HardBlare: a hardware/software co-design approach for Information Flow Control

Abstract

HardBlare proposes a hardware/software solution to implement an anomaly-based approach to detect software attacks against confidentiality and integrity through Dynamic Information Flow Tracking (DIFT). HardBlare combines fine-grained DIFT with OS-level tagging which allows end-user to specify security policy.
Main outcome at the hardware level of HardBlare is the design of a dedicated multi-core DIFT co-processor on FPGA that does not require any modification of the main CPU. This contribution tackles one of the main challenges of the project. To achieve this goal, information required for DIFT is obtained both at compile-time and run-time through pre-computation during the compilation step, hardware trace mechanisms and instrumentation at run-time.
Main outcome at the software level of HardBlare is the Linux kernel modification to handle file tags and to support communication between the instrumented code and the co-processor, a patch of the official Linux PTM driver, Linux loader (ld.so) modification to load annotations to the co-processor and a LLVM backend pass to compute the annotations and instrument applications.
All validation has been performed on the Digilent ZedBoard using Xilinx ZYNQ SoC which combines two hardcores (ARM Cortex-A9) with a Xilinx FPGA.
Through its achievements HardBlare demonstrates that a hardware/software co-design approach for Information Flow Control corresponds to an efficient and promising solution.

HardBlare Presentation

The main goal of HardBlare is to propose an heterogeneous solution for embedded software security, featuring:

  • A flexible approach where both software and hardware security rules can be updated dynamically in a per application basis or in order to update security rules when new threats are discovered.
  • A large set of security rules.
  • A persistent tag management feature relying on OS support.
  • A cooperation mechanism between software static analysis and hardware information flow control to be able to monitor different types of information flow and so to address both confidentiality and integrity.
  • A complete prototype of the system on a SoC platform that combines an ASIC main processor (ARM) coupled with an FPGA, such as Xilinx Zynq devices.

The first PoC (Proof-of-Concept) relies on debug components available in ARM processors (also known as CoreSight components). ARM processors allow us to transfer debug information to an internal memory (Embedded Trace Buffer) or directly to the FPGA through the Trace/Packet Output (TPIU) :

The concept is to use such components to export some data such as branching addresses to an FPGA coprocessor. Here is a representation on the PoC implementation:

In order to do so, a static analysis must be performed to create annotations about the program behavior:

The PoC provides a complete framework including :

  • The hardware design (HDL codes and drivers)
  • Software stack (Linux, coprocessor drivers, etc) released as a Yocto distribution.

The Yocto Project is a Linux Foundation Collaborative open source Project whose goal is to produce tools and processes that enable the creation of Linux distributions for embedded software that are independent of the underlying architecture of the embedded hardware.

Threat model

We consider the following threat model:

  • We target software attacks that directly modify the values of containers (files, registers, memory);
  • We do not handle physical attacks (e.g. fault injection using laser or physical side-channel attacks);
  • We only monitor applications. The OS kernel is part of our Trusted Computing Base (TCB). We could reduce the TCB to the kernel code that manages file tags and communicates with the co-processor.

Project data and status

General information

  • Start: October 2015.
  • Duration: 3 years (but some works are still ongoing)
  • Funding: 2 PhD students and 1 PostDoc

Partners

  • IETR/CentraleSupélec (SCEE) @ Rennes
    • Pascal Cotret (Ass. Prof.) now at ENSTA Bretagne
    • Muhammad AbdulWahab (PhD student) now R&D engineer at Ultraflux
  • IRISA/CentraleSupélec/Inria (CIDRE) @ Rennes
    • Guillaume Hiet (Ass. Prof.)
    • Mounir Nasr Allah (PhD student)
  • Lab-STICC/UBS @ Lorient
    • Guy Gogniat (Full Prof.), Vianney Lapôtre (Ass. Prof.)
    • Arnab Kumar Biswas (Postdoc) now Research Fellow at NUS School of Computing, Singapore
Contacts