-machine App App Isolation App monitor are all usermode processes Linux Device Device App Device Device Driver Driver App File NW Device Process Memory Driver Driver App System Stack Driver Mgmt Mgmt VMM IPC Hypervisor Microkernel Microkernel = context-switching engine Processor Controlled Communication 6 | LCA | Gold Coast | Jan'20

  7. Core Mechanism: Object Capability Capability = Access Token: Eg. thread, Prima-facie evidence of privilege address Object space Obj reference Eg. read, Capabilities provide: write, send, Access rights • Fine-grained access execute… control • Reasoning about information flow 7 | seL4 Summit | DC | Sep'19

  8. Microkernel: seL4 vs Linux Licensing Valuable IP Valuable IP Your code (applications) Your code (applications) any… any… Your system TS system services: Your system services libs, drivers, file systems, services NW stacks, tools, … kernel.org source GPL v2 • core kernel any… BSD • device drivers • file systems Platform port: Platform port: • NW stacks Boiler • device drivers • timer • … • HW init TS kernel source • serial plate GPL v2 • HW init GPL v2 GPL v2 GPL v2 Boiler plate Details: https://microkerneldude.wordpress.com 8 | LCA | Gold Coast | Jan'20

  9. Military-Strength Security Autonomous trucks DARPA HACMS: DARPA HACMS: Retrofit existing Retrofit existing system! system! Unmanned Little Bird (ULB) Cross-Domain Secure Desktop Comms Compositor Dongle 9 | LCA | Gold Coast | Jan'20

  10. Verification

  11. World’s Most Secure OS: Arm v7 Confidentiality Integrity Availability Proof Proof f Model enforces o o r P security Abstract Functional correctness: Model C code only behaves Proof as specified Translation validation: Binary retains C Imple- Limitations (work in progress): C-code semantics mentation • Kernel initialisation not yet verified • MMU & caches modelled abstractly Proof Sound worst-case • Timing channels not ruled out execution time bound Binary code 11 | LCA | Gold Coast | Jan'20

  12. seL4 on RISC-V

  13. Background: HENSOLD Cyber Untrusted Secured app app File Crypto server Munich-based startup • Secure RISC-V processor • Based on open-source Ariane • Supply chain secured through logic encryption • Secure OS based on seL4 Disclosure: I have an interest • Targets defence, industrial control, critint, automotive in HENSOLDT Cyber 13 | LCA | Gold Coast | Jan'20

  14. Performance on RV64 Message-passing round-trip latency in cycles Not yet fully optimised! Arch Arch x86 32b x86 32b x86 64b x86 64b Arm 32b Arm 32b Arm 64b Arm 64b RISC-V 64b Intra address space Intra address space 427 427 565 565 625 625 752 752 690 Inter address space Inter address space 752 752 1041 1041 625 625 752 752 1006 Spectre-workaround disabled No ASIDS on HiFive (else much more expensive) Unleashed , else inter-AS would be same as intra-AS Hypervisor extensions (draft spec 0.5) supported in branch 14 | LCA | Gold Coast | Jan'20

  15. Verification: RISC-V Status Confidentiality Integrity Availability Proof Proof f o o r P Abstract Model Functional correctness: Proof RISC-V due Q1’20 Translation validation: C Imple- RISC-V due Q2’20 mentation Proof Sound WCET bound RISC-V in progress Binary code 15 | LCA | Gold Coast | Jan'20

  16. Experience with RISC-V Architecture • Kernel port straightforward: - simple and clean RISC architecture • Verification benefitted from cleanness U mode VU mode - … but some challenges from less typing in page tables apps VMM • Hypervisor (draft) extensions even simpler • M (machine) mode makes firmware explicit S mode HS mode - configures HW, delegates to S (supervisor) mode (Guest) OS hypervisor - emulates features not implemented in HW - should be verified M mode Firmware • Extensibility of ISA could be a concern - could undermine portability • Formal ISA spec is great! 16 | LCA | Gold Coast | Jan'20

  17. LCA’18 Refresher: Time Capabilities New thread attributes Classical thread attributes • Priority • Priority Not runnable Not runnable • Time slice if null if null • Scheduling context capability Limits CPU Capability Scheduling context object access! for time • T: period • C: budget (≤ T) Enables reasoning about time and temporal isolation C = 2 C = 250 for mixed-criticality systems T = 3 T = 1000 17 | LCA | Gold Coast | Jan'20

  18. Time Caps (MCS) Kernel Verification New Mainline MCS MCS Mainline Mainline Arm v7 Arm v7 RISC-V RISC-V Spec Spec Spec Spec Proof Proof Proof Proof Merge Merge Q2’20 Q1’20 Q1’20 C C C C Proof Proof Proof Proof Q2’20 Q2’20 Binary Binary Binary Binary 18 | LCA | Gold Coast | Jan'20

  19. Research: Time Protection

  20. Threats Speculation An “unknown unknown” until recently A “known unknown” for decades Microarchitectural Timing Channel 20 | seL4 Summit | DC | Sep'19

  21. Cause : Competition for HW Resources High Low Shared hardware • Inter-process interference Affect execution speed • Competing access to micro- architectural features • Hidden by the HW-SW contract! 21 | seL4 Summit | DC | Sep'19

  22. Sharing: Stateful Hardware High Low HW is capacity-limited • Interference during • concurrent access • time-shared access • Collisions reveal addresses • Usable as side channel Cache Any state-holding microarchitectural feature: • cache, branch predictor, pre-fetcher state machine 22 | seL4 Summit | DC | Sep'19

  23. Time Protection: Prevent Interference High Low Shared hardware Interference results from sharing Affect execution speed ⇒ Partition hardware: • spatially • temporally (time shared) 23 | seL4 Summit | DC | Sep'19

  24. Time Protection: Partition Hardware High Low High Low Temporally partition Flush Cache Cache Need Need Spatially partition both! both! Flushing useless for Cannot spatially partition on- High Low concurrent access core caches (L1, TLB, branch predictor, pre-fetchers) • HW threads • virtually-indexed • cores Cache • OS cannot control 24 | seL4 Summit | DC | Sep'19

  25. Spatially Partition: Cache Colouring High Low • Partitions get frames of disjoint colours PT TCB TCB PT • seL4: userland supplies kernel memory ⇒ colouring userland colours dynamic kernel memory • Per-partition kernel image to colour kernel [Ge et al. EuroSys’19] Cache RAM 25 | seL4 Summit | DC | Sep'19

  26. Temporal Partitioning: Flush on Switch Must remove any history dependence! Latency depends on prior execution! 1. T 0 = current_time() 2. Switch user context 3. Flush on-core state Time padding to Remove 4. Touch all shared data needed for return dependency 5. while (T 0 +WCET < current_time()) ; 6. Reprogram timer Ensure 7. return deterministic execution 26 | seL4 Summit | DC | Sep'19

  27. Challenge: Broken Hardware • Systematic study of COTS hardware (Intel and Arm) [Ge et al, APSys’18]: • contemporary processors hold state that cannot be reset HiSilicon A53 branch history buffer Intel branch history buffer 10 -1 Spy execution time 1000 10 -2 800 10 -3 10 -4 600 10 -5 400 Trojan signal 0 1 Small channel! Channel! 27 | seL4 Summit | DC | Sep'19

  28. Way Out: New HW-SW Contract! ISA is purely functional contract, abstracts too much away New contract (augmented ISA): All shared HW resources must be spatially or temporally partitionable by OS [Ge et al, APSys’18] RISC-V to the rescue: Strong commitment to making it happen! 28 | seL4 Summit | DC | Sep'19

  29. Community/ Ecosystem

Recommend


More recommend