NDLI: Micro-Policies: Formally Verified, Tag-Based Security Monitors

Please wait, while we are loading the content...

Micro-Policies: Formally Verified, Tag-Based Security Monitors

Swapsies on the Internet: First Steps towards Reasoning about Risk and Trust in an Open World

Tierless Programming and Reasoning for Networks

Short Paper: On High-Assurance Information-Flow-Secure Programming Languages

Memory-safe Execution of C on a Java VM

Short Paper: The Meaning of Attack-Resistant Systems

Dynamic Enforcement of Dynamic Policies

Micro-Policies: Formally Verified, Tag-Based Security Monitors

Content Provider	ACM Digital Library
Author	Hriţcu, Cǎtǎlin
Abstract	Many of today's vulnerabilities arise from the violation of known, but in-practice unenforceable, safety and security policies, including high-level programming models and critical invariants of low-level programs. This project is aimed at showing that a wide range of low-level security policies can be efficiently enforced by a mechanism for tag-based hardware-assisted reference monitors we call micro-policies. The micro-policy enforcement mechanism is low-level and fine-grained: large metadata tags are added to all machine words and these tags are efficiently checked and propagated on each machine instruction. The structure of the tags and the tag checking and propagation rules are defined by software. This provides great flexibility for defining policies and puts no arbitrary limitations on the size of the metadata and the number of policies supported. We have already investigated micro-policies for memory safety, control-flow integrity (CFI), compartment isolation, taint tracking, information-flow control (IFC), and dynamic sealing. Hardware caching of the software's decision and several targeted micro-architectural optimizations ensure that monitoring imposes modest impact on run-time (typically under 10%) and power ceiling (less than 10%), in return for some increase in energy usage (typically under 60%) and chip area (110%). A crucial part of this project is formally investigating the security guarantees provided by micro-policies. In recent work we introduced a methodology for defining and reasoning about such tag-based reference monitors in terms of a higher-level "symbolic machine." We used this methodology to define and formally verify micro-policies for IFC, dynamic sealing, compartmentalization, CFI, and memory safety; in addition, we showed how to use the tagging mechanism to protect its own integrity. For each micro-policy, we proved in Coq by refinement that the symbolic machine instantiated with the policy's rules embodies a high-level specification characterizing a useful security property. For micro-policies such as IFC and CFI we additionally used refinement to transport an extrinsic security property (e.g. non-interference, CFI) to the lowest level. Many interesting research challenges remain open for micro-policies. While so far we have studied micro-policies in isolation, in practice it is also necessary to study the interactions between micro-policies and the compiler, the linker, the loader, and the operating system (OS). As the first steps in this direction, we have started looking at using micro-policies for efficient fully abstract compilation and for compartmentalizing a tiny OS. Another challenging research question is when can micro-policies be safely composed, so that the guarantees they achieve in isolation are enforced by the composition. Certain micro-policies are known to compose sensibly, and micro-architectural optimizations ensure that they perform well on practical workloads, but the general picture of how to compose micro-policy correctness proofs remains unclear. Finally, our current hardware simulations are done for a single-core in-order RISC processor (an Alpha), while our formal work is for an even simpler idealized RISC. In the future we would like to scale our work to a modern RISC instruction set (e.g. ARM) and more advanced hardware features such as out-of-order execution and even multi-core.
Starting Page	1
Ending Page	1
Page Count	1
File Format	PDF
ISBN	9781450336611
DOI	10.1145/2786558.2786560
Language	English
Publisher	Association for Computing Machinery (ACM)
Publisher Date	2015-07-04
Publisher Place	New York
Access Restriction	Subscribed
Subject Keyword	Information-flow control Low-level code Policy composition Security architectures Full-abstraction Least-privilege design Tagged hardware Reference monitors Control-flow integrity Isolation Security policies Dynamic enforcement Memory safety Formal verification
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in