Microkernel security evaluation.

This thesis documents the successful development and testing of a more secure industrial control system field device architecture and software. The implementation of a secure field device has had limitations in the past due to a lack of secure operating system and guidelines. With the recent verification of OK Labs SEL4 microkernel, a verified operating system for such devices is possible, creating a possibility for a secure field device following open standards using known security protocols and low level memory and functionary isolation. The virtualized prototype makes use of common hardware and an existing secure field device architecture to implement a new level of security where the device is verified to function as expected. The experimental evaluation provides performance data which indicates the usefulness of the architecture in the field and security function integration testing to guarantee secure programs can be implemented on the device. Results of the devices functionality are hopeful, showing useful performance for many applications and further development as a fully functional secure field device

Time Protection: the Missing OS Abstraction

Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection in addition to the established memory protection. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate its efficacy as well as performance overhead on Arm and x86 processors

seL4 Microkernel for virtualization use-cases: Potential directions towards a standard VMM

Virtualization plays an essential role in providing security to computational systems by isolating execution environments. Many software solutions, called hypervisors, have been proposed to provide virtualization capabilities. However, only a few were designed for being deployed at the edge of the network, in devices with fewer computation resources when compared with servers in the Cloud. Among the few lightweight software that can play the hypervisor role, seL4 stands out by providing a small Trusted Computing Base and formally verified components, enhancing its security. Despite today being more than a decade with seL4 microkernel technology, its existing userland and tools are still scarce and not very mature. Over the last few years, the main effort has been put into increasing the maturity of the kernel itself and not the tools and applications that can be hosted on top. Therefore, it currently lacks proper support for a full-featured userland Virtual Machine Monitor, and the existing one is quite fragmented. This article discusses the potential directions to a standard VMM by presenting our view of design principles and feature set needed. This article does not intend to define a standard VMM, we intend to instigate this discussion through the seL4 community

Secure Remote Attestation for Safety-Critical Embedded and IoT Devices

In recent years, embedded and cyber-physical systems (CPS), under the guise of Internet-of-Things (IoT), have entered many aspects of daily life. Despite many benefits, this develop-ment also greatly expands the so-called attack surface and turns these newly computerizedgadgets into attractive attack targets. One key component in securing IoT devices is malwaredetection, which is typically attained with (secure) remote attestation. Remote attestationis a distinct security service that allows a trusted verifier to verify the internal state of aremote untrusted device. Remote attestation is especially relevant for low/medium-end em-bedded devices that are incapable of protecting themselves against malware infection. Assafety-critical IoT devices become commonplace, it is crucial for remote attestation not tointerfere with the device’s normal operations. In this dissertation, we identify major issues inreconciling remote attestation and safety-critical application needs. We show that existingattestation techniques require devices to perform uninterruptible (atomic) operations duringattestation. Such operations can be time-consuming and thus may be harmful to the device’ssafety-critical functionality. On the other hand, simply relaxing security requirements of re-mote attestation can lead to other vulnerabilities. To resolve this conflict, this dissertationpresents the design, implementation, and evaluation of several mitigation techniques. In par-ticular, we propose two light-weight techniques capable of providing interruptible attestationmodality. In contrast to traditional techniques, our proposed techniques allow interrupts tooccur during attestation while ensuring malware detection via shuffled memory traversals ormemory locking mechanisms. Another type of techniques pursued in this dissertation aimsto minimize the real-time computation overhead during attestation. We propose using peri-odic self-measurements to measure and record the device’s state, resulting in more flexiblescheduling of the attestation process and also in no real-time burden as part of its interactionwith verifier. This technique is particularly suitable for swarm settings with a potentiallylarge number of safety-critical devices. Finally, we develop a remote attestation HYDRAarchitecture, based on a formally verified component, and use it as a building block in ourproposed mitigation techniques. We believe that this architecture may be of independentinterest

Formally designing and implementing cyber security mechanisms in industrial control networks.

This dissertation describes progress in the state-of-the-art for developing and deploying formally verified cyber security devices in industrial control networks. It begins by detailing the unique struggles that are faced in industrial control networks and why concepts and technologies developed for securing traditional networks might not be appropriate. It uses these unique struggles and examples of contemporary cyber-attacks targeting control systems to argue that progress in securing control systems is best met with formal verification of systems, their specifications, and their security properties. This dissertation then presents a development process and identifies two technologies, TLA+ and seL4, that can be leveraged to produce a high-assurance embedded security device. The method presented in this dissertation takes an informal design of an embedded device that might be found in a control system and 1) formalizes the design within TLA+, 2) creates and mechanically checks a model built from the formal design, and 3) translates the TLA+ design into a component-based architecture of a native seL4 application. The later chapters of this dissertation describe an application of the process to a security preprocessor embedded device that was designed to add security mechanisms to the network communication of an existing control system. The device and its security properties are formally specified in TLA+ in chapter 4, mechanically checked in chapter 5, and finally its native seL4 architecture is implemented in chapter 6. Finally, the conclusions derived from the research are laid out, as well as some possibilities for expanding the presented method in the future

SGXIO: Generic Trusted I/O Path for Intel SGX

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel introduced SGX, which allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave. However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices. This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices. To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves. SGXIO surpasses traditional use cases in cloud computing and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise. It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box. Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1

MicroTEE: Designing TEE OS Based on the Microkernel Architecture

ARM TrustZone technology is widely used to provide Trusted Execution Environments (TEE) for mobile devices. However, most TEE OSes are implemented as monolithic kernels. In such designs, device drivers, kernel services and kernel modules all run in the kernel, which results in large size of the kernel. It is difficult to guarantee that all components of the kernel have no security vulnerabilities in the monolithic kernel architecture, such as the integer overflow vulnerability in Qualcomm QSEE TrustZone and the TZDriver vulnerability in HUAWEI Hisilicon TEE architecture. This paper presents MicroTEE, a TEE OS based on the microkernel architecture. In MicroTEE, the microkernel provides strong isolation for TEE OS's basic services, such as crypto service and platform key management service. The kernel is only responsible for providing core services such as address space management, thread management, and inter-process communication. Other fundamental services, such as crypto service and platform key management service are implemented as applications at the user layer. Crypto Services and Key Management are used to provide Trusted Applications (TAs) with sensitive information encryption, data signing, and platform attestation functions. Our design avoids the compromise of the whole TEE OS if only one kernel service is vulnerable. A monitor has also been added to perform the switch between the secure world and the normal world. Finally, we implemented a MicroTEE prototype on the Freescale i.MX6Q Sabre Lite development board and tested its performance. Evaluation results show that the performance of cryptographic operations in MicroTEE is better than it in Linux when the size of data is small.Comment: 8 pages, 8 figure