<i>35C3 preroll music</i>

Herald angel: OK. Our next speaker will be
trying to tame the chaos. Peter Sewell

from the University of Cambridge. A warm
round of applause please.

<i>applause</i>

Sewell: Thank you! Okay. So here we are.
C3 again with a program full of

fascinating and exciting and cool stuff.
And if we look just at the security talks

all manner of interesting things. I'm
going to go to a lot to these. You should

too. Let's see though if we read some of
the titles: exploiting kernel memory

corruptions, attacking end to end e-mail
encryption. What else have we got: modern

Windows user space exploitation,
compromising online accounts. OK so a lot

of these talks, as usual, they're
explaining to us that our computers,

they're not doing what we would like and
this as usual is the merest tip of a tiny

iceberg, alright. We have a hundreds of
thousands of known vulnerabilities and

many unknown vulnerabilities. Let me do it
a bit dark here, but let me try some

audience participation. How many of you
have in the last year written at least a

hundred lines of code? And of those people
keep your hands up if you are completely

confident that code does the right thing.
<i>laughter</i> I would like to talk to you

later <i>laughter</i> and so would the people
in the self driving car that you're

probably engineering. So, so how many
unknown vulnerabilities then. Well you can

take what's in your mind right now and
multiply it by - oh, this doesnt work very

well. No. No, no. Computers, they do the
wrong thing again and again and again.

<i>laughter and some applause</i> We can
multiply by this estimate of about a 100

billion lines of new code each year. So if
we take all of this: these talks, these

numbers, these should make us not happy
and excited, these should make us sad,

very sad and frankly rather scared of what
is going on in the world. So what can we

do? We can, option one, give up using
computers altogether. <i>applause</i> In most

audiences this will be a hard sell but
here I'm sure you're all happy to just

turn them off now. Or we can throw up our
hands in the air and collapse in some kind

of pit of despair. Well, maybe, maybe not.
My task today is to give you a tiny

smidgen, a very tall, a very small amount
of hope that it may be possible to do

slightly better. But if we want to do
better we first have to understand why

things are so bad and if we look at our
aeronautical engineering colleagues for

example, they can make planes which very
rarely fall out of the sky. Why is it that

they can do that and we are so shit at
making computers? Well, I'm going to reuse

a picture that I used at 31C3, which is
still the best description I can find of

the stack of hardware and software that we
live above. Here we go. It's, there's so

much information in this, it's just ace.
So we see down here all of this

transparent silicon, it's the hardware we
live above. We see a stack of phases of a

C compiler, we see all kinds of other
other bits and pieces. There might be a

slightly hostile wireless environment in
this room for some reason. If we look at

this and think about the root causes for
why our systems are so bad we can see

terrible things. So the first is,
obviously there's a lot of legacy

complexity that we're really stuck with,
alright. If you pull out one of those

pieces from the middle and try and replace
it with something which is not of exactly

the same shape the whole pile will
collapse. So we somehow need to find an

incremental path to a better world. And
then, this is the most fundamental reason

that these are not like aeroplanes, these
systems are discrete not continuous. If

you take an honest good I made out of a
piece of steel and you push on it a little

bit it moves a little bit, basically in
proportion. If it is 1 percent too strong,

1 percent to weak, basically it doesn't
matter. But in these things one line of

code can mean you're open to a
catastrophic exploit and one line in many,

many million. OK. And next thing... this
really doesn't work. They're very

complicated. But the scary thing is not
the static complexity of those lines of

code and the number of components although
that's pretty intimidating the really

scary thing is that the exponential number
of states and execution paths. So these

two together they mean that the testing
that we rely on testing is the only way we

have to build systems which are not
instantly broken. Testing can never save

us from these exploitable errors. And that
means ultimately we need to do proof.

Honest machine checked mathematical proof.
And this also tells us that we need to

arrange for our systems to be secure for
simple reasons that do not depend on the

correctness of all of those hundred
billion lines of code. Then another thing

that we have here. All these interfaces:
the architecture interface, the C language

interface, the sockets API interface, the
TCP interface. All of these we rely on to

let different parts of the system be
engineered by different organizations. But

they're all really badly described and
badly defined. So what you find is, for

each of these, typically a prose book
varying in thickness between about that

and about that, full of text. Well, we
still rely on testing - limited though it

is - but you can never test anything
against those books. So we need instead

interface descriptions, definitions,
specifications, that are more rigorous,

mathematically rigorous and that are
executable - not in the normal sense of

executable as an implementation but
executable as a test oracle. So you can

compute whether some observed behaviour is
allowed or not and not have to read the

book and argue on the Internet. And we
also need interface definitions that

support this proof that we need. And then
all of this stuff was made up in the 1970s

or the sixties and in the 70s and the 60s
the world was a happy place and people

walked around with flowers in their hair
and nothing bad ever happened. And that is

no longer the case. And so we need
defensive design, but we need defensive

design that is somehow compatible or can
be made enough compatible with this legacy

investment. That's quite hard. And then -
I can't say very much about this, but we

have at the moment very bad incentives,
because we have a very strong incentive to

make things that are more complex than we
can possibly handle or understand. We make

things, we add features, we make a thing
which is just about shippable and then we

ship it. And then we go on to the next
thing. So we need economic and legal

incentives for simplicity and for security
that we do not yet have. But it's hard to

talk about those until we have the
technical means to react to those

incentives. OK, so what I'm going to do
now, I'm going to talk about two of these

interfaces, the architect interface and
the C language interface, and see what we

can do to make things better. A lot of
this has to do with memory. So whoever it

was that picked the subtitle for this
meeting "refreshing memories" thank you,

because it's great, I love it. Let's
refresh your memory quite a way. So I

invite you to think back to when you were
very very young in about 1837 when cool

hacking was going on. Charles Babbage was
designing the Analytical Engine and even

then you see there was this dichotomy
between a mill performing operations and a

store holding numbers. This is a plan view
of the analytical engine, well, it was

vaporware, but a design from the
analytical engine, and you see here these

circles these are columns of numbers each
made out of a stack of cogs, maybe a 50

digit decimal number in each of those
columns. And this array, really, he

imagined it going on out to and over there
somewhere, with about 1000 numbers. So

even then you have a memory which is an
array of numbers. I think these were not-

I don't think you could do address
computation on these things, I think

addresses were only constants, but, still,
basically an array of numbers. So okay

what do we got now. Let's look a bit at C.
How many of those people who have

programmed 100 lines of code, how many of
you were C programmers? Quite a few. Or

maybe you're just embarrassed. I forgot to
say. Those that didn't put your hands up

for that first question. You should feel
proud and you should glory in your

innocence while you still have it. You are
not yet complicit in this trainwreck. It

worked then. Okay so here's a little piece
of C-code which I shall explain. I shall

explain it in several different ways. So
we start out. It creates two locations x

and secret... Don't do that. This is so
bad. Creates x, storing one and secret_key

which stores, I might get this wrong, your
pin. And then there's some computation

which is supposed to only operate on x but
maybe it's a teensy bit buggy or corrupted

by somebody and then we try and we make a
pointer to x and in this execution x just

happened to be allocated at 14. This
pointer contains the number 14 and then we

add one to that pointer. It's C so
actually that adding one to the pointer it

really means add the four bytes which are
the size of that thing. So we add 4 to 14

and we get 18. And then we try and read
the thing which is pointed to. What's

going to happen. Let me compile this and
run it in a conventional way. It printed a

secret key. Bad. This program, rather
distressingly, this is characteristic by

no means of all security flaws but a very
disturbingly large fraction of all the

security flaws are basically doing this.
So does C really let you do that. Yes and

no. So if you look at the C standard,
which is one of these beautiful books, it

says you, have to read moderately
carefully to understand this, but it says

for this program has undefined behavior.
And many of you will know what that means

but others won't, but, so that means as
far as the standard is concerned for

programs like that there is no constraint
on the behavior of the implementation at

all. Or said another way and maybe a more
usefully way: The standard lets

implementations, so C compilers, assume
that programmers don't have this kind of

stuff and it's the programmer's
responsibility to ensure that. Now in

about 1970, 75 maybe 1980, this was a
really good idea, it gives compilers a lot

of flexibility to do efficient
implementation. Now not so much. How does

this work in the definition? So the
standard somehow has to be able to look at

this program and identify it as having
this undefined behavior. And indeed, well,

if we just think about the numbers in
memory this 18, it points to a perfectly

legitimate storage location and that plus
one was also something that you're

definitely allowed to do in C. So the only
way that we can know that this is

undefined behavior is to keep track of the
original allocation of this pointer. And

here I've got these allocation identifiers
at 3, at 4, at 5, and you see here I've

still got this pointer despite the fact
that I added 4 to it. I still remembered

the allocation idea so I can check, or the
standard can check, when we try and read

from this whether that address is within
the footprint of that original allocation,

i.e. is within there and in fact it is
not, it's over here, it is not within

there at all. So this program is deemed to
have undefined behavior. Just to clarify

something people often get confused. So we
detect undefined behavior here but it

isn't really a temporal thing. The fact
that there is undefined behavior anywhere

in the execution means the whole program
is toast. Okay but this is really

interesting because we're relying for this
critical part of the standard onto

information which is not there at run time
in a conventional implementation. So just

to emphasize that point, if I compile this
program, let's say to ARM assembly

language I get a sequence of store and
load and add instructions, store, load,

add, store, load, load. And if I look at
what the ARM architecture says can happen

these blue transitions... one thing to
notice is that we can perfectly well do

some things out of order. At this point we
could either do this load or we could do

that store. That would be a whole other
talk. Let's stick with the sequential

execution for now. What I want to
emphasize is that these, this load of this

address, really was loading a 64 bit
number, which was the address of x and

adding 4 to it and then loading from that
address, the secret key. So there is no

trace of these allocation ideas. No trace
at all. Okay, let me step back a little

bit. I've been showing you some
screenshots of C behaviour and ARM

behaviour and I claim that these are
actually showing you all of the behaviours

allowed by what one would like the
standards to be for these two things. And

really what I've been showing you are GUIs
attached to mathematical models that we've

built in a big research project for the
last many years. REMS: "Rigorous

Engineering of Mainstream Systems" sounds
good, aspirational title I think I would

say. And in that we've built semantics, so
mathematical models defining the envelope

of all allowed behaviour for a quite big
fragment of C and for the concurrency

architecture of major processors ARM, and
x86, and RISC-V, and IBM POWER and also

for the instruction set architecture of
these processors, the details of how

individual instructions are executed. And
in each case these are specs that are

executable as test oracles, you can
compare algorithmically some observed

behaviour against whether spec says it's
allowed or not, which you can't do with

those books. So is it just an idiot simple
idea but for some reason the industry has

not taken it on board any time in the last
five decades. It's not that hard to do.

These are also mathematical models, I'll
come back to that later. But another thing

I want to emphasize here is that in each
of these cases, especially these first

two, when you start looking really closely
then you learn what you have to do is not

build a nice clean mathematical model of
something which is well understood. What

you learn is that there are real open
questions. For example within the C

standards committee and within ARM a few
years ago about exactly what these things

even were. And that is a bit disturbing
given that these are the foundations for

all of our information infrastructure.
There is also a lot of other work going on

with other people within this REMS project
on web assembly and Javascript and file

systems and other concurrency. I don't
have time to talk about those but Hannes

Mehnert it is going to talk us a little
bit about TCP later today. You should go

to that talk too if you like this one. If
you don't like this one you should still

go to that talk. Okay so this is doing
somewhat better. certainly more rigorous

engineering of specifications, but so far
only for existing infrastructure for this

C language, ARM architecture, what have
you. So what if we try and do better, what

if we try and build better security in. So
the architectures that we have, really

they date back to the 1970s or even 60s
with the idea of virtual memory. That

gives you - I need to go into what it is -
but that gives you very coarse grain

protection. You can have your separate
processes isolated from each other and on

a good day you might have separate browser
tabs isolated from each other in some

browsers, sometimes, but it doesn't scale.
It's just too expensive. You have lots of

little compartments. One thing we can do
we can certainly design much better

programming languages than C but all of
that legacy code, that's got a massive

inertia. So an obvious question is whether
we can build in better security into the

hardware that doesn't need some kind of
massive pervasive change to all the

software we ever wrote. And that's the
question that a different large project,

the CHERI project has been addressing. So
this is something that's been going on for

the last 8 years or so, mostly at SRI and
at Cambridge funded by DARPA and the EPSRC

and ARM and other people, mostly led by
Robert Watson, Simon Moore, Peter Neumann

and a cast of thousands. And me a tiny
bit. So... How, don't do that. I should

learn to stop pushing this button. It's
very hard to not push the button. So

here's the question in a more focused way
that CHERI is asking: Can we build

hardware support which is both efficient
enough and deployable enough that gives us

both fine grained memory protection to
prevent that kind of bug that we were

talking about earlier, well that kind of
leak at least, and also scalable

compartmentalization. So you can take bits
of untrusted code and put them in safe

boxes and know that nothing bad is going
to get out. That's the question. The

answer... The basic idea of the answer is
pretty simple and it also dates back to

the 70s is to add hardware support for
what people call capabilities, and we'll

see that working in a few moments. The
idea is that this will let programmers

exercise the principle of least privilege,
so with each little bit of code having

only the permissions it needs to do its
job and also the principle of intentional

use. So with each little bit of code when
it uses one of those capabilities, will

require it to explicitly use it rather
than implicitly. So the intention of the

code has to be made plain. So let's see
how this works. So these capabilities

they're basically replacing some or maybe
all of the pointers in your code. So if we

take this example again in ISO C we had an
address and in the standard, well, the

standard is not very clear about this but
we're trying to make it more clear, an

allocation ID, say something like it. Now
in Cherry C we can run the same code but

we might represent this pointer not just
with that number at runtime but with

something that contains that number and
the base of the original allocation and

the length of the original allocation and
some permissions. And having all of those

in the pointer means that we can do.. the
hardware can do, at run time, at access

time, a very efficient check that this is
within this region of memory. And if it's

not it can fail stop and trap. No
information leak. I need a bit more

machinery to make this actually work. So
it would be nice if all of these were 64

bit numbers but then you get a 256 bit
pointer, and that's a bit expensive so

there's a clever compression scheme that
squeezes all this down into 1 to 8 bits

with enough accuracy. And then you need to
design the instruction set of the CPU

carefully to ensure that you can never
forge one of these capabilities with a

normal instruction. You can never just
magic one up out of a bunch of bits that

you happen to find lying around. So all
the capability manipulating instructions,

they're going to take a valid capability
and construct another, possibly smaller,

in memory extent, or possibly with less
permissions, new capability. They're never

going to grow the memory extent or add
permissions. And when the hardware starts,

at hardware initialization time, the
hardware will hand the software a

capability to everything and then as the
operating system works and the linker

works and the C language allocator works,
these capabilities will be chopped up into

ever finer and smaller pieces like to be
handed out the right places. And then need

one more little thing. So this C language
world we're living in here, or really a

machine code language world so there's
nothing stopping code writing bytes of

stuff. So you have to somehow protect
these capabilities against being forged by

the code, either on purpose or
accidentally writing bytes over the top.

You need to preserve their integrity. So
that's done by adding for each of these

128 bit sized underlined units of memory
just a one extra bit. That holds a tag and

that tag records whether this memory holds
are currently valid capability or not. So

all the capability manipulating
instructions, if they're given a valid

capability with a tag set then the result
will still have the tags set. But if you

write, so you just wrote that byte there
which might change the base then the

hardware will clear that tag and these
tags, they're not conventionally

addressable, they don't have addresses.
They just stop there in the memory system

of the hardware. So there is no way that soft-
ware can <i>inaudible</i> through these. So this is

really cool. We've taken, what in ISO was
undefined behavior, in the standard, and

in implementations was a memory leak, and
we've turned it into something that in

CHERI C is in both the specification and
the implementation, is guaranteed to trap,

to fail stop, and not leak that
information. So another few things about

the design that I should mention. I think
all these blue things I think I've talked

about. But then a lot of care has gone in
to make this be very flexible to make it

possible to adopt it. So you can use
capabilities for all pointers, if you want

to, or just at some interfaces. You might
for example use them at the kernel

userspace interface. It coexist very
nicely with existing C and C++. You don't

need to change the source code very much
at all, and we'll see some a tiny bit of

data about this, to make these to start
using these. It coexists with the existing

virtual memory machinery, so you can use
both capabilities and virtual memory, if

you want, or you can just use capabilities
if you want or just use virtual memory if

you want. And then there's some more
machinery, which I'm not going to talk

about, for doing this secure encapsulation
stuff. What I've talked about so far is

basically the the fine grained memory
protection story. And I should say the

focus so far is on spatial memory safety.
So that's not in the first instance

protecting against reuse of an old
capability in a bad way but there various

schemes for supporting temporal memory
safety with basically the same setup. Okay

so. So how do we... Okay this is some kind
of a high level idea. How do we know that

it can be made to work. Well the only way
is to actually build it and see. And this

has been a really interesting process
because mostly when you're building

something either in academia or an
industry you have to keep most of the

parts fixed, I mean you are not routinely
changing both the processor and the

operating system, because that would just
be too scary. But here we have been doing

that and indeed we've really been doing a
three way, three way codesign of building

hardware and building and adapting
software to run above it and also building

these mathematical models all at the same
time. This is, well. A, it's all the fun

because you can often get groups of people
together that can do all of those things

but B, it's really effective. So what
we've produced then is an architecture

specification. In fact, extending MIPS
because it was conveniently free of IP

concerns and that specification is one of
these mathematically rigorous things

expressed in a domain specific language
specifically for writing instruction set

architecture specifications, and we've
designed and implemented actually two of

those. And then there are hardware
processor implementations that actually

run an FPGAs. And a lot of hardware
research devoted to making this go fast

and be efficient despite these extra tags
and whatnot. And then there's a big

software stack adapted to run over this
stuff. Including Clang and a FreeBSD

kernel and FreeBSD userspace and WebKit
and all kinds of pieces. So this is a very

major evaluation effort. That one is not
normally able to do. This is why, this

combination of things is why that list of
people up there was about 40 people. I say

this is based on MIPS but the ideas are
not specific to MIPS, there are ongoing

research projects to see if this can be
adapted to the ARM application class

architecture and the ARM microcontroller
architecture and the RISC-V. We'll see how

that goes, in due course. Okay so then
with all of these pieces we can evaluate

whether it actually works. And that's
still kind of an ongoing process but the

data that we've got so far is pretty
encouraging. So we see here first,

performance. So you see, maybe a percent
or 2 in many cases of runtime overhead.

There are workloads where it performs
badly if you have something that's very

pointer heavy, then the extra pressure
from those larger pointers will be a bit

annoying, but really it seems to be
surprisingly good. Then is it something

that can work without massive adaption to
the existing code. Well, in this port of

the FreeBSD userspace, so all the programs
that, all in all programs that run, they

were something like 20000 files and only
200 of those needed a change. And that's

been done by one or two people in not all
that large an amount of time. Some of the

other code that's more and more like an
operating system needs a bit more invasive

change but still, it seems to be viable.
Is it actually more secure? How are you

going to measure that. We like measuring
things as a whole we try and do science

where we can. Can we measure that? Not
really. But it certainly does, the whole

setup certainly does, mitigate against
quite a large family of known attacks. I

mean if you try and run Heartbleed you'll
get a trap. It will say trap. I think he

will say signal 34 in fact. So that's
pretty good. And if you think about

attacks, very many of them involve a chain
of multiple floors put together by an

ingenious member of the C3 community or
somebody else, and very often, at least

one of those is some kind of memory access
permission flaw of some kind or other.

Okay so this is nice, but I was talking a
lot in the first part of the talk, about

rigorous engineering. So here we've got
formally defined definitions of the

architecture and that's been really useful
for testing against and for doing test

generation on the basis of, and doing
specification coverage in an automated

way. But surely we should be able to do
more than that. So this formal definition

of the architecture, what does it look
like. So for each instruction of this

CHERI MIPS processor, there's a definition
and that definition, it looks a bit like

normal code. So here's a definition of how
the instruction for "capability increment

cursor immediate" goes. So this is a thing
that takes a capability register and an

immediate value and it tries to add
something on to the cursor of that

capability. And what you see here is some
code, looks like code, that defines

exactly what happens and also defines
exactly what happens if something goes

wrong. You can see there's some kind of an
exception case there. That's a processor.

No that's a... Yeah, that a "raising our
processor" exception. So it looks like

code, but, from this, we can generate both
reasonably high performance emulators,

reasonably in C and in OCaml, and also
mathematical models in the theorem

provers. So three of the main theorem
provers in the world are called Isabelle

and HOL and Coq. And we generate
definitions in all of those. So then we

got a mathematical definition of the
architecture. Then finally, we can start

stating some properties. So Cherrie's
design with some kind of vague security

goals in mind from the beginning but now
we can take, let'ssay one of those goals and

make it into a precise thing. So this is a
kind of a secure encapsulation, kind of

thing not exactly the memory leak that we
were looking at before. Sorry, the secret

leak that we were looking at. So let's
take imagine some CHERI compartment.

Haven't told you exactly what that means
but let's suppose that that's understood

and that inside that compartment there is
a piece of software running. And that

might be maybe a video codec or a web
browser or even a data structure

implementation maybe, or a C++ class and
all of its objects maybe. So imagine that

compartment running and imagine the
initial capabilities that it has access to

via registers and memory and via all the
capabilities it has access to via the

memory that it has access to and so on
recursively. So imagine all of those

capabilities. So the theorem says no
matter how this code executes whatever it

does however compromised or buggy it was
in an execution up until any point at

which it raises an exception or makes an
inter compartment call it can't make any

access which is not allowed by those
initial capabilities. You have to exclude

exceptions and into compartment calls
because by design they do introduce new

capabilities into the execution. But until
that point you get this guarantee. And

this is something that we've proved
actually [...] has approved with a machine

check proof in in fact the Isabelle
theorem prover. So this is a fact which is

about as solidly known as any fact the
human race knows. These provers they're

checking a mathematical proof in
exceedingly great detail with great care

and attention and they're structured in
such a way that the soundness of approver

depends only on some tiny little kernel.
So conceivably cosmic rays hit the

transistors at all the wrong points. But
basically we know this for sure. I

emphasize this is a security property we
have not proved, we certainly wouldn't

claim to have proved that CHERI is secure
and there are all kinds of other kinds of

attack that this statement doesn't even
address but at least this one property we

know it for real. So that's kind of
comforting and not a thing that

conventional computer science engineering
has been able to do on the whole. So, are

we taming the chaos then. Well no. Sorry.
But I've shown you two kinds of things.

The first was showing how we can do
somewhat more rigorous engineering for

that existing infrastructure. It's now
feasible to do that and in fact I believe

it has been feasible to build
specifications which you can use as test

oracles for many decades. We haven't
needed any super fancy new tech for that.

We've just needed to focus on that idea.
So that's for existing infrastructure and

then CHERI is a relatively light weight
change that does built-in improved

security and we think it's demonstrably
deployable at least in principle. Is it

deployable in practice? Are we going to
have in all of our phones five years from

now? Will these all be CHERI enabled? I
can't say. I think it is plausible that

that should happen and we're exploring
various routes that might mean that there

happens and we'll see how that goes. Okay
so with that I aiming to have given you at

least not a whole lot of hope but just a
little bit of hope that the world can be

made a better place and I encourage you to
think about ways to do it because Lord

knows we need it. But maybe you can at
least dream for a few moments of living in

a better world. And with that I thank you
for your attention.

<i>applause</i>

Herald Angel: Thanks very much. And with
that we'll head straight into the Q and A.

We'll just start with mic number one which
I can see right now.

Q: Yes thanks for the very encouraging
talk. I have a question about how to C

code the part below that. The theorem that
you stated assumes that the mentioned

description matches the hardware at least
is describes the hardware accurately. But

are there any attempts to check that the
hardware actually works like that? That

there are no wholes in the hardware? That
some combination of mentioned commands

work differently or allow memory access
there is not in the model? So, is it

possible to use hardware designs and check
that it matches the spec and will Intel or

AMD try to check their model against that
spec?

Sewell: OK. So the question is basically
can we do provably correct hardware

underneath this architectural abstraction.
And the answer is... So it's a good

question. People are working on that and
it can be done I think on at least a

modest academic scale. Trying to do that
in its full glory for a industrial

superscalar processor design, is right now
out of reach. But it's certainly something

one would like to be able to do. I think
we will get there maybe in a decade or so.

A decade is quick.
Herald Angel: Thanks. Mic number four is

empty again. So we'll take the Internet.
Sewell: Where is the internet?

Signal Angel: The internet is right here
and everywhere so ruminate would like to

know is the effort and cost of building in security
to hardware as you've described in your

talk significantly greater or less than
the effort and cost of porting software to

more secure languages.
Sewell: So, is the effort of building new

hardware more or less than the cost of
porting existing software to better

languages? I think the answer has to be
yes. It is less. The difficulty with

porting software is all of you and all
your colleagues and all of your friends

and all your enemies have been beavering
away writing lines of code for 50 years.

Really, I don't know what to say,
effectively. Really numerously. There's an

awful lot of it. It's a really terrifying
amount of code out there. It's very hard

to get people to rewrite it.
Signal Angel: OK, mic two.

Q: OK, given that cost of ... of today on the
software level not on the hardware level, is it

possible to go half way using an entire
system as an oracle. So during development

there are code based with the secure
hardware but then essentially ship the

same software to unsecure hardware and <i>inaudible</i>
Sewell: So this question, if I paraphrase

it is can we use this hardware
implementation really as the perfect

sanitiser? And I think there is scope for
doing that. And you can even imagine

running this not on actual silicon
hardware but in like a QEMU implementation

which we have in order to do that. And I
think for for that purpose it could

already be a pretty effective bug finding
tool. It would be worth doing. But you

would like as for any testing it will only
explore a very tiny fraction of the

possible paths. So we would like to have
it always on if we possibly can.

Herald Angel: OK. The internet again.
Signal Angel: OK someone would like to

know how does your technique compare to
Intel MPX which failed miserably with a <i>inaudible</i>

ignoring it. Will it better or faster?
Could you talk a little bit about that.

Sewell: I think for that question, for a
real answer to that question, you would

need one of my more hardware colleagues.
What I can say is they make nasty faces

when you say MPX.
Herald Angel: Well that's that. Mic number

one.
Q: Somewhat inherent to your whole

construction was this idea of having an
unchangeable bit which described whether

your pointer contents have been changed.
Is this even something that can be done in

software? Or do you have to construct a
whole extra RAM or something?

Sewell: So you can't do it exclusively in
software because you need to protect it.

In the hardware implementations that my
colleagues have built it's done in a

reasonably efficient way. So it's cached
and managed in clever ways to ensure that

it's not terribly expensive to do. But you
do need slightly wider data paths in your

cache protocol and things like that to
manage it.

Herald Angel: OK. Mic seven.
Q: How good does this system help securing

the control flow integrity compared to
compared to other systems, like hardware

systems data flow isolation or code
pointer integrity in ARM <i>inaudible</i>?

Sewell: Ah well, that's another question
which is a bit hard to answer because then

it depends somewhat on how you're using
the capabilities. So you can arrange here

that each state each C language allocation
is independently protected and indeed you

can also arrange that each way - this is
sensible - that each subobject is

independent protected. And those
protections are going to give you

protection against trashing bits of the
stack because they'll restrict the

capability to just those objects.
Herald Angel: OK the internet again.

Signal Angel: Twitter would like to know
is it possible to is it possible to run

CHERI C without custom hardware?
Sewell: Can you run CHERI C without custom

hardware? And the answer is you can run it
in emulation above this QEMU. That works

pretty fast, I mean fast enough for
debugging as the earlier question was

talking about. You can imagine you know
somewhat faster emulations of that. It's

not clear how much it's worth going down
that route. The real potential big win is

to have this be always on and that's what
we would like to have.

Herald Angel: OK. Mic one.
Q: Do you have some examples of the kinds

of code changes that you need to the
operating system and userland that you

mentioned?
Sewell: So, okay so what kind of changes

do you need to to adapt code to CHERI? So,
if you look at C-code there is the C

standard that deems a whole lot of things
to be undefined behavior and then if you

look at actual C code you find that very
very much of it does depend on some idiom

that the C standard does not approve of.
So there is for example, <i>pause</i> there are

quite a lot of instances of code that
constructs a pointer by doing more than

one more than plus one offset and then
brings it back within range before you use

it. So in fact in CHERI C many of those
cases are allowed but not all of them.

More exotic cases where there's really
some crazy into object stuff going on or

where pointer arithmetic between objects -
which the C standard is certainly quite

down on but which does happen - and code
which is, say manipulating the low order

bits of a pointer to store some data in
it. That's pretty common. You can do it in

CHERI C but you might have to adapt the
code a little bit. Other cases are more

fundamental. So say, in operating system
code if you swap out a page to disk and

then you swap it back in then somehow the
operating system has to reconstruct new

capabilities from a large capability which
it kept for the purpose. So that needs a

bit more work. Though it's kind of a
combination. Some things you would regard

as good changes to the code anyway and
others are more radical.

Herald Angel: OK, another one from the
internet.

Signal Angel: I lost one <i>pause</i>
Sewell: The Internet has gone quiet. Yes.

Signal Angel: Last question from the
internet. Are there any plans to impact

test on Linux or just FreeBSD?
Sewell: If anyone has a good number of

spare minutes then that would be lovely to
try. The impact on Linux not just

previously the BSD code base is simpler
and maybe cleaner and my systemsy

colleagues are already familiar with it.
It's the obvious target for an academic

project doing it already a humungous
amount of work. So I think we would love

to know how Linux and especially how
Android could be adapted but it's not

something that we have the resource to do
at the moment.

Herald Angel: Mic number on again.
Q: How likely or dangerous.

Herald Angel: Mic number one is not
working.

Q: How likely or dangerous you think it is
for a programmer to screw up their

capabilities he specifies?
Sewell: So how often will the programmer

screw up the capabilities? So in many
cases the programmer is just doing an

access with a C or C++ pointer or C++
object in a normal way. They're not

manually constructing these things. So a
lot of that is going to just work. If

you're building some particular secure
encapsulation setup you have to be a bit

careful. But on the whole I think this is
a small risk compared to the state of

software as we have it now.
Herald Angel: OK. Mic eight.

Q: So existing memory protection
techniques are quite patch-worky, like

canaries and address layout randomisation.
Is this a system designed to replace or

supplement these measures?
Sewell: I think if you <i>pause</i> So again it

depends a bit how you use it. So if you
have capabilities really everywhere then

there's not much need for address space
layout randomization or canaries to

protect against explicit information
leaks. I imagine that you might still want

randomisation to protect against some side
channel flows but canaries is not so much

on whether you actually do for side-
channel flows - I don't know. That's a

good question.
Herald Angel: Mic four please.

Q: Thanks for the very interesting talk
you presented with CHERI, a system of

veryfying existing C-software, sort of
post hoc and improving its security via

run-time mechanism...?
A: Improving or Proving? Improving yes,

proving no, yes.
Q: So what's your opinion on the viability

of using a static analysis and static
verification for that. Would it be

possible to somehow analyse software that
already exist and as written in these

unsafe languages and show that it
nevertheless has some security properties

without writing all the proofs manually in
like HOL or Isabelle?

A: Well so if you want to analyse existing
software... So, static analysis is already

useful for finding bugs in existing
software. If you want to have assurance

from static analysis, that's really very
tough. So you certainly wouldn't want to

manually write proofs in terms of the
definitional C semantics, you would need

intermediate infrastructure. And if you
look at the people, who have done verified

software, so verified compilers and
verified hypervisor, and verified

operating systems, all of those are now
possible on significant scales, but they

use whole layers of proof and verification
infrastructure for doing that. They're not

writing proofs by hand for every little
detail. And some of those verification

methods either are, you can imagine them
being basically like static analysis, you

know, you might use a static analysis to
prove some relatively simple facts about

the code and then stitch those together
into a larger assembly. I think any kind

of more complete thing I think is hard to
imagine. I mean these analysis tools

mostly, they rely on making some
approximation in order to be able to do

their thing at all. So it's hard to get
assurance out of them.

Herald Angel: Okay, Mic one.
Q: You said you modified an MIPS

architecture to add some logic to check their
capabilities. Do you know what the cost of

this regarding computational power,
an energetic power supply?

A: Sorry, can you repeat the last part of
that?

Q: What the cost of this modification
regarding computational power, and power

consumption.
A: Ah, so what's the energy cost? So I

gave you a performance cost. I didn't give
you, I carefully didn't give you an energy

cost estimate, because it's really hard to
do in a scientifically credible way,

without making a more or less production
superscalar implementation. And we are

sadly not in a position to do that,
although if you have 10 or 20 million

pounds, then I would be happy to accept
it.

Herald Angel: Mic number 7, please.
Q: How does the class of problems that you

can address with CHERI compare to the
class of problems that are excluded by,

for example, the Rust programming
language?

A: So how does the problems of CHERI
relate to the problems, sorry the problems

excluded by CHERI, relate to the problems
excluded by Rust. So if you are happy to

write all of your code in Rust without
ever using the word "unsafe", then maybe

there would be no point in CHERI, at all.
Are you happy to do that?

Q: Probably not, no.
A: I think someone shakes their head

sideways, yeah.
Herald Angel: Mic number 1.

Q: What do you think about the following
thesis: We are building a whole system of

things, with artificial intelligence and
something like that. That is above this

technical level and it's building another
chaos that isn't healing with those

things.
A: It's dreadful, isn't it.

<i>Laughter</i>
A: There are, so you might, in fact some

of my colleagues are interested in this
question, if you, you might well want to

bound what your artificial intelligence
can access or touch and for that you might

want this kind of technology. But this is
not, we are, with machine learning systems

we are intrinsically building things that
we, on the whole, don't understand and

that will have edge cases that go wrong.
And this is not speaking to that in any

way.
Herald Angel: OK. Does the internet have a

question? No, good. I don't see anyone
else, so let's conclude this. Thank you

very much.
A: Thank you.

<i>applause</i>

<i>35c3 postroll music</i>

subtitles created by c3subtitles.de
in the year 2019. Join, and help us!