



Towards Incremental and Compositionally Verifiable Security for *CHIC-centric* Cyber Physical Systems

Amit Vasudevan, Ph.D. MTS-Senior Researcher, FV-CPS/ACPS/SSD

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

## **Document Markings**

Carnegie Mellon University Software Engineering Institute

Copyright 2021 Carnegie Mellon University.

This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.

The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation.

NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.

This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu.

Carnegie Mellon® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

DM21-0928

# **DoD Problem: Insecure CHIC-centric CPS Implementations**

Carnegie Mellon University



CHIC = criticality agnostic

Effective solution must meet these goals

PROVABLE

+

INNOCUOUS + COST-EFFECTIVE

# State of the Art and Shortcomings

| CHIC Stack Heterogeneity Challenge<br>CHIC Stack Implementation Security via Incremental, Composable, and Development Compatible Verification                                                                                                                        |                                                                                                               |                              |                                                                                                                                                                                                                                           |                                                                                                                                                                                                                                                                                                                                                 |  |  |  |  |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|
| Platforms                                                                                                                                                                                                                                                            | Software Layers                                                                                               | Configuration & Interactions | Ownership                                                                                                                                                                                                                                 | Development Pedigree                                                                                                                                                                                                                                                                                                                            |  |  |  |  |
| Only Security, No Verifica<br>Micro-kernels, Separation<br>MILS, isolation kernels,<br>small-TCB hypervisors<br>• Isolate components via<br>and/or SW<br>• Isolated components of<br>be exploited<br>• No privileged disaggre<br>Goals<br>PROVABLE<br>COST-EFFECTIVE | a kernels, seL4, co<br>a HW • Focu<br>(refir<br>• Trea<br>towa<br>• Stee<br>and •<br>• Cons<br>Goals<br>PROVA | EFFECTIVE                    | cs,)<br>as a VM)<br>fons "Every time we try to o<br>similar to seL4, we en<br>fixes which breaks pro<br>between critical softwa<br>an architecture that is<br>with security propertie<br>software stack and pla<br>need for modular, plug | do something real with solutions<br>d up with lots of code hacks and<br>bofs when achieving isolation<br>are components. We would favor<br>developer friendly and provides us<br>s for desired components in the<br>atform of our choice. There is a<br>g-and-play security solutions."<br>stman, VP R&D, Autonodyne<br>+ Golden Horde Awardee] |  |  |  |  |

Towards Incremental and Compositionally Verifiable Security for CHIC-centric Cyber Physical Systems © 2021 Carnegie Mellon University

[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution.

# Our Solution: Incremental and Compositionally Verified Security of CHIC-centric CPS Stack Implementations

- üobjects: design time, singleton object abstraction for exclusive resource guards with secure interfaces
- üobject collection: runtime, protected group of üobjects
  - Root-of-Trust (RoT; hw, sw, hw-sw)
  - secure call routing
- AG reasoning theory on CHIC stack meshes unverified components and verified üobjects [Vasudevan et. al, USENIX Security 2016]

- Flexible implementation on platform and CHIC stack layer of choice
- Fine granularity retrofit
- CHIC-AG reasoning allows incremental, composable verification with free foundational properties + uobject specific properties
- Principled interfaces and resource closure allow state of the art verification techniques on multi-threaded uobject execution traces



Our vision for this strategy has been published at ACM SIGOPS OSR Journal

Amit Vasudevan, Petros Maniatis, Ruben Martins. **überSpark: Practical, Provable, End-to-End Guarantees on Commodity Heterogenous Interconnected Computing Platforms.** In ACM SIGOPS Operating Systems Review Journal – Special Issue on Formal Methods & Verification 2020

# Technical Approach – Building Blocks [Design Time]

### üobject



Towards Incremental and Compositionally Verifiable Security for CHIC-centric Cyber Physical Systems © 2021 Carnegie Mellon University

Carnegie Mellon

Universitv

© 2021 Carnegie Mellon University

# Technical Approach – Building Blocks [Runtime]

### üobject collection



Set of üobjects that share a memory address space RoT (Root-of-Trust) Boot-strap and protect üobject executions Sentinels Enforce call routings ٠ Caller/Callee mediation Logical privilege levels Flexible implementation

Towards Incremental and Compositionally Verifiable Security for CHIC-centric Cyber Physical Systems and unlimited distribution. Carnegie Mellon Universitv

Research Review 2021

# Technical Approach – On-Platform Secure Sensor Access



# Technical Approach: From Root-of-Trust to the Next Big Leap and Open Research Challenges

Carnegie Mellon University Software Engineering Institute

Scope: On-platform Secure Sensor Access



#### (Verified) Micro-Hypervisor Root-of-Trust: überXMHF (https://uberxmhf.org)

- 2013 x86 Automated Monolithic Verification with CBMC
  - Publication: IEEE S&P
  - Sponsor: US ARMY, NSF
- **2016** x86 Automated Compositional Verification with Frama-C and Compcert
  - Publication: USENIX Security
  - Sponsor: Intel, NSA SoS
- 2018 ARMv8 version on low-cost commodity platforms (Raspberry Pi)
  - Publication: IEEE Euro S&P [Best Paper]
  - Sponsor: DoD [CDRA SEI LSI]
- **2019** ARMv8 hyper-scheduler extension for mixed-trust real-time computing
  - Publication: IEEE RTCAS
  - Sponsor: DoD [RCT SEI LSI]
- **2020** Trusted edge security gateway extensions for IoT security
  - Publication: USENIX HotEdge
  - Sponsor: DoD [Kalki SEI LSI]

CHIC-stack Open Challenges beyond the micro-hypervisor layer:

- Multi-threading
- Hardware access (Within Scope)
- Legacy code access
- Programming idioms: deferred
  procedure calls, interrupts, call-backs
- Programming languages: C/C++/Assembly/Java (Within Scope)
- Challenges need to be addressed across four dimensions:
  - Security, Verifiability, Performance, Retrofit cost (SVPR)
- SVPR tradeoff evaluation is the foundational exploratory step towards next big leap!

[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution.

# Technical Approach: SVPR Tradeoff Evaluation

Carnegie Mellon University Software Engineering Institute

Collaboration with Autonodyne [Industry Partner]



<u>*RoT*</u>: überXMHF verified micro-hypervisor (µHV); Hardware (HW) partitioning + üobject instantiation

<u>*üobjects:*</u> sensor driver, CPS application end-point

<u>Secure calls</u>: µHV [hypcall]

| CHIC-centric<br>Rover platform |
|--------------------------------|
| -                              |
| - Series                       |

Off\_tha\_shalf

- ARM Platform
- Linux OS

Python CPS Application

Mission Functionality: Follow a pre-defined Way-point

Security Property: Secure On-platform Sensor Access

| <b>Research Question</b>                                                                | Success Criteria                                                                                                              |  |
|-----------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--|
| <b>Security:</b> Can we achieve security property?                                      | Rover with üobjects completes<br>mission in the presence of an<br>attack while mission fails on base<br>system (w/o üobjects) |  |
| Verifiability: Can we achieve composable, verifiable properties towards security?       | Automatically discharge<br>specifications directly on the code<br>(memory integrity sub property) and<br>compose with RoT     |  |
| Performance: Can<br>we achieve<br>acceptable<br>performance towards<br>security?        | Rover with üobjects completes<br>mission (w/o attack) within time<br>window comparable to base system<br>(w/o objects).       |  |
| <b>Retrofit:</b> Can we<br>achieve acceptable<br>retrofitting cost<br>towards security? | Prototype tool-chain for developers<br>to interact with üobjects similar to<br>interfacing with existing OS APIs              |  |

Towards Incremental and Compositionally Verifiable Security for CHIC-centric Cyber Physical Systems © 2021 Carnegie Mellon University

[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution.

# Security Objective

Security Scope: On-Platform Secure Sensor Access Integrity protection of the CPS app., sensor driver with authentic sensor data flow between them

### **Research Question**

Can we achieve security property?

### **Evaluation Metrics**

Simulated Memory Integrity Attack

### **Success Criteria**

Rover with üobjects completes mission while mission fails on base system (without üobjects)

# Security Objective

### Security Scope: On-Platform Secure Sensor Access Integrity protection of the CPS app, sensor driver with authentic sensor data flow between them

- Designed and implemented secure sensor access mechanism using RoT-backed üobjects
- üobjects memory protection via RoT so they cannot be directly manipulated from any other system components
- HMAC used for sensor data integrity and authenticity between sensor driver uobject and CPS application üobject
- HMAC keys are boot-strapped into üobjects by RoT upon instantiation
- Our approach prevents sensor data integrity attacks and provides on-platform secure sensor access





### Demo! What You See is What You Get!

**Carnegie** Mellon University Software Engineering Institute

# Verifiability Objective

Security Scope: On-Platform Secure Sensor Access Integrity protection of the CPS app., sensor driver with authentic sensor data flow between them

### **Research Question**

Can we achieve composable verifiable properties towards security?

### **Evaluation Metrics**

TLA+/TLAPS model level specifications and proofs.

ACSL code-level specifications using Frama-C

### **Success Criteria**

Automatically discharge specifications directly on the code (memory safety sub-property) and compose with RoT Carnegie Mellon University Software Engineerii Institute

# Verifiability Objective: Overview of Approach

**Carnegie** Mellon University Software Engineering Institute

| CHIC-Centric CPS      | Encode CHIC-Centric  | Hierarchical,        | Discharge Invariants |
|-----------------------|----------------------|----------------------|----------------------|
| System Model and      | CPS System Model     | Mechanized, Proofs   | on C and Assembly    |
| Invariant Definitions | in TLA+ 🗲            | of Concurrent        | code (CPS app and    |
|                       |                      | Memory Safety        | drivers) separately, |
|                       | Mechanized Proofs of | Invariants via TLAPS | and using sequential |
|                       | Invariant in         | <b>→</b>             | verification tools   |
|                       | Distributed Setting) | Show invariants are  | (e.g., Frama-C)      |
|                       |                      | inductive            |                      |
|                       | <u>†</u>             | ↑ I                  | 1                    |

### Demo! What You See is What You Get!

**Carnegie** Mellon University Software Engineering Institute

# **Performance Objective**

Security Scope: On-Platform Secure Sensor Access Integrity protection of the CPS app, sensor driver with authentic sensor data flow between them

### **Research Question**

Can we achieve acceptable performance towards security?

### **Evaluation Metrics**

Benchmarks for CPS application and sensor I/O

### **Success Criteria**

Rover with üobjects completes mission (without attack) within time window comparable to base system (without objects)

Anticipated 8-15% CPU/Memory/Overhead

Towards Incremental and Compositionally Verifiable Security for CHIC-centric Cyber Physical Systems © 2021 Carnegie Mellon University

Carnegie Mellon

Universitv

# **Performance Objective**

- Collected results over 10 laps of the rover on the line-following circuit
- No micro-hypervisor, no üobject no attacker
  - RMS error 1.577 with average time per lap 19.79 secs
- Micro-hypervisor, üobject no attacker
  - RMS error 1.619 with average time per lap 19.81 secs
- Micro-hypervisor, üobject with attacker
  - RMS error 1.611 with average time per lap 24.55 secs
- CPU utilization is ~3%

Carnegie Mellon

University

# **Retrofit Objective**

Security Scope: On-Platform Secure Sensor Access Integrity protection of the CPS app, sensor driver with authentic sensor data flow between them

### **Research Question**

Can we achieve acceptable retrofitting cost towards security?

### **Evaluation Metrics**

SLoC (person-yr. effort) and function-variable metrics differential on driver and CPS app

### **Success Criteria**

Developers interact with üobjects similar to interfacing with existing OS APIs Carnegie Mellon University Software Engineerin Institute

# **Retrofit Objective**

**Carnegie Mellon University** Software Engineering Institute

### • SLoC

25 lines of Python code to cope with smoother turns on wood floor

~200 lines of C code for CPS application and sensor driver

• 4 Person Weeks

Developer who was new to the rover code-base

- Refactored sensor-driver code to adhere to üobject abstraction and perform HMAC functionality
  - C code  $\rightarrow$  C code with HMAC
- Refactored CPS application code to adhere to üobject abstraction and perform HMAC functionality
  - Python code  $\rightarrow$  C code with HMAC
- Interfacing to Root-of-Trust (RoT)
  - library to invoke üobjects with RoTbacked memory protections

# Publications and Open Source

- Amit Vasudevan, Petros Maniatis, Ruben Martins. überSpark: *Practical, Provable, End-to-End Guarantees on Commodity Heterogenous Interconnected Computing Platforms*. ACM SIGOPS Operating Systems Review Journal 2020.
- Towards Practical and Provable Guarantees on Commodity Heterogenous Interconnected Computing Platforms. NSA Workshop on Hot Topics in Science of Security 2021.
- *Towards Practical Security on Commodity Cyber Physical Systems*. To be submitted to ACM Transactions on Cyber Physical Systems (TCPS)
- Open Source Artifacts
  - https://github.com/uberspark/uberxmhf
  - <u>https://github.com/uberspark/uapp-SunFounder\_PiCar-S</u>
  - https://github.com/uberspark/uobjcoll-SunFounder\_Line\_Follower
  - <u>https://github.com/uberspark/uobjcoll-raspberrypi-linux-i2c-bcm2835</u>
  - https://github.com/uberspark/tests-and-evaluation

Carnegie <u>Me</u>llon

Universitv

# Summary: Research Successes and Future Work

### **Research Successes**

- We were able to realize RoT-backed security with üobjects on an existing CPS ecosystem with minimal performance and developer retrofit to protect against memory-integrity violation "class" of attacks
- We were able to successfully model the CHIC-centric CPS system in TLA+ and prove concurrent memory safety properties in a composable manner
- Our technical progress is illustrated by our demo, open-source artifacts, and papers
- DoD stakeholders continue to be very interested in this technology, including DoD industry collaborators (e.g., Autonodyne).

Future Work

- Scaling in the presence of multiple sensors/actuators.
- Discovering and addressing control algorithm structure and/or complexity
- Investigate TLA+ proof engineering to maintain mechanized proofs in addition to the already development compatible code-level verification

Carnegie Mellon University Software Engineering Institute

Why this work is important

DoD CPS are becoming key to all the modernization priorities in DoD.

Integrating provable cyber protection into these systems will be critical to the success and much better than layering patches on later.

Carnegie Mellon University



Amit Vasudevan, Ph.D. Principal Investigator MTS-Senior Researcher SEI/CMU



Anton Dimov Hristozov MTS–Software Engineer SEI/CMU



Bruce Krogh, Ph.D. Professor Emeritus SEI/CMU



Michael J McCall Associate Software Security Engineer SEI/CMU



Ruben Martins, Ph.D. System Scientist CMU/CSD



Raffaele Romagnoli, Ph.D.



Ter 100

Delbert Christman, Ph.D. VP R&D Autonodyne





## **Contact Information**

Presenter / Point of Contact match to Information Sheets

Name Dr. Amit Vasudevan

Title MTS – Senior Researcher SSD/ACPS/FVCPS

Telephone: +1 571.329.6340

Email: <u>avasudevan@sei.cmu.edu</u>

Carnegie Mellon University Software Engineering Institute