TIARA Trust-management, Intrusion- tolerance, Accountability and Reconstitution Architecture Howie Shrobe, Andre de Hon, Tom Knight
Jan 02, 2016
TIARATrust-management, Intrusion-tolerance,
Accountability and Reconstitution Architecture
Howie Shrobe, Andre de Hon, Tom Knight
TIARA Layers
Hardware:Security Tags Processing
Object Abstraction:Structured Memory,
Method Dispatch
Operating System:Hardware Management,Hardware Level Policy
Meta-Object Level:Wrapper Management
Access Control:Policy Enforcement S
ystem S
oftware
Plan Level:Self Monitoring and Recovery
Data Accountability:Provenance Tracking
Application Substrate:Application Data Management
Application
Middlew
are
Tiara Hardware Level
Building The Object Abstraction
Bounds
Identity
Type
Maintaining Data Provenance
Any single attack can ‘sink the boat’
EmergencyRaft
Fundamental ProblemFundamental Problem Based on monolithic security kernel & Based on monolithic security kernel & undifferentiated memoryundifferentiated memory All privileged operations in a single All privileged operations in a single security domainsecurity domain
Consequences:Consequences: Single domain breach gives attacker Single domain breach gives attacker everythingeverything
Many Interfaces and services Many Interfaces and services Huge, complex code base Huge, complex code base
Millions of lines of codeMillions of lines of code Many opportunities for bugsMany opportunities for bugs
Typically 1 bug per 100 LoCTypically 1 bug per 100 LoC Complexity scales closer to NComplexity scales closer to N22 than linear than linear
Impossible to completely vet Impossible to completely vet Large surface of vulnerability for attackLarge surface of vulnerability for attack
Origin of the Problem?Origin of the Problem? Good engineering tradeoffs based Good engineering tradeoffs based on 1970’s and 1980’s technologyon 1970’s and 1980’s technology Gates and memory were expensiveGates and memory were expensive Challenge to build fast, capable Challenge to build fast, capable systemssystems
Minimalist designs ruled the day Minimalist designs ruled the day RISCRISC
Separate domains Separate domains context switch context switch Known to be expensive (10KKnown to be expensive (10K100K 100K cycles)cycles)
System and software engineers System and software engineers know:know: Must avoid crossing domainsMust avoid crossing domains Conclusion:Conclusion: Efficiency means minimum Efficiency means minimum compartmentalizationcompartmentalization
IdeaIdea
Add metadata at the Add metadata at the word levelword level Tag on every word in Tag on every word in memorymemory
RoleRole CodeCode User dataUser data PointerPointer System dataSystem data
ContextContext Owner Owner PedigreePedigree
1010110001110001000011100101010
Data
Type
Context
Example:Example: 32 bit word 32 bit word 24 bits data24 bits data 4 bits type4 bits type 4 bits data context4 bits data context
Security compartmentSecurity compartment PedigreePedigree
[Shown small for illustration purpose only. All fields longer in practice.]
Tagged Data PathTagged Data Path
Data
Register File
Result Data
TagsUnit
Operand 1
Operand 2
Instruction
Tag 1Tag 2
PC
Result Tag
Trap Signal
Trap Dispatch AddressTag
ALU
Process Identifier
Metadata UsesMetadata Uses IsolationIsolation
Elaborate shortlyElaborate shortly Enforce OO modelEnforce OO model SandboxingSandboxing
Multi Level Security (MLS)Multi Level Security (MLS) IntegrityIntegrity Robust Error HandlingRobust Error Handling
Pointer abusePointer abuse Code bashingCode bashing BoundsBounds
PolicyPolicy AuditingAuditing SynchronizationSynchronization ……more in white paper…more in white paper…
Data Result Data
TagsUnit
Operand 1
Operand 2
Instr
Tag 1Tag 2
PC
Result Tag
Trap Signal
Trap Addr
Tag
ALU
PID
Efficient Hardware SupportEfficient Hardware Support
Process tags in Process tags in parallel with datapathparallel with datapath No impact on cycle No impact on cycle
timetime Leverage existing Leverage existing
speculation/in-order speculation/in-order exception and exception and retirement hardwareretirement hardware
Implement common-case Implement common-case fast with small Hash fast with small Hash Execution (HEX) unitExecution (HEX) unit Similar in Similar in
size/complexity to TLBsize/complexity to TLB
CostCost
Dominant cost {area, bandwidth} Dominant cost {area, bandwidth} for tagsfor tags All memories, register files, cachesAll memories, register files, caches HEX modest sizeHEX modest size Memory already dominant area in Memory already dominant area in processorsprocessors
E.g.:E.g.: 32b tag on 32b tag on 128b atomic word128b atomic word
Historical PredecessorsHistorical Predecessors
Burroughs B5000,6000 (1970s)Burroughs B5000,6000 (1970s) 3b tag3b tag Security based on high-level compiled Security based on high-level compiled codecode
Symbolics LISP Machine (1980s)Symbolics LISP Machine (1980s) 8b tag8b tag Only use for robust error handlingOnly use for robust error handling Not explicitly for securityNot explicitly for security
Intel i432 (~1980)Intel i432 (~1980) IBM System 38 (1980s)IBM System 38 (1980s)
1b tag1b tag
Compartment TagsCompartment Tags
Tag every word with a compartment Tag every word with a compartment IDID
Process PermissionsProcess Permissions
Policy table specifies rights for Policy table specifies rights for process on each compartmentprocess on each compartment
Support with HEXSupport with HEX
HEX Unit HEX Unit implements implements policy table on policy table on cycle-by-cycle cycle-by-cycle basisbasis
ResultResult Can haveCan have
Private data to processes (objects)Private data to processes (objects) Richly shared need-to-know data Richly shared need-to-know data
principle of least privilegeprinciple of least privilege WhileWhile
Transfer between objects/services as Transfer between objects/services as procedure callprocedure call
Few cycles, no expensive context Few cycles, no expensive context switchswitch
Change rulesChange rules Eliminate performance penalty for Eliminate performance penalty for strong isolationstrong isolation
Eliminate performance/security Eliminate performance/security tradeofftradeoff
Service IntegrityService Integrity
HEX can enforce policies to HEX can enforce policies to prevent service subversionprevent service subversion Only execute words tagged as Only execute words tagged as instructionsinstructions
Limit PC range for serviceLimit PC range for service Code is tagged write-onlyCode is tagged write-only Ordinary code not able to write Ordinary code not able to write instructionsinstructions Write instructions runable as service roleWrite instructions runable as service role
Enables: CompartmentalizationEnables: Compartmentalization
Double win:Double win: Breach containmentBreach containment
Avoid single point of failureAvoid single point of failureLimit impact of any breachLimit impact of any breach
Small code in compartmentSmall code in compartmentStrong abstraction Strong abstraction complexity complexity management management
~5K lines/compartment~5K lines/compartmentPlausibly verifiablePlausibly verifiable
No single or even doublepenetration can sink the boat
SecureRaft
Generic MechanismGeneric Mechanism
Metadata w/ Programmable HEX unitMetadata w/ Programmable HEX unit Flexible mechanismFlexible mechanism Does not build policy into hardwareDoes not build policy into hardware
Not even the fielding/use of metadata bitsNot even the fielding/use of metadata bits Large set of usesLarge set of uses
See white paperSee white paper
EnablesEnables Selectable security levelsSelectable security levels
Same hardware, different policiesSame hardware, different policies Experimentation Experimentation
New ideasNew ideas Different security strategiesDifferent security strategies
Tiara OS Level
Least Privilege
Isolation
No Kernel
ZKOS OverviewZKOS Overview Traditional Operating Systems:Traditional Operating Systems:
Operate on “Raw Seething Bits”Operate on “Raw Seething Bits” A A sseparate monolithic kernel all of whose eparate monolithic kernel all of whose
components have maximum privilegecomponents have maximum privilege KKernel separation achieved through address space ernel separation achieved through address space
mappingsmappings UUser calls for system service are different than ser calls for system service are different than
normal subroutine callsnormal subroutine calls SSystem services require context switchystem services require context switch
Zero-Zero-Kernel Operating System (ZKOS)Kernel Operating System (ZKOS) Operates on Structured Object-Oriented MemoryOperates on Structured Object-Oriented Memory KKernel functionality is not ernel functionality is not separateseparate or monolithic or monolithic Each kEach kernel component has limited privileges ernel component has limited privileges
corresponding to its taskcorresponding to its task KKernel components are in same address space as user ernel components are in same address space as user
codecode SSeparation achieved via STA taggingeparation achieved via STA tagging UUser calls for system services are normal procedure ser calls for system services are normal procedure
callscalls SSystem services do not require context switchystem services do not require context switch
ZKOS Structured MemoryZKOS Structured Memory
All memory is viewed as consisting of All memory is viewed as consisting of ObjectsObjects Extent, Type, IdentityExtent, Type, Identity
All objects are referenced only through All objects are referenced only through Object-ReferencesObject-References
Only the Memory Manager can create Only the Memory Manager can create object references (in concert with object references (in concert with Domain Manager)Domain Manager) Base, Bounds, Meta-DataBase, Bounds, Meta-Data
Object references are (nearly) Object references are (nearly) immutableimmutable
Object references do not carry Object references do not carry permissionspermissions
There are no raw pointers or pointer There are no raw pointers or pointer arithmeticarithmetic
Reclamation is via Garbage CollectionReclamation is via Garbage Collection No “Raw Seething Bits”No “Raw Seething Bits”
ZKOS Kernel-less IsolationZKOS Kernel-less Isolation ZKOS employs a modular architecture ZKOS employs a modular architecture together with security tagged memory to together with security tagged memory to manage interfaces between OS componentsmanage interfaces between OS components Isolation provide by security tags, not Isolation provide by security tags, not separate address spaceseparate address space
Each OS component operates in its own Each OS component operates in its own security contextssecurity contexts
Communication is via procedure callCommunication is via procedure call Interface memory for each component is separate Interface memory for each component is separate from internal memoryfrom internal memory
ZKOS Components are not different in kind ZKOS Components are not different in kind from other componentsfrom other components
All set-up and management of security-All set-up and management of security-context is done by the context is done by the Domain MangerDomain Manger
The domain manager only changes security The domain manager only changes security tags based on authority from the tags based on authority from the authorization systemauthorization system
Privilege carried in process credentialsPrivilege carried in process credentials
Interactions between ZKOS Interactions between ZKOS ComponentsComponents
Procedure call is the only way that Procedure call is the only way that components interactcomponents interact Procedures implemented by methodsProcedures implemented by methods Object-oriented modularity enforced by STAObject-oriented modularity enforced by STA
Internal code and data is inaccessible Internal code and data is inaccessible to all other components or processes to all other components or processes
Each component uses the following Each component uses the following security contexts for memory:security contexts for memory: Internal component dataInternal component data Internal component codeInternal component code Interface memoryInterface memory
Each component is authorized to perform Each component is authorized to perform only its designated tasksonly its designated tasks
Other components or processes are never Other components or processes are never authorized to access or modify internal authorized to access or modify internal data or code within OS components.data or code within OS components.
Examples: Least Privilege Examples: Least Privilege OperationOperation
Scheduler Scheduler Privilege to loads process id register Privilege to loads process id register in hardwarein hardware
No ability to change process No ability to change process credentialscredentials
No ability to examine or change No ability to examine or change application dataapplication data
System DebuggerSystem Debugger Privilege to examine stack of Privilege to examine stack of application processapplication process
Unable to see or modify private Unable to see or modify private application data on stackapplication data on stack
Tiara Software Level
Object System
Meta Object Protocol
Non-Bypassable Wrappers
Software Layers
Hardware:Security Tags Processing
Object Abstraction:Structured Memory,
Method Dispatch
Operating System:Hardware Management,Hardware Level Policy
Meta-Object Level:Wrapper Management
Access Control:Policy Enforcement S
ystem S
oftware
Plan Level:Self Monitoring and Recovery
Data Accountability:Provenance Tracking
Application Substrate:Application Data Management
Application
Middlew
are
Multi-method DispatchMulti-method Dispatch ZKOS is object oriented all the way down to the ZKOS is object oriented all the way down to the
memory levelmemory level All procedures are potentially implemented by All procedures are potentially implemented by
methods on object classesmethods on object classes Multi-method dispatch enables selection of the Multi-method dispatch enables selection of the
effective method based on the types of effective method based on the types of all all of of the argumentsthe arguments
Security method dispatch:Security method dispatch: Dispatches on all data arguments as usual Dispatches on all data arguments as usual But also dispatches on an additional But also dispatches on an additional process process
credentialcredential argument argument Process authorization credentialProcess authorization credential encodes the role & encodes the role &
privileges of the user-agent on whose behalf the privileges of the user-agent on whose behalf the process runsprocess runs System daemon credentialsSystem daemon credentials User credentialsUser credentials
Failure to match the process authorization Failure to match the process authorization credentials with a method’s invocation security credentials with a method’s invocation security context context Prevents the effective method from being executedPrevents the effective method from being executed Invokes a security exception handlerInvokes a security exception handler
Multi-method dispatch subsumes all object-Multi-method dispatch subsumes all object-oriented modelsoriented models
Wrapper MethodsWrapper Methods
There are different categories of There are different categories of methodsmethods PrimaryPrimary WrapperWrapper
The Effective Method is The Effective Method is combination of all applicable combination of all applicable methodsmethods Wrappers are called firstWrappers are called first Control whether primary method is Control whether primary method is called and with what argumentscalled and with what arguments
There can be different categories There can be different categories of wrapper methodsof wrapper methods
Meta Object Protocol (MOP)Meta Object Protocol (MOP)
Everything is an instance of some Everything is an instance of some classclass
Classes, Functions, and methods Classes, Functions, and methods are instances of meta-classesare instances of meta-classes
Methods on meta-classes control Methods on meta-classes control how the basic operations of the how the basic operations of the object system workobject system work Can build embedded object models with Can build embedded object models with different propertiesdifferent properties
Enough rope to take over and hang the Enough rope to take over and hang the useruser
Meta-Object methods can prevent doing Meta-Object methods can prevent doing bad things including undoing bad things including undoing themselvesthemselves
Tiara Software Level
Access Control
Execution Monitor
Access ControlAccess Control
Many security policies (like role-based Many security policies (like role-based access control) are access control) are naturallynaturally expressed expressed at an object level of granularity using at an object level of granularity using multi-method wrappersmulti-method wrappers Principal: Who is acting and in what rolePrincipal: Who is acting and in what role Operation: What is being doneOperation: What is being done Operands: To what objectsOperands: To what objects Role: Exclude user-agents from adopting Role: Exclude user-agents from adopting certain roles or from adopting them certain roles or from adopting them simultaneouslysimultaneously
Trust policies are defined on maximally Trust policies are defined on maximally general typesgeneral types Reduces the number of policies requiredReduces the number of policies required Provides automatic extension as new subtypes Provides automatic extension as new subtypes are definedare defined
Reduces the time complexity of checking type Reduces the time complexity of checking type and contextand context
Data types & data contexts grounded at Data types & data contexts grounded at hardware levelhardware level
RealOutput
SimulatedOutput
Real Environment (Implementation)
Simulated Environment (Model)
in
in'
out
out'
List ofConflicts
Translator
in out
SimulatedComponent
RealComponent
Reflection
Differencer
Execution Monitoring
Execution Monitoring
Program
Method
Data Model
Method
Method
Duplicated Data Model
Wrappers
Application Scripting
Application Tracking
Execution Monitor
Integrity Checks
Wrapper
Wrapper
Wrapper
Event Stream
Method Selection
Get event info
Get Next Cmd
Get Leg
Get Events
cmd
Get MovementGet Sortie
event
Add Event
Mission Plan
Add Additional Info
MissionPlan
Mission Plan
MissionPlan
Take Off?
Y N
Mission Plan
Mission Plan
Get Events
More Events?
Y N
Each component can be annotated with:
• Entry Events• Exit Events• Allowable Events
Control Flow
Data Flow
Tiara Software Level
Provenance Tracking
Provenance Tracking
• “Provenance Wrappers” imposed around computations
• Values are boxed in “TMS Like Structures”– Value– Support– Certainty
• Code rewritten to track flow through methods• Output boxed in TMS structure relating
outputs to inputs, computation performed, and people involved.
Provenance Based Operations
• Assessing reliability, trustability, accuracy of data– Bayesian propagation
• Revocation• Access Control• Trace Back and Drill Down• Diagnosis in the case of bad executions
AWDRAT
Recovery and
Regeneration
Adaptive Method
Selection
Trust Model: Behavior Compromis
es Attacks
Diagnosis
Architecture level
Execution Monitor
System Model
Application
Software
JavaWrappers
Model Compiler
Wrapper Synthesizer
Monitor Synthesizer
System DLL’s
SafeFamily Wrappers
Event Stream
Execution Discrepancies
Failure LocalizationCompromiseDescriptions
• Architectural monitoring• Wrapper synthesis• Diagnosis• Recovery and regeneration• Adaptive method selection• Trust modeling
The Trust Model and Recovery
• The Trust Model Includes Probability for Each Resource that it is in a compromised state.
• Diagnosis Updates the Trust Model• Trust Model is Read in Upon System Startup• Trust Model Guides method selection
TrustModel
Application
ExecutableCode
AWDRAT
Monitors
AWDRAT
Diagnostic
Service
Application
ExecutableCode
AWDRAT
DecisionTheoreticChoice
AWDRAT
DecisionTheoreticChoice
TrustModel
Tiara Application Demo
• Virtual Briefing Book• Built incrementally• Provenance for every entry
–Drill down
• Access control and degrading of info