Jed Liu Joe CorbettDavies Andrew Ferraiuolo Alexander Ivanov Mulong Luo G Edward Suh Andrew C Myers Mark Campbell 4 th ACM Workshop on CyberPhysical Systems Security and Privacy ID: 727056
Download Presentation The PPT/PDF document "Secure Autonomous CPS Through Verifiable..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Secure Autonomous CPS Through Verifiable Information Flow Control
Jed LiuJoe Corbett-DaviesAndrew FerraiuoloAlexander IvanovMulong LuoG. Edward SuhAndrew C. MyersMark Campbell4th ACM Workshop on Cyber-Physical Systems Security and Privacy19 October 2018Slide2
Networked
CPSes are everywhere!Jed Liu – Secure autonomous CPS through verifiable information flow controlSlide3
Networked
CPSes are everywhere!Jed Liu – Secure autonomous CPS through verifiable information flow control
InternetSlide4
Networked
CPSes are everywhere!Jed Liu – Secure autonomous CPS through verifiable information flow control
InternetSlide5
Networked
CPSes are everywhere!Jed Liu – Secure autonomous CPS through verifiable information flow control
InternetSlide6
Networked
CPSes are everywhere!Jed Liu – Secure autonomous CPS through verifiable information flow control
InternetSlide7
A new approach
General architecture for secure CPSCo-develop hardware, software, control algorithmsSecurity designed into all levels of systemLeverage information-flow controlSecurity-typed languages for software & hardwareJed Liu – Secure autonomous CPS through verifiable information flow controlSlide8
System model (autonomous vehicle)
Jed Liu – Secure autonomous CPS through verifiable information flow controlVehicle hardwareSlide9
System model (autonomous vehicle)
Jed Liu – Secure autonomous CPS through verifiable information flow controlVehicle hardwareSafety-criticalsoftware
Untrusted
softwareSlide10
System model (autonomous vehicle)
Jed Liu – Secure autonomous CPS through verifiable information flow controlMakes control decisionse.g., planning, perceptionVehicle hardware
Safety-critical
software
Untrusted
softwareSlide11
System model (autonomous vehicle)
Jed Liu – Secure autonomous CPS through verifiable information flow controlMakes control decisionse.g., planning, perceptionEverything elsee.g., entertainmentVehicle hardware
Safety-critical
software
Untrusted
softwareSlide12
System model (autonomous vehicle)
Jed Liu – Secure autonomous CPS through verifiable information flow controlAssumption: vehicle isa single monolithic hardware deviceSimplifies modelSecurity more difficultHardware isolation fails in practiceJeep attack [MV’15]Vehicle hardware
Safety-critical
software
Untrusted
softwareSlide13
System model (autonomous vehicle)
Jed Liu – Secure autonomous CPS through verifiable information flow controlEnvironmentSensorsGPS, Radar,Lidar, vision,etc.
Vehicle hardware
Safety-critical
software
Untrusted
software
Internet
Network
maps, traffic,
music, etc.Slide14
Adversary model
Jed Liu – Secure autonomous CPS through verifiable information flow controlSecurity goalDefend safety-critical softwarefrom remote adversaryEnvironment
Sensors
GPS, Radar,
Lidar, vision,
etc.
Vehicle hardware
Safety-critical
software
Untrusted
software
Internet
Network
maps, traffic,music, etc.Slide15
Adversary model
Jed Liu – Secure autonomous CPS through verifiable information flow controlEnvironmentSensorsGPS, Radar,Lidar, vision,etc.
Vehicle hardware
Safety-critical
software
Untrusted
software
Internet
Network
maps, traffic,
music, etc.
Security goal
Defend safety-critical software
from remote adversaryAdversary
Can manipulate some
sensors & network
inputsSlide16
Adversary model
Jed Liu – Secure autonomous CPS through verifiable information flow controlEnvironmentSensorsGPS, Radar,Lidar, vision,
etc.
Vehicle hardware
Safety-critical
software
Untrusted
software
Internet
Network
maps, traffic,
music, etc.
Security goal
Defend safety-critical software
from remote adversary
Adversary
Can manipulate some
sensors & network
inputs
Controls all untrusted
softwareSlide17
ThreatsManipulate sensors & network inputs
Control untrusted softwareJed Liu – Secure autonomous CPS through verifiable information flow controlSlide18
ThreatsManipulate sensors & network inputs
Control untrusted softwareJed Liu – Secure autonomous CPS through verifiable information flow controlAttacks on control algorithms & implementationAttacks on underlying OS & hardwareSlide19
ThreatsManipulate sensors & network inputs
Provide bad maps, spoof sensors, tamper w/ env.Control untrusted softwareJed Liu – Secure autonomous CPS through verifiable information flow controlSlide20
ThreatsManipulate sensors & network inputs
Provide bad maps, spoof sensors, tamper w/ env.Exploit vulnerabilities in software implementationmemory safety bugs, inappropriate use of unverified inputsControl untrusted softwareJed Liu – Secure autonomous CPS through verifiable information flow controlSlide21
Threats
Manipulate sensors & network inputsProvide bad maps, spoof sensors, tamper w/ env.Exploit vulnerabilities in software implementationmemory safety bugs, inappropriate use of unverified inputsControl untrusted softwareExploit OS bugs to break software isolationExploit hardware:Bugs that break software isolationHardware-level timing interferenceslows down safety-critical softwareJed Liu – Secure autonomous CPS through verifiable information flow controlOrder of magnitudedifference! [MM’07]Slide22
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlSecurity integrated into full system stackPolicies at language level, pushed into hardwareSlide23
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlSecurity integrated into full system stackPolicies at language level, pushed into hardwareSecurity-typed languages to design hardware & softwareSlide24
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlUntrustedsoftwareInternet
Environment
raw sensors & inputsSlide25
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlUntrustedsoftwareInternet
Environment
raw sensors & inputs
Design system w/ redundant inputs
Verify each input against the others
Highly consistent inputs
highly trusted
Verification
labelled
sensors & inputsSlide26
Threats
Manipulate sensors & network inputsProvide bad maps, spoof sensors, tamper w/ env.Exploit vulnerabilities in software implementationmemory safety bugs, inappropriate use of unverified inputsControl untrusted softwareExploit OS bugs to break software isolationExploit hardware:Bugs that break software isolationHardware-level timing interferenceslows down safety-critical softwareJed Liu – Secure autonomous CPS through verifiable information flow controlSlide27
Threats
Manipulate sensors & network inputsProvide bad maps, spoof sensors, tamper w/ env.Exploit vulnerabilities in software implementationmemory safety bugs, inappropriate use of unverified inputsControl untrusted softwareExploit OS bugs to break software isolationExploit hardware:Bugs that break software isolationHardware-level timing interferenceslows down safety-critical softwareJed Liu – Secure autonomous CPS through verifiable information flow controlSlide28
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlUntrustedsoftwareVerification
Perception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputsSlide29
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlUntrustedsoftwareVerification
Perception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Programmed in Jif [POPL’99]Slide30
General architecturefor secure autonomous CPS
UntrustedsoftwareVerificationPerception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Programmed in Jif
[POPL’99]
Quick primer on Jif
Java-based
Memory safety
Jed Liu – Secure autonomous CPS through verifiable information flow controlSlide31
General architecturefor secure autonomous CPS
UntrustedsoftwareVerificationPerception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Programmed in Jif
[POPL’99]
Quick primer on Jif
Java-based
Memory safety
Enforces
information-flow security
Labels part of types
Jed Liu – Secure autonomous CPS through verifiable information flow controlSlide32
General architecturefor secure autonomous CPS
UntrustedsoftwareVerificationPerception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Programmed in Jif
[POPL’99]
Quick primer on Jif
Java-based
Memory safety
Enforces
information-flow security
Labels part of types
Jed Liu – Secure autonomous CPS through verifiable information flow control
00100000
00100110
11100111
11101010
00100000
00100110
11100111
11101010
T
USlide33
General architecturefor secure autonomous CPS
UntrustedsoftwareVerificationPerception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Programmed in Jif
[POPL’99]
Quick primer on Jif
Java-based
Memory safety
Enforces
information-flow security
Labels part of types
Jed Liu – Secure autonomous CPS through verifiable information flow control
“flows to”
⊑
00100000
00100110
11100111
11101010
00100000
00100110
11100111
11101010
T
USlide34
General architecturefor secure autonomous CPS
UntrustedsoftwareVerificationPerception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Programmed in Jif
[POPL’99]
Quick primer on Jif
Java-based
Memory safety
Enforces
information-flow security
Labels part of types
Downgrading via
endorse
Jed Liu – Secure autonomous CPS through verifiable information flow control
“flows to”
⊑
00100000
00100110
11100111
11101010
00100000
00100110
11100111
11101010
T
USlide35
Threats
Manipulate sensors & network inputsProvide bad maps, spoof sensors, tamper w/ env.Exploit vulnerabilities in software implementationmemory safety bugs, inappropriate use of unverified inputsControl untrusted softwareExploit OS bugs to break software isolationExploit hardware:Bugs that break software isolationHardware-level timing interferenceslows down safety-critical softwareJed Liu – Secure autonomous CPS through verifiable information flow controlSlide36
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlInternetEnvironment
raw sensors & inputs
Untrusted
software
Verification
Perception
&
Planning
labelled
sensors & inputs
Vehicle
controlsVerified microkernel OS (e.g., seL4 [KEH+
’09])Slide37
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlUntrustedsoftware
Verification
Perception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Processor with timing compartmentsVerified w/
ChiselFlow
security-typed HDL
[CCS’18]
timing-sensitive
information-flow security
Verified microkernel OS (e.g., seL4
[KEH
+
’09]
)Slide38
Overview of HW timing isolation
Jed Liu – Secure autonomous CPS through verifiable information flow controlSlide39
Overview of HW timing isolation
Identify the security domain for each resource requestTiming compartment: security domain for timing isolationAllocate hardware resources to each timing compartmentSpatial partitioning for stateful resourcese.g., memory, caches, TLB, BHT, BTBTemporal partitioning for stateless resourcese.g., I/O ports, interconnect, memory channelsJed Liu – Secure autonomous CPS through verifiable information flow controlSlide40
Hardware security tags
Information-flow security enforced w/ explicit hardware tagsTag for each core, register, memory page, etc.Each cache/memory access taggedSimilar to Jif labelsJed Liu – Secure autonomous CPS through verifiable information flow control
Core 1
Crypto
Engine
Core 2
On-Chip Interconnect
Memory Controller
I/O
L1
L2 cache
L1
DRAM
DMA
tag
tag
Peripheral
tag
tag
tag
tag
tag
tag
tag
tag
RF
RFSlide41
Spatial partitioning
Removes timing interference through stateful elementsCaches, buffers, etc.Allocate state to each timing compartmentFlush state to prevent vulnerabilities when allocation changesJed Liu – Secure autonomous CPS through verifiable information flow controlL3 Cache
Core
Core
Core
Core
L1/2
L1/2
L1/2
L1/2
L3 Cache
L3 access comes
w
ith a TCIDSlide42
Temporal partitioning
Removes timing interference through resource contentione.g., I/O ports, on-chip interconnects, DRAM channelsTiming compartments take turns accessing the resourceTime-division multiplexingJed Liu – Secure autonomous CPS through verifiable information flow control
DRAM Time Slots
Time
TC 0
TC 1
TC N
TurnSlide43
General architecturefor secure autonomous CPS
Jed Liu – Secure autonomous CPS through verifiable information flow controlUntrustedsoftware
Verification
Perception
&
Planning
labelled
sensors & inputs
Vehicle
controls
Internet
Environment
raw sensors & inputs
Processor with timing compartmentsVerified w/ ChiselFlow
security-typed HDL
[CCS’18]
timing-sensitive in
formation-flow security
Programmed in
Jif
[POPL’99]
:
memory safety
information-flow security
Verified microkernel OS (e.g., seL4
[KEH
+
’09]
)Slide44
Two prototypes
Secure processor: HyperFlow [CCS’18]Extends single-core RISC-V Rocket processorFull timing-channel protectionChecked w/ security type system in ChiselFlowSegway robot softwareVerifier & planner for lane followingWorking on Jif compiler for RISC-VJed Liu – Secure autonomous CPS through verifiable information flow controlSlide45
Two prototypes
Secure processor: HyperFlow [CCS’18]Extends single-core RISC-V Rocket processorFull timing-channel protectionChecked w/ security type system in ChiselFlowSegway robot softwareVerifier & planner for lane followingJif compiler for RISC-V under developmentJed Liu – Secure autonomous CPS through verifiable information flow controlSlide46
Software prototype
Jed Liu – Secure autonomous CPS through verifiable information flow controlSlide47
Map data
Jed Liu – Secure autonomous CPS through verifiable information flow controlGround truthlane centre(shown forreference)Lane reward function
Expected landmark location
Verified against landmarks
in environment
Used
ArUco
tags to
simplify sensor processingSlide48
Software implementation
Map verifier & A*-based planner—630 lines of Jif1,000 lines of Java code for network communicationJed Liu – Secure autonomous CPS through verifiable information flow controlclass Map[T,U] where T ⊑ U { Grid{U} unverif; Grid{T} verif;}
void
verify(map, sensor) {
if
(
canVerify
(map, sensor))
map.verif
=
endorse(map.unverif); else map.verif = null;}Plan{T} plan(start, goal, map) { // If map unverified, use contingency. Grid grid = map.verif; if (grid == null) return contingency(start, goal); // Do A*. return
astar(start, goal, grid);}Slide49
Software implementationMap verifier & A*-based planner—630 lines of Jif
1,000 lines of Java code for network communicationJed Liu – Secure autonomous CPS through verifiable information flow controlclass Map[T,U] where T ⊑ U { Grid{U} unverif; Grid{T} verif;}
void
verify(map, sensor) {
if
(
canVerify
(map, sensor))
map.verif
=
endorse(map.unverif); else map.verif = null;}Plan{T} plan(start, goal, map) { // If map unverified, use contingency. Grid grid = map.verif; if (grid == null) return contingency(start, goal); // Do A*. return
astar(start, goal, grid);}Slide50
Software implementationMap verifier & A*-based planner—630 lines of Jif
1,000 lines of Java code for network communicationJed Liu – Secure autonomous CPS through verifiable information flow controlclass Map[T,U] where T ⊑ U { Grid{U} unverif; Grid{T} verif;}
void
verify(map, sensor) {
if
(
canVerify
(map, sensor))
map.verif
=
endorse(map.unverif); else map.verif = null;}Plan{T} plan(start, goal, map) { // If map unverified, use contingency. Grid grid = map.verif; if (grid == null) return contingency(start, goal); // Do A*. return
astar(start, goal, grid);}Slide51
Software implementationMap verifier & A*-based planner—630 lines of Jif
1,000 lines of Java code for network communicationJed Liu – Secure autonomous CPS through verifiable information flow controlclass Map[T,U] where T ⊑ U { Grid{U} unverif; Grid{T} verif;}
void
verify(map, sensor) {
if
(
canVerify
(map, sensor))
map.verif
=
endorse(map.unverif); else map.verif = null;}Plan{T} plan(start, goal, map) { // If map unverified, use contingency. Grid grid = map.verif; if (grid == null) return contingency(start, goal); // Do A*. return
astar(start, goal, grid);}Slide52
Software implementationMap verifier & A*-based planner—630 lines of Jif
1,000 lines of Java code for network communicationJed Liu – Secure autonomous CPS through verifiable information flow controlclass Map[T,U] where T ⊑ U { Grid{U} unverif; Grid{T} verif;}
void
verify(map, sensor) {
if
(
canVerify
(map, sensor))
map.verif
=
endorse(map.unverif); else map.verif = null;}Plan{T} plan(start, goal, map) { // If map unverified, use contingency. Grid grid = map.verif; if (grid == null) return contingency(start, goal); // Do A*. return
astar(start, goal, grid);}Slide53
Software implementationMap verifier & A*-based planner—630 lines of Jif
1,000 lines of Java code for network communicationJed Liu – Secure autonomous CPS through verifiable information flow controlclass Map[T,U] where T ⊑ U { Grid{U} unverif; Grid{T} verif;}
void
verify(map, sensor) {
if
(
canVerify
(map, sensor))
map.verif
=
endorse(map.unverif); else map.verif = null;}Plan{T} plan(start, goal, map) { // If map unverified, use contingency. Grid grid = map.verif; if (grid == null) return contingency(start, goal); // Do A*. return
astar(start, goal, grid);}Slide54
Evaluation: input validation
Jed Liu – Secure autonomous CPS through verifiable information flow controlMalicious map
Robot position
Landmark
measurementSlide55
DemoSlide56
Related work
Attack modalitiesConventional vehicles (Checkoway+ 2011)Iran RQ-170 incident 2014Control-algorithm securitySignal cross-validation (Pajic+ 2017)Anomaly detection (Tian+ 2010, Xie+ 2011)Formal methodsQuant. info flow for CPS (Morris+ 2017)ROSCoqTiming verification w/ SpaceEx(Ziegenbein+ 2015)Jed Liu – Secure autonomous CPS through verifiable information flow control
Secure HDL
Caisson (2011), Sapper (2014),
SecVerilog
(2015)
Secure processors
Tiwari
+
2011,
Ferraiuolo
+ 2017Secure CPS integrationVeriphy (2018)Restart-based security (Abad+ 2016, Abdi+ 2017, Arroyo+ 2017)Our contribution: a new system architectureVerified hardwareLanguage-based information flow in softwareCross-sensor input verificationSlide57
Secure Autonomous CPS Through Verifiable Information Flow Control
Jed LiuJoe Corbett-DaviesAndrew FerraiuoloAlexander IvanovMulong LuoG. Edward SuhAndrew C. MyersMark Campbell
Untrusted
software
Verification
Perception
&
Planning
labelled
sensors & inputs
Vehicle
controls
raw sensors & inputs
Verified processor with timing compartments
Programmed in Jif
memory safety
information-flow security
Verified microkernel OS