White-box Software Isolation with Fully Automated Black-box - PowerPoint Presentation

White-box Software Isolation with Fully Automated Black-box
White-box Software Isolation with Fully Automated Black-box

Embed / Share - White-box Software Isolation with Fully Automated Black-box


Presentation on theme: "White-box Software Isolation with Fully Automated Black-box"— Presentation transcript:

Slide1

White-box Software Isolation with Fully Automated Black-box Proofs

Jiaqi Tan

Rajeev Gandhi,

Priya

Narasimhan

PARALLEL DATA LABORATORY

Carnegie Mellon University

FMCAD 2015 Student ForumSlide2

Motivation

Software IsolationSafety property of software: External user input cannot subvert and control software executionEnsures software is safe from potentially malicious inputWhere is it important?

Safety-critical systems e.g., medical devices, avionics, cars

Lack of isolation

 Security vulnerabilities  Potentially catastrophic accidentsWhy White-box Isolation?Safety-critical systems: Need high-assuranceProgrammers need to see what safety-checks are doingWhy Black-box Proofs? Many connected, potentially safety-critical Internet-of-Things devices  Many programmers writing code for such devicesNeed fully-automated, black-box (no expert input) proofs

Jiaqi Tan © September 15

http://www.pdl.cmu.edu/

2Slide3

Black-Box Software Isolation Proofs

Jiaqi Tan © September 15

http://www.pdl.cmu.edu/

3

Machine-code

Source-code (e.g., C)

Compilation

void

arraycopy

(

int

*

src

,

int

*

dst

,

int

n) { unsigned int i; for (int i = 0; i < n; i++) { dst[i] = src[i]; }}

Computed memory write target: Dangerous

Source-code

Machine-code

Key Insight 1:

Potential isolation violations evident in machine-code

We

can automate isolation proofs in machine-codeSlide4

White-Box Software Isolation: Locations

Jiaqi Tan © September 15

http://www.pdl.cmu.edu/

4

Machine-code

Source-code (e.g., C)

Compilation

void

arraycopy

(

int

*

src

,

int

*

dst

,

int

n) { unsigned int i; for (int i = 0; i < n; i++) { dst[i] = src[i]; }}

Computed memory write target: Dangerous

Debug information helps us resolve this (for

unoptimized

code)

Source-code

Machine-code

Key Insight 2:

We can identify source-code locations from machine-code addresses for potential isolation violationsSlide5

White-Box Software Isolation: Hints for Remedies

Jiaqi Tan © September 15http://www.pdl.cmu.edu/

5

Source-code

Machine-code

void

arraycopy

(

int

*

src

,

int

*

dst

,

int

n) { unsigned int i; for (i = 0; i < n; ++i) { dst[i] = src[i];

}

}

#define SAFE(

array,idx

) = ……

if (SAFE(

dst,i)) {

}

.... (

safety check code

) ....

......e1a02102 lsl

r2, r2, #2

e51b1010

ldr

r1, [

fp

, #-16]

e0812002

add

r2, r1, r2

e5922000

ldr

r2, [r2]

e50b3008

str

r2 [r3]

e51b3008

ldr

r3, [

fp

, #-8]

e2833001

add

r3, r3, #1

e50b3008

str

r3, [

fp

, #-8]

e51b2018

ldr

r2, [

fp

, #-24]

......

Provides logic preconditions needed: Proves dangerous instruction is safe to run

Compilation

Machine-code

Source-code (e.g., C)

Compilation

Key Insight 3:

We can write code,

SAFE(

dst,i

)

, which gives us the necessary logic

pre-conditions for provable isolationSlide6

Visualization of Approach

Jiaqi Tan © September 15

http://www.pdl.cmu.edu/

6

Machine-code

Source-code (e.g., C)

Software Isolation Proof Generation (AUSPICE) [1]

Software Isolation Remedy Hint Generation

Software isolation violations manifest in machine-code behavior

 Prove isolation in machine-code

Programmers can only observe this level of abstraction

 Isolation enforcement mechanisms must be in source-code

Compilation

Safety Proof of Isolation

Proof Success

Proof Failure

Hints for source-code remedies for safety violations

Machine-code

Addresses Responsible for Proof- Failure

Programmer applies hints

HOL4 and Cambridge ARM Logic [2]

LLVM-Clang ToolingSlide7

References

[1] Jiaqi Tan, Hui Jun Tay, Rajeev Gandhi, Priya Narasimhan

. AUSPICE: Automatic Safety Property Verification for Unmodified Executables. In Working Conference on Verified Software: Tools, Theories and Experiments (VSTTE), July 2015.

[2] Magnus

Myreen, Anthony Fox, Michael Gordon. Hoare Logic for ARM Machine Code. In Fundamentals of Software Engineering (FSEN), 2007. Jiaqi Tan © September 15http://www.pdl.cmu.edu/7

Download Presentation

Download Presentation - The PPT/PDF document "White-box Software Isolation with Fully ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

View more...

If you wait a while, download link will show on top.Please download the presentation after loading the download link.

White-box Software Isolation with Fully Automated Black-box - Description

Jiaqi Tan Rajeev Gandhi Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon University FMCAD 2015 Student Forum Motivation Software Isolation Safety property of software External user input cannot subvert and control software execution ID: 463683 Download Presentation

Uploaded By: briana-ranney
Views: 68
Type: Public

Tags

isolation code int machine code isolation machine int software source jiaqi tan dst safety box src cmu pdl www

Related Documents