-
35C3 preroll music
-
Herald angel: OK. Our next speaker will be
trying to tame the chaos. Peter Sewell
-
from the University of Cambridge. A warm
round of applause please.
-
applause
-
Sewell: Thank you! Okay. So here we are.
C3 again with a program full of
-
fascinating and exciting and cool stuff.
And if we look just at the security talks
-
all manner of interesting things. I'm
going to go to a lot to these. You should
-
too. Let's see though if we read some of
the titles: exploiting kernel memory
-
corruptions, attacking end to end e-mail
encryption. What else have we got: modern
-
Windows user space exploitation,
compromising online accounts. OK so a lot
-
of these talks, as usual, they're
explaining to us that our computers,
-
they're not doing what we would like and
this as usual is the merest tip of a tiny
-
iceberg, alright. We have a hundreds of
thousands of known vulnerabilities and
-
many unknown vulnerabilities. Let me do it
a bit dark here, but let me try some
-
audience participation. How many of you
have in the last year written at least a
-
hundred lines of code? And of those people
keep your hands up if you are completely
-
confident that code does the right thing.
laughter I would like to talk to you
-
later laughter and so would the people
in the self driving car that you're
-
probably engineering. So, so how many
unknown vulnerabilities then. Well you can
-
take what's in your mind right now and
multiply it by - oh, this doesnt work very
-
well. No. No, no. Computers, they do the
wrong thing again and again and again.
-
laughter and some applause We can
multiply by this estimate of about a 100
-
billion lines of new code each year. So if
we take all of this: these talks, these
-
numbers, these should make us not happy
and excited, these should make us sad,
-
very sad and frankly rather scared of what
is going on in the world. So what can we
-
do? We can, option one, give up using
computers altogether. applause In most
-
audiences this will be a hard sell but
here I'm sure you're all happy to just
-
turn them off now. Or we can throw up our
hands in the air and collapse in some kind
-
of pit of despair. Well, maybe, maybe not.
My task today is to give you a tiny
-
smidgen, a very tall, a very small amount
of hope that it may be possible to do
-
slightly better. But if we want to do
better we first have to understand why
-
things are so bad and if we look at our
aeronautical engineering colleagues for
-
example, they can make planes which very
rarely fall out of the sky. Why is it that
-
they can do that and we are so shit at
making computers? Well, I'm going to reuse
-
a picture that I used at 31C3, which is
still the best description I can find of
-
the stack of hardware and software that we
live above. Here we go. It's, there's so
-
much information in this, it's just ace.
So we see down here all of this
-
transparent silicon, it's the hardware we
live above. We see a stack of phases of a
-
C compiler, we see all kinds of other
other bits and pieces. There might be a
-
slightly hostile wireless environment in
this room for some reason. If we look at
-
this and think about the root causes for
why our systems are so bad we can see
-
terrible things. So the first is,
obviously there's a lot of legacy
-
complexity that we're really stuck with,
alright. If you pull out one of those
-
pieces from the middle and try and replace
it with something which is not of exactly
-
the same shape the whole pile will
collapse. So we somehow need to find an
-
incremental path to a better world. And
then, this is the most fundamental reason
-
that these are not like aeroplanes, these
systems are discrete not continuous. If
-
you take an honest good I made out of a
piece of steel and you push on it a little
-
bit it moves a little bit, basically in
proportion. If it is 1 percent too strong,
-
1 percent to weak, basically it doesn't
matter. But in these things one line of
-
code can mean you're open to a
catastrophic exploit and one line in many,
-
many million. OK. And next thing... this
really doesn't work. They're very
-
complicated. But the scary thing is not
the static complexity of those lines of
-
code and the number of components although
that's pretty intimidating the really
-
scary thing is that the exponential number
of states and execution paths. So these
-
two together they mean that the testing
that we rely on testing is the only way we
-
have to build systems which are not
instantly broken. Testing can never save
-
us from these exploitable errors. And that
means ultimately we need to do proof.
-
Honest machine checked mathematical proof.
And this also tells us that we need to
-
arrange for our systems to be secure for
simple reasons that do not depend on the
-
correctness of all of those hundred
billion lines of code. Then another thing
-
that we have here. All these interfaces:
the architecture interface, the C language
-
interface, the sockets API interface, the
TCP interface. All of these we rely on to
-
let different parts of the system be
engineered by different organizations. But
-
they're all really badly described and
badly defined. So what you find is, for
-
each of these, typically a prose book
varying in thickness between about that
-
and about that, full of text. Well, we
still rely on testing - limited though it
-
is - but you can never test anything
against those books. So we need instead
-
interface descriptions, definitions,
specifications, that are more rigorous,
-
mathematically rigorous and that are
executable - not in the normal sense of
-
executable as an implementation but
executable as a test oracle. So you can
-
compute whether some observed behaviour is
allowed or not and not have to read the
-
book and argue on the Internet. And we
also need interface definitions that
-
support this proof that we need. And then
all of this stuff was made up in the 1970s
-
or the sixties and in the 70s and the 60s
the world was a happy place and people
-
walked around with flowers in their hair
and nothing bad ever happened. And that is
-
no longer the case. And so we need
defensive design, but we need defensive
-
design that is somehow compatible or can
be made enough compatible with this legacy
-
investment. That's quite hard. And then -
I can't say very much about this, but we
-
have at the moment very bad incentives,
because we have a very strong incentive to
-
make things that are more complex than we
can possibly handle or understand. We make
-
things, we add features, we make a thing
which is just about shippable and then we
-
ship it. And then we go on to the next
thing. So we need economic and legal
-
incentives for simplicity and for security
that we do not yet have. But it's hard to
-
talk about those until we have the
technical means to react to those
-
incentives. OK, so what I'm going to do
now, I'm going to talk about two of these
-
interfaces, the architect interface and
the C language interface, and see what we
-
can do to make things better. A lot of
this has to do with memory. So whoever it
-
was that picked the subtitle for this
meeting "refreshing memories" thank you,
-
because it's great, I love it. Let's
refresh your memory quite a way. So I
-
invite you to think back to when you were
very very young in about 1837 when cool
-
hacking was going on. Charles Babbage was
designing the Analytical Engine and even
-
then you see there was this dichotomy
between a mill performing operations and a
-
store holding numbers. This is a plan view
of the analytical engine, well, it was
-
vaporware, but a design from the
analytical engine, and you see here these
-
circles these are columns of numbers each
made out of a stack of cogs, maybe a 50
-
digit decimal number in each of those
columns. And this array, really, he
-
imagined it going on out to and over there
somewhere, with about 1000 numbers. So
-
even then you have a memory which is an
array of numbers. I think these were not-
-
I don't think you could do address
computation on these things, I think
-
addresses were only constants, but, still,
basically an array of numbers. So okay
-
what do we got now. Let's look a bit at C.
How many of those people who have
-
programmed 100 lines of code, how many of
you were C programmers? Quite a few. Or
-
maybe you're just embarrassed. I forgot to
say. Those that didn't put your hands up
-
for that first question. You should feel
proud and you should glory in your
-
innocence while you still have it. You are
not yet complicit in this trainwreck. It
-
worked then. Okay so here's a little piece
of C-code which I shall explain. I shall
-
explain it in several different ways. So
we start out. It creates two locations x
-
and secret... Don't do that. This is so
bad. Creates x, storing one and secret_key
-
which stores, I might get this wrong, your
pin. And then there's some computation
-
which is supposed to only operate on x but
maybe it's a teensy bit buggy or corrupted
-
by somebody and then we try and we make a
pointer to x and in this execution x just
-
happened to be allocated at 14. This
pointer contains the number 14 and then we
-
add one to that pointer. It's C so
actually that adding one to the pointer it
-
really means add the four bytes which are
the size of that thing. So we add 4 to 14
-
and we get 18. And then we try and read
the thing which is pointed to. What's
-
going to happen. Let me compile this and
run it in a conventional way. It printed a
-
secret key. Bad. This program, rather
distressingly, this is characteristic by
-
no means of all security flaws but a very
disturbingly large fraction of all the
-
security flaws are basically doing this.
So does C really let you do that. Yes and
-
no. So if you look at the C standard,
which is one of these beautiful books, it
-
says you, have to read moderately
carefully to understand this, but it says
-
for this program has undefined behavior.
And many of you will know what that means
-
but others won't, but, so that means as
far as the standard is concerned for
-
programs like that there is no constraint
on the behavior of the implementation at
-
all. Or said another way and maybe a more
usefully way: The standard lets
-
implementations, so C compilers, assume
that programmers don't have this kind of
-
stuff and it's the programmer's
responsibility to ensure that. Now in
-
about 1970, 75 maybe 1980, this was a
really good idea, it gives compilers a lot
-
of flexibility to do efficient
implementation. Now not so much. How does
-
this work in the definition? So the
standard somehow has to be able to look at
-
this program and identify it as having
this undefined behavior. And indeed, well,
-
if we just think about the numbers in
memory this 18, it points to a perfectly
-
legitimate storage location and that plus
one was also something that you're
-
definitely allowed to do in C. So the only
way that we can know that this is
-
undefined behavior is to keep track of the
original allocation of this pointer. And
-
here I've got these allocation identifiers
at 3, at 4, at 5, and you see here I've
-
still got this pointer despite the fact
that I added 4 to it. I still remembered
-
the allocation idea so I can check, or the
standard can check, when we try and read
-
from this whether that address is within
the footprint of that original allocation,
-
i.e. is within there and in fact it is
not, it's over here, it is not within
-
there at all. So this program is deemed to
have undefined behavior. Just to clarify
-
something people often get confused. So we
detect undefined behavior here but it
-
isn't really a temporal thing. The fact
that there is undefined behavior anywhere
-
in the execution means the whole program
is toast. Okay but this is really
-
interesting because we're relying for this
critical part of the standard onto
-
information which is not there at run time
in a conventional implementation. So just
-
to emphasize that point, if I compile this
program, let's say to ARM assembly
-
language I get a sequence of store and
load and add instructions, store, load,
-
add, store, load, load. And if I look at
what the ARM architecture says can happen
-
these blue transitions... one thing to
notice is that we can perfectly well do
-
some things out of order. At this point we
could either do this load or we could do
-
that store. That would be a whole other
talk. Let's stick with the sequential
-
execution for now. What I want to
emphasize is that these, this load of this
-
address, really was loading a 64 bit
number, which was the address of x and
-
adding 4 to it and then loading from that
address, the secret key. So there is no
-
trace of these allocation ideas. No trace
at all. Okay, let me step back a little
-
bit. I've been showing you some
screenshots of C behaviour and ARM
-
behaviour and I claim that these are
actually showing you all of the behaviours
-
allowed by what one would like the
standards to be for these two things. And
-
really what I've been showing you are GUIs
attached to mathematical models that we've
-
built in a big research project for the
last many years. REMS: "Rigorous
-
Engineering of Mainstream Systems" sounds
good, aspirational title I think I would
-
say. And in that we've built semantics, so
mathematical models defining the envelope
-
of all allowed behaviour for a quite big
fragment of C and for the concurrency
-
architecture of major processors ARM, and
x86, and RISC-V, and IBM POWER and also
-
for the instruction set architecture of
these processors, the details of how
-
individual instructions are executed. And
in each case these are specs that are
-
executable as test oracles, you can
compare algorithmically some observed
-
behaviour against whether spec says it's
allowed or not, which you can't do with
-
those books. So is it just an idiot simple
idea but for some reason the industry has
-
not taken it on board any time in the last
five decades. It's not that hard to do.
-
These are also mathematical models, I'll
come back to that later. But another thing
-
I want to emphasize here is that in each
of these cases, especially these first
-
two, when you start looking really closely
then you learn what you have to do is not
-
build a nice clean mathematical model of
something which is well understood. What
-
you learn is that there are real open
questions. For example within the C
-
standards committee and within ARM a few
years ago about exactly what these things
-
even were. And that is a bit disturbing
given that these are the foundations for
-
all of our information infrastructure.
There is also a lot of other work going on
-
with other people within this REMS project
on web assembly and Javascript and file
-
systems and other concurrency. I don't
have time to talk about those but Hannes
-
Mehnert it is going to talk us a little
bit about TCP later today. You should go
-
to that talk too if you like this one. If
you don't like this one you should still
-
go to that talk. Okay so this is doing
somewhat better. certainly more rigorous
-
engineering of specifications, but so far
only for existing infrastructure for this
-
C language, ARM architecture, what have
you. So what if we try and do better, what
-
if we try and build better security in. So
the architectures that we have, really
-
they date back to the 1970s or even 60s
with the idea of virtual memory. That
-
gives you - I need to go into what it is -
but that gives you very coarse grain
-
protection. You can have your separate
processes isolated from each other and on
-
a good day you might have separate browser
tabs isolated from each other in some
-
browsers, sometimes, but it doesn't scale.
It's just too expensive. You have lots of
-
little compartments. One thing we can do
we can certainly design much better
-
programming languages than C but all of
that legacy code, that's got a massive
-
inertia. So an obvious question is whether
we can build in better security into the
-
hardware that doesn't need some kind of
massive pervasive change to all the
-
software we ever wrote. And that's the
question that a different large project,
-
the CHERI project has been addressing. So
this is something that's been going on for
-
the last 8 years or so, mostly at SRI and
at Cambridge funded by DARPA and the EPSRC
-
and ARM and other people, mostly led by
Robert Watson, Simon Moore, Peter Neumann
-
and a cast of thousands. And me a tiny
bit. So... How, don't do that. I should
-
learn to stop pushing this button. It's
very hard to not push the button. So
-
here's the question in a more focused way
that CHERI is asking: Can we build
-
hardware support which is both efficient
enough and deployable enough that gives us
-
both fine grained memory protection to
prevent that kind of bug that we were
-
talking about earlier, well that kind of
leak at least, and also scalable
-
compartmentalization. So you can take bits
of untrusted code and put them in safe
-
boxes and know that nothing bad is going
to get out. That's the question. The
-
answer... The basic idea of the answer is
pretty simple and it also dates back to
-
the 70s is to add hardware support for
what people call capabilities, and we'll
-
see that working in a few moments. The
idea is that this will let programmers
-
exercise the principle of least privilege,
so with each little bit of code having
-
only the permissions it needs to do its
job and also the principle of intentional
-
use. So with each little bit of code when
it uses one of those capabilities, will
-
require it to explicitly use it rather
than implicitly. So the intention of the
-
code has to be made plain. So let's see
how this works. So these capabilities
-
they're basically replacing some or maybe
all of the pointers in your code. So if we
-
take this example again in ISO C we had an
address and in the standard, well, the
-
standard is not very clear about this but
we're trying to make it more clear, an
-
allocation ID, say something like it. Now
in Cherry C we can run the same code but
-
we might represent this pointer not just
with that number at runtime but with
-
something that contains that number and
the base of the original allocation and
-
the length of the original allocation and
some permissions. And having all of those
-
in the pointer means that we can do.. the
hardware can do, at run time, at access
-
time, a very efficient check that this is
within this region of memory. And if it's
-
not it can fail stop and trap. No
information leak. I need a bit more
-
machinery to make this actually work. So
it would be nice if all of these were 64
-
bit numbers but then you get a 256 bit
pointer, and that's a bit expensive so
-
there's a clever compression scheme that
squeezes all this down into 1 to 8 bits
-
with enough accuracy. And then you need to
design the instruction set of the CPU
-
carefully to ensure that you can never
forge one of these capabilities with a
-
normal instruction. You can never just
magic one up out of a bunch of bits that
-
you happen to find lying around. So all
the capability manipulating instructions,
-
they're going to take a valid capability
and construct another, possibly smaller,
-
in memory extent, or possibly with less
permissions, new capability. They're never
-
going to grow the memory extent or add
permissions. And when the hardware starts,
-
at hardware initialization time, the
hardware will hand the software a
-
capability to everything and then as the
operating system works and the linker
-
works and the C language allocator works,
these capabilities will be chopped up into
-
ever finer and smaller pieces like to be
handed out the right places. And then need
-
one more little thing. So this C language
world we're living in here, or really a
-
machine code language world so there's
nothing stopping code writing bytes of
-
stuff. So you have to somehow protect
these capabilities against being forged by
-
the code, either on purpose or
accidentally writing bytes over the top.
-
You need to preserve their integrity. So
that's done by adding for each of these
-
128 bit sized underlined units of memory
just a one extra bit. That holds a tag and
-
that tag records whether this memory holds
are currently valid capability or not. So
-
all the capability manipulating
instructions, if they're given a valid
-
capability with a tag set then the result
will still have the tags set. But if you
-
write, so you just wrote that byte there
which might change the base then the
-
hardware will clear that tag and these
tags, they're not conventionally
-
addressable, they don't have addresses.
They just stop there in the memory system
-
of the hardware. So there is no way that soft-
ware can inaudible through these. So this is
-
really cool. We've taken, what in ISO was
undefined behavior, in the standard, and
-
in implementations was a memory leak, and
we've turned it into something that in
-
CHERI C is in both the specification and
the implementation, is guaranteed to trap,
-
to fail stop, and not leak that
information. So another few things about
-
the design that I should mention. I think
all these blue things I think I've talked
-
about. But then a lot of care has gone in
to make this be very flexible to make it
-
possible to adopt it. So you can use
capabilities for all pointers, if you want
-
to, or just at some interfaces. You might
for example use them at the kernel
-
userspace interface. It coexist very
nicely with existing C and C++. You don't
-
need to change the source code very much
at all, and we'll see some a tiny bit of
-
data about this, to make these to start
using these. It coexists with the existing
-
virtual memory machinery, so you can use
both capabilities and virtual memory, if
-
you want, or you can just use capabilities
if you want or just use virtual memory if
-
you want. And then there's some more
machinery, which I'm not going to talk
-
about, for doing this secure encapsulation
stuff. What I've talked about so far is
-
basically the the fine grained memory
protection story. And I should say the
-
focus so far is on spatial memory safety.
So that's not in the first instance
-
protecting against reuse of an old
capability in a bad way but there various
-
schemes for supporting temporal memory
safety with basically the same setup. Okay
-
so. So how do we... Okay this is some kind
of a high level idea. How do we know that
-
it can be made to work. Well the only way
is to actually build it and see. And this
-
has been a really interesting process
because mostly when you're building
-
something either in academia or an
industry you have to keep most of the
-
parts fixed, I mean you are not routinely
changing both the processor and the
-
operating system, because that would just
be too scary. But here we have been doing
-
that and indeed we've really been doing a
three way, three way codesign of building
-
hardware and building and adapting
software to run above it and also building
-
these mathematical models all at the same
time. This is, well. A, it's all the fun
-
because you can often get groups of people
together that can do all of those things
-
but B, it's really effective. So what
we've produced then is an architecture
-
specification. In fact, extending MIPS
because it was conveniently free of IP
-
concerns and that specification is one of
these mathematically rigorous things
-
expressed in a domain specific language
specifically for writing instruction set
-
architecture specifications, and we've
designed and implemented actually two of
-
those. And then there are hardware
processor implementations that actually
-
run an FPGAs. And a lot of hardware
research devoted to making this go fast
-
and be efficient despite these extra tags
and whatnot. And then there's a big
-
software stack adapted to run over this
stuff. Including Clang and a FreeBSD
-
kernel and FreeBSD userspace and WebKit
and all kinds of pieces. So this is a very
-
major evaluation effort. That one is not
normally able to do. This is why, this
-
combination of things is why that list of
people up there was about 40 people. I say
-
this is based on MIPS but the ideas are
not specific to MIPS, there are ongoing
-
research projects to see if this can be
adapted to the ARM application class
-
architecture and the ARM microcontroller
architecture and the RISC-V. We'll see how
-
that goes, in due course. Okay so then
with all of these pieces we can evaluate
-
whether it actually works. And that's
still kind of an ongoing process but the
-
data that we've got so far is pretty
encouraging. So we see here first,
-
performance. So you see, maybe a percent
or 2 in many cases of runtime overhead.
-
There are workloads where it performs
badly if you have something that's very
-
pointer heavy, then the extra pressure
from those larger pointers will be a bit
-
annoying, but really it seems to be
surprisingly good. Then is it something
-
that can work without massive adaption to
the existing code. Well, in this port of
-
the FreeBSD userspace, so all the programs
that, all in all programs that run, they
-
were something like 20000 files and only
200 of those needed a change. And that's
-
been done by one or two people in not all
that large an amount of time. Some of the
-
other code that's more and more like an
operating system needs a bit more invasive
-
change but still, it seems to be viable.
Is it actually more secure? How are you
-
going to measure that. We like measuring
things as a whole we try and do science
-
where we can. Can we measure that? Not
really. But it certainly does, the whole
-
setup certainly does, mitigate against
quite a large family of known attacks. I
-
mean if you try and run Heartbleed you'll
get a trap. It will say trap. I think he
-
will say signal 34 in fact. So that's
pretty good. And if you think about
-
attacks, very many of them involve a chain
of multiple floors put together by an
-
ingenious member of the C3 community or
somebody else, and very often, at least
-
one of those is some kind of memory access
permission flaw of some kind or other.
-
Okay so this is nice, but I was talking a
lot in the first part of the talk, about
-
rigorous engineering. So here we've got
formally defined definitions of the
-
architecture and that's been really useful
for testing against and for doing test
-
generation on the basis of, and doing
specification coverage in an automated
-
way. But surely we should be able to do
more than that. So this formal definition
-
of the architecture, what does it look
like. So for each instruction of this
-
CHERI MIPS processor, there's a definition
and that definition, it looks a bit like
-
normal code. So here's a definition of how
the instruction for "capability increment
-
cursor immediate" goes. So this is a thing
that takes a capability register and an
-
immediate value and it tries to add
something on to the cursor of that
-
capability. And what you see here is some
code, looks like code, that defines
-
exactly what happens and also defines
exactly what happens if something goes
-
wrong. You can see there's some kind of an
exception case there. That's a processor.
-
No that's a... Yeah, that a "raising our
processor" exception. So it looks like
-
code, but, from this, we can generate both
reasonably high performance emulators,
-
reasonably in C and in OCaml, and also
mathematical models in the theorem
-
provers. So three of the main theorem
provers in the world are called Isabelle
-
and HOL and Coq. And we generate
definitions in all of those. So then we
-
got a mathematical definition of the
architecture. Then finally, we can start
-
stating some properties. So Cherrie's
design with some kind of vague security
-
goals in mind from the beginning but now
we can take, let'ssay one of those goals and
-
make it into a precise thing. So this is a
kind of a secure encapsulation, kind of
-
thing not exactly the memory leak that we
were looking at before. Sorry, the secret
-
leak that we were looking at. So let's
take imagine some CHERI compartment.
-
Haven't told you exactly what that means
but let's suppose that that's understood
-
and that inside that compartment there is
a piece of software running. And that
-
might be maybe a video codec or a web
browser or even a data structure
-
implementation maybe, or a C++ class and
all of its objects maybe. So imagine that
-
compartment running and imagine the
initial capabilities that it has access to
-
via registers and memory and via all the
capabilities it has access to via the
-
memory that it has access to and so on
recursively. So imagine all of those
-
capabilities. So the theorem says no
matter how this code executes whatever it
-
does however compromised or buggy it was
in an execution up until any point at
-
which it raises an exception or makes an
inter compartment call it can't make any
-
access which is not allowed by those
initial capabilities. You have to exclude
-
exceptions and into compartment calls
because by design they do introduce new
-
capabilities into the execution. But until
that point you get this guarantee. And
-
this is something that we've proved
actually [...] has approved with a machine
-
check proof in in fact the Isabelle
theorem prover. So this is a fact which is
-
about as solidly known as any fact the
human race knows. These provers they're
-
checking a mathematical proof in
exceedingly great detail with great care
-
and attention and they're structured in
such a way that the soundness of approver
-
depends only on some tiny little kernel.
So conceivably cosmic rays hit the
-
transistors at all the wrong points. But
basically we know this for sure. I
-
emphasize this is a security property we
have not proved, we certainly wouldn't
-
claim to have proved that CHERI is secure
and there are all kinds of other kinds of
-
attack that this statement doesn't even
address but at least this one property we
-
know it for real. So that's kind of
comforting and not a thing that
-
conventional computer science engineering
has been able to do on the whole. So, are
-
we taming the chaos then. Well no. Sorry.
But I've shown you two kinds of things.
-
The first was showing how we can do
somewhat more rigorous engineering for
-
that existing infrastructure. It's now
feasible to do that and in fact I believe
-
it has been feasible to build
specifications which you can use as test
-
oracles for many decades. We haven't
needed any super fancy new tech for that.
-
We've just needed to focus on that idea.
So that's for existing infrastructure and
-
then CHERI is a relatively light weight
change that does built-in improved
-
security and we think it's demonstrably
deployable at least in principle. Is it
-
deployable in practice? Are we going to
have in all of our phones five years from
-
now? Will these all be CHERI enabled? I
can't say. I think it is plausible that
-
that should happen and we're exploring
various routes that might mean that there
-
happens and we'll see how that goes. Okay
so with that I aiming to have given you at
-
least not a whole lot of hope but just a
little bit of hope that the world can be
-
made a better place and I encourage you to
think about ways to do it because Lord
-
knows we need it. But maybe you can at
least dream for a few moments of living in
-
a better world. And with that I thank you
for your attention.
-
applause
-
Herald Angel: Thanks very much. And with
that we'll head straight into the Q and A.
-
We'll just start with mic number one which
I can see right now.
-
Q: Yes thanks for the very encouraging
talk. I have a question about how to C
-
code the part below that. The theorem that
you stated assumes that the mentioned
-
description matches the hardware at least
is describes the hardware accurately. But
-
are there any attempts to check that the
hardware actually works like that? That
-
there are no wholes in the hardware? That
some combination of mentioned commands
-
work differently or allow memory access
there is not in the model? So, is it
-
possible to use hardware designs and check
that it matches the spec and will Intel or
-
AMD try to check their model against that
spec?
-
Sewell: OK. So the question is basically
can we do provably correct hardware
-
underneath this architectural abstraction.
And the answer is... So it's a good
-
question. People are working on that and
it can be done I think on at least a
-
modest academic scale. Trying to do that
in its full glory for a industrial
-
superscalar processor design, is right now
out of reach. But it's certainly something
-
one would like to be able to do. I think
we will get there maybe in a decade or so.
-
A decade is quick.
Herald Angel: Thanks. Mic number four is
-
empty again. So we'll take the Internet.
Sewell: Where is the internet?
-
Signal Angel: The internet is right here
and everywhere so ruminate would like to
-
know is the effort and cost of building in security
to hardware as you've described in your
-
talk significantly greater or less than
the effort and cost of porting software to
-
more secure languages.
Sewell: So, is the effort of building new
-
hardware more or less than the cost of
porting existing software to better
-
languages? I think the answer has to be
yes. It is less. The difficulty with
-
porting software is all of you and all
your colleagues and all of your friends
-
and all your enemies have been beavering
away writing lines of code for 50 years.
-
Really, I don't know what to say,
effectively. Really numerously. There's an
-
awful lot of it. It's a really terrifying
amount of code out there. It's very hard
-
to get people to rewrite it.
Signal Angel: OK, mic two.
-
Q: OK, given that cost of ... of today on the
software level not on the hardware level, is it
-
possible to go half way using an entire
system as an oracle. So during development
-
there are code based with the secure
hardware but then essentially ship the
-
same software to unsecure hardware and inaudible
Sewell: So this question, if I paraphrase
-
it is can we use this hardware
implementation really as the perfect
-
sanitiser? And I think there is scope for
doing that. And you can even imagine
-
running this not on actual silicon
hardware but in like a QEMU implementation
-
which we have in order to do that. And I
think for for that purpose it could
-
already be a pretty effective bug finding
tool. It would be worth doing. But you
-
would like as for any testing it will only
explore a very tiny fraction of the
-
possible paths. So we would like to have
it always on if we possibly can.
-
Herald Angel: OK. The internet again.
Signal Angel: OK someone would like to
-
know how does your technique compare to
Intel MPX which failed miserably with a inaudible
-
ignoring it. Will it better or faster?
Could you talk a little bit about that.
-
Sewell: I think for that question, for a
real answer to that question, you would
-
need one of my more hardware colleagues.
What I can say is they make nasty faces
-
when you say MPX.
Herald Angel: Well that's that. Mic number
-
one.
Q: Somewhat inherent to your whole
-
construction was this idea of having an
unchangeable bit which described whether
-
your pointer contents have been changed.
Is this even something that can be done in
-
software? Or do you have to construct a
whole extra RAM or something?
-
Sewell: So you can't do it exclusively in
software because you need to protect it.
-
In the hardware implementations that my
colleagues have built it's done in a
-
reasonably efficient way. So it's cached
and managed in clever ways to ensure that
-
it's not terribly expensive to do. But you
do need slightly wider data paths in your
-
cache protocol and things like that to
manage it.
-
Herald Angel: OK. Mic seven.
Q: How good does this system help securing
-
the control flow integrity compared to
compared to other systems, like hardware
-
systems data flow isolation or code
pointer integrity in ARM inaudible?
-
Sewell: Ah well, that's another question
which is a bit hard to answer because then
-
it depends somewhat on how you're using
the capabilities. So you can arrange here
-
that each state each C language allocation
is independently protected and indeed you
-
can also arrange that each way - this is
sensible - that each subobject is
-
independent protected. And those
protections are going to give you
-
protection against trashing bits of the
stack because they'll restrict the
-
capability to just those objects.
Herald Angel: OK the internet again.
-
Signal Angel: Twitter would like to know
is it possible to is it possible to run
-
CHERI C without custom hardware?
Sewell: Can you run CHERI C without custom
-
hardware? And the answer is you can run it
in emulation above this QEMU. That works
-
pretty fast, I mean fast enough for
debugging as the earlier question was
-
talking about. You can imagine you know
somewhat faster emulations of that. It's
-
not clear how much it's worth going down
that route. The real potential big win is
-
to have this be always on and that's what
we would like to have.
-
Herald Angel: OK. Mic one.
Q: Do you have some examples of the kinds
-
of code changes that you need to the
operating system and userland that you
-
mentioned?
Sewell: So, okay so what kind of changes
-
do you need to to adapt code to CHERI? So,
if you look at C-code there is the C
-
standard that deems a whole lot of things
to be undefined behavior and then if you
-
look at actual C code you find that very
very much of it does depend on some idiom
-
that the C standard does not approve of.
So there is for example, pause there are
-
quite a lot of instances of code that
constructs a pointer by doing more than
-
one more than plus one offset and then
brings it back within range before you use
-
it. So in fact in CHERI C many of those
cases are allowed but not all of them.
-
More exotic cases where there's really
some crazy into object stuff going on or
-
where pointer arithmetic between objects -
which the C standard is certainly quite
-
down on but which does happen - and code
which is, say manipulating the low order
-
bits of a pointer to store some data in
it. That's pretty common. You can do it in
-
CHERI C but you might have to adapt the
code a little bit. Other cases are more
-
fundamental. So say, in operating system
code if you swap out a page to disk and
-
then you swap it back in then somehow the
operating system has to reconstruct new
-
capabilities from a large capability which
it kept for the purpose. So that needs a
-
bit more work. Though it's kind of a
combination. Some things you would regard
-
as good changes to the code anyway and
others are more radical.
-
Herald Angel: OK, another one from the
internet.
-
Signal Angel: I lost one pause
Sewell: The Internet has gone quiet. Yes.
-
Signal Angel: Last question from the
internet. Are there any plans to impact
-
test on Linux or just FreeBSD?
Sewell: If anyone has a good number of
-
spare minutes then that would be lovely to
try. The impact on Linux not just
-
previously the BSD code base is simpler
and maybe cleaner and my systemsy
-
colleagues are already familiar with it.
It's the obvious target for an academic
-
project doing it already a humungous
amount of work. So I think we would love
-
to know how Linux and especially how
Android could be adapted but it's not
-
something that we have the resource to do
at the moment.
-
Herald Angel: Mic number on again.
Q: How likely or dangerous.
-
Herald Angel: Mic number one is not
working.
-
Q: How likely or dangerous you think it is
for a programmer to screw up their
-
capabilities he specifies?
Sewell: So how often will the programmer
-
screw up the capabilities? So in many
cases the programmer is just doing an
-
access with a C or C++ pointer or C++
object in a normal way. They're not
-
manually constructing these things. So a
lot of that is going to just work. If
-
you're building some particular secure
encapsulation setup you have to be a bit
-
careful. But on the whole I think this is
a small risk compared to the state of
-
software as we have it now.
Herald Angel: OK. Mic eight.
-
Q: So existing memory protection
techniques are quite patch-worky, like
-
canaries and address layout randomisation.
Is this a system designed to replace or
-
supplement these measures?
Sewell: I think if you pause So again it
-
depends a bit how you use it. So if you
have capabilities really everywhere then
-
there's not much need for address space
layout randomization or canaries to
-
protect against explicit information
leaks. I imagine that you might still want
-
randomisation to protect against some side
channel flows but canaries is not so much
-
on whether you actually do for side-
channel flows - I don't know. That's a
-
good question.
Herald Angel: Mic four please.
-
Q: Thanks for the very interesting talk
you presented with CHERI, a system of
-
veryfying existing C-software, sort of
post hoc and improving its security via
-
run-time mechanism...?
A: Improving or Proving? Improving yes,
-
proving no, yes.
Q: So what's your opinion on the viability
-
of using a static analysis and static
verification for that. Would it be
-
possible to somehow analyse software that
already exist and as written in these
-
unsafe languages and show that it
nevertheless has some security properties
-
without writing all the proofs manually in
like HOL or Isabelle?
-
A: Well so if you want to analyse existing
software... So, static analysis is already
-
useful for finding bugs in existing
software. If you want to have assurance
-
from static analysis, that's really very
tough. So you certainly wouldn't want to
-
manually write proofs in terms of the
definitional C semantics, you would need
-
intermediate infrastructure. And if you
look at the people, who have done verified
-
software, so verified compilers and
verified hypervisor, and verified
-
operating systems, all of those are now
possible on significant scales, but they
-
use whole layers of proof and verification
infrastructure for doing that. They're not
-
writing proofs by hand for every little
detail. And some of those verification
-
methods either are, you can imagine them
being basically like static analysis, you
-
know, you might use a static analysis to
prove some relatively simple facts about
-
the code and then stitch those together
into a larger assembly. I think any kind
-
of more complete thing I think is hard to
imagine. I mean these analysis tools
-
mostly, they rely on making some
approximation in order to be able to do
-
their thing at all. So it's hard to get
assurance out of them.
-
Herald Angel: Okay, Mic one.
Q: You said you modified an MIPS
-
architecture to add some logic to check their
capabilities. Do you know what the cost of
-
this regarding computational power,
an energetic power supply?
-
A: Sorry, can you repeat the last part of
that?
-
Q: What the cost of this modification
regarding computational power, and power
-
consumption.
A: Ah, so what's the energy cost? So I
-
gave you a performance cost. I didn't give
you, I carefully didn't give you an energy
-
cost estimate, because it's really hard to
do in a scientifically credible way,
-
without making a more or less production
superscalar implementation. And we are
-
sadly not in a position to do that,
although if you have 10 or 20 million
-
pounds, then I would be happy to accept
it.
-
Herald Angel: Mic number 7, please.
Q: How does the class of problems that you
-
can address with CHERI compare to the
class of problems that are excluded by,
-
for example, the Rust programming
language?
-
A: So how does the problems of CHERI
relate to the problems, sorry the problems
-
excluded by CHERI, relate to the problems
excluded by Rust. So if you are happy to
-
write all of your code in Rust without
ever using the word "unsafe", then maybe
-
there would be no point in CHERI, at all.
Are you happy to do that?
-
Q: Probably not, no.
A: I think someone shakes their head
-
sideways, yeah.
Herald Angel: Mic number 1.
-
Q: What do you think about the following
thesis: We are building a whole system of
-
things, with artificial intelligence and
something like that. That is above this
-
technical level and it's building another
chaos that isn't healing with those
-
things.
A: It's dreadful, isn't it.
-
Laughter
A: There are, so you might, in fact some
-
of my colleagues are interested in this
question, if you, you might well want to
-
bound what your artificial intelligence
can access or touch and for that you might
-
want this kind of technology. But this is
not, we are, with machine learning systems
-
we are intrinsically building things that
we, on the whole, don't understand and
-
that will have edge cases that go wrong.
And this is not speaking to that in any
-
way.
Herald Angel: OK. Does the internet have a
-
question? No, good. I don't see anyone
else, so let's conclude this. Thank you
-
very much.
A: Thank you.
-
applause
-
35c3 postroll music
-
subtitles created by c3subtitles.de
in the year 2019. Join, and help us!
