skip to main content
article

RT-trust: automated refactoring for trusted execution under real-time constraints

Published:07 April 2020Publication History
Skip Abstract Section

Abstract

Real-time systems must meet strict timeliness requirements. These systems also often need to protect their critical program information (CPI) from adversarial interference and intellectual property theft. Trusted execution environments (TEE) execute CPI tasks on a special-purpose processor, thus providing hardware protection. However, adapting a system written to execute in environments without TEE requires partitioning the code into the regular and trusted parts. This process involves complex manual program transformations that are not only laborious and intellectually tiresome, but also hard to validate and verify for the adherence to real-time constraints. To address these problems, this paper presents novel program analyses and transformation techniques, accessible to the developer via a declarative meta-programming model. The developer declaratively specifies the CPI portion of the system. A custom static analysis checks CPI specifications for validity, while probe-based profiling helps identify whether the transformed system would continue to meet the original real-time constraints, with a feedback loop suggesting how to modify the code, so its CPI can be isolated. Finally, an automated refactoring isolates the CPI portion for TEE-based execution, communicated with through generated calls to the TEE API. We have evaluated our approach by successfully enabling the trusted execution of the CPI portions of several microbenchmarks and a drone autopilot. Our approach shows the promise of declarative meta-programming in reducing the programmer effort required to adapt systems for trusted execution under real-time constraints.

References

  1. 2015. CVE-2015-8944. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2015-8944Google ScholarGoogle Scholar
  2. 2016. CVE-2016-9103. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2016-9103Google ScholarGoogle Scholar
  3. 2017. CVE-2017-12733. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-12733Google ScholarGoogle Scholar
  4. 2017. CVE-2017-13997. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-13997Google ScholarGoogle Scholar
  5. 2017. CVE-2017-1500. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-1500Google ScholarGoogle Scholar
  6. 2017. CVE-2017-17672. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-17672Google ScholarGoogle Scholar
  7. 2017. CVE-2017-2704. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-2704Google ScholarGoogle Scholar
  8. 2017. CVE-2017-5239. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-5239Google ScholarGoogle Scholar
  9. 2017. CVE-2017-6094. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-6094Google ScholarGoogle Scholar
  10. 2017. CVE-2017-7493. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-7493Google ScholarGoogle Scholar
  11. 2018. CVE-2018-1219. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-1219Google ScholarGoogle Scholar
  12. 2018. CVE-2018-6412. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-6412Google ScholarGoogle Scholar
  13. 2018. CVE-2018-8922. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-8922Google ScholarGoogle Scholar
  14. 2018. Mirror of official llvm git repository. https://github.com/ llvm-mirror/test-suiteGoogle ScholarGoogle Scholar
  15. Gregory Bollella and James Gosling. 2000. The real-time specification for Java. Computer 33, 6 (2000), 47–54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Stephan Flake and Wolfgang Mueller. 2002. An OCL extension for realtime constraints. In Object Modeling with the OCL. Springer, 150–171. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Matthew Fredrikson and Benjamin Livshits. 2014. ZØ: an optimizing distributing zero-knowledge compiler. In Proceedings of the 23rd USENIX conference on Security Symposium. USENIX Association, 909– 924. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Narain Gehani and Krithi Ramamritham. 1991. Real-time concurrent C: A language for programming dynamic real-time systems. Real-Time Systems 3, 4 (1991), 377–405.Google ScholarGoogle ScholarCross RefCross Ref
  19. GlobalPlatform. 2011. GlobalPlatform, TEE System Architecture, Technical Report. https://www.globalplatform.org/specificationsdevice. aspGoogle ScholarGoogle Scholar
  20. GNU. 2018. Using the GNU Compiler Collection (GCC). http://gcc. gnu.org/onlinedocs/gcc/Attribute-Syntax.htmlGoogle ScholarGoogle Scholar
  21. Susan L Graham, Peter B Kessler, and Marshall K Mckusick. 1982. Gprof: A call graph execution profiler. In ACM Sigplan Notices, Vol. 17. ACM, 120–126. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Kevin Hammond and Greg Michaelson. 2003. Hume: a domain-specific language for real-time embedded systems. In International Conference on Generative Programming and Component Engineering. Springer, 37– 56. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Pao-Ann Hsiung. 2001. Real-Time Constraints. In Institute of Information Science, Academia Sinica, Taipei.Google ScholarGoogle Scholar
  24. Google Inc. 2018. gperftools. https://github.com/gperftools/gperftoolsGoogle ScholarGoogle Scholar
  25. Yutaka Ishikawa and Hideyuki Tokuda. 1990. Object-oriented real-time language design: Constructs for timing constraints. Vol. 25. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Farnam Jahanian and Ambuj Goyal. 1990. A formalism for monitoring real-time constraints at run-time. In Digest of Papers. Fault-Tolerant Computing: 20th International Symposium. IEEE, 148–155.Google ScholarGoogle ScholarCross RefCross Ref
  27. Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O’Keeffe, P Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, et al. 2017. Glamdring: Automatic application partitioning for Intel SGX. USENIX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Chung Laung Liu and James W Layland. 1973. Scheduling algorithms for multiprogramming in a hard-real-time environment. Journal of the ACM (JACM) 20, 1 (1973), 46–61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Shen Liu, Gang Tan, and Trent Jaeger. 2017. PtrSplit: Supporting General Pointers in Automatic Program Partitioning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2359–2371. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. In Acm sigplan notices, Vol. 40. ACM, 190– 200. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. ACM Sigplan Notices 44, 6 (2009), 245–258. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. United States. Department of Defense. 2015. Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT & E). http://www.secnav.navy.mil/ig/Lists/ Instructions%20Links/DispForm.aspx?ID=15Google ScholarGoogle Scholar
  33. OP-TEE. 2018. Open Portable Trusted Execution Environment. https: //www.op-tee.org/Google ScholarGoogle Scholar
  34. Anil Kumar Reddy, Periyasamy Paramasivam, and Prakash Babu Vemula. 2015. Mobile secure data protection using eMMC RPMB partition. In Computing and Network Communications (CoCoNet), 2015 International Conference on. IEEE, 946–950.Google ScholarGoogle ScholarCross RefCross Ref
  35. Konstantin Rubinov, Lucia Rosculete, Tulika Mitra, and Abhik Roychoudhury. 2016. Automated partitioning of android applications for trusted execution environments. In Software Engineering (ICSE), 2016 IEEE/ACM 38th International Conference on. IEEE, 923–934. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Alexander Senier, Martin Beck, and Thorsten Strufe. 2017. PrettyCat: Adaptive guarantee-controlled software partitioning of security protocols. arXiv preprint arXiv:1706.04759 (2017).Google ScholarGoogle Scholar
  37. PX4 Dev Team. 2018. PX4. http://px4.io/Google ScholarGoogle Scholar
  38. The Clang Team. 2018. Attributes in Clang. https://clang.llvm.org/ docs/AttributeReference.htmlGoogle ScholarGoogle Scholar
  39. GlobalPlatform Device Technology. June 2010. TEE Client API Specification. https://www.globalplatform.org/specificationsdevice.aspGoogle ScholarGoogle Scholar
  40. GlobalPlatform Device Technology. June 2013. Trusted User Interface API. https://www.globalplatform.org/specificationsdevice.aspGoogle ScholarGoogle Scholar
  41. GlobalPlatform Device Technology. June 2016. TEE Internal Core API Specification. https://www.globalplatform.org/specificationsdevice. aspGoogle ScholarGoogle Scholar
  42. Mengmei Ye, Jonathan Sherman, Witawas Srisa-an, and Sheng Wei. 2018. TZSlicer: Security-aware dynamic program slicing for hardware isolation. In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 17–24.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. RT-trust: automated refactoring for trusted execution under real-time constraints

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!