Abstract
Real-time systems must meet strict timeliness requirements. These systems also often need to protect their critical program information (CPI) from adversarial interference and intellectual property theft. Trusted execution environments (TEE) execute CPI tasks on a special-purpose processor, thus providing hardware protection. However, adapting a system written to execute in environments without TEE requires partitioning the code into the regular and trusted parts. This process involves complex manual program transformations that are not only laborious and intellectually tiresome, but also hard to validate and verify for the adherence to real-time constraints. To address these problems, this paper presents novel program analyses and transformation techniques, accessible to the developer via a declarative meta-programming model. The developer declaratively specifies the CPI portion of the system. A custom static analysis checks CPI specifications for validity, while probe-based profiling helps identify whether the transformed system would continue to meet the original real-time constraints, with a feedback loop suggesting how to modify the code, so its CPI can be isolated. Finally, an automated refactoring isolates the CPI portion for TEE-based execution, communicated with through generated calls to the TEE API. We have evaluated our approach by successfully enabling the trusted execution of the CPI portions of several microbenchmarks and a drone autopilot. Our approach shows the promise of declarative meta-programming in reducing the programmer effort required to adapt systems for trusted execution under real-time constraints.
- 2015. CVE-2015-8944. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2015-8944Google Scholar
- 2016. CVE-2016-9103. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2016-9103Google Scholar
- 2017. CVE-2017-12733. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-12733Google Scholar
- 2017. CVE-2017-13997. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-13997Google Scholar
- 2017. CVE-2017-1500. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-1500Google Scholar
- 2017. CVE-2017-17672. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-17672Google Scholar
- 2017. CVE-2017-2704. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-2704Google Scholar
- 2017. CVE-2017-5239. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-5239Google Scholar
- 2017. CVE-2017-6094. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-6094Google Scholar
- 2017. CVE-2017-7493. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-7493Google Scholar
- 2018. CVE-2018-1219. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-1219Google Scholar
- 2018. CVE-2018-6412. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-6412Google Scholar
- 2018. CVE-2018-8922. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-8922Google Scholar
- 2018. Mirror of official llvm git repository. https://github.com/ llvm-mirror/test-suiteGoogle Scholar
- Gregory Bollella and James Gosling. 2000. The real-time specification for Java. Computer 33, 6 (2000), 47–54. Google Scholar
Digital Library
- Stephan Flake and Wolfgang Mueller. 2002. An OCL extension for realtime constraints. In Object Modeling with the OCL. Springer, 150–171. Google Scholar
Digital Library
- Matthew Fredrikson and Benjamin Livshits. 2014. ZØ: an optimizing distributing zero-knowledge compiler. In Proceedings of the 23rd USENIX conference on Security Symposium. USENIX Association, 909– 924. Google Scholar
Digital Library
- Narain Gehani and Krithi Ramamritham. 1991. Real-time concurrent C: A language for programming dynamic real-time systems. Real-Time Systems 3, 4 (1991), 377–405.Google Scholar
Cross Ref
- GlobalPlatform. 2011. GlobalPlatform, TEE System Architecture, Technical Report. https://www.globalplatform.org/specificationsdevice. aspGoogle Scholar
- GNU. 2018. Using the GNU Compiler Collection (GCC). http://gcc. gnu.org/onlinedocs/gcc/Attribute-Syntax.htmlGoogle Scholar
- Susan L Graham, Peter B Kessler, and Marshall K Mckusick. 1982. Gprof: A call graph execution profiler. In ACM Sigplan Notices, Vol. 17. ACM, 120–126. Google Scholar
Digital Library
- Kevin Hammond and Greg Michaelson. 2003. Hume: a domain-specific language for real-time embedded systems. In International Conference on Generative Programming and Component Engineering. Springer, 37– 56. Google Scholar
Digital Library
- Pao-Ann Hsiung. 2001. Real-Time Constraints. In Institute of Information Science, Academia Sinica, Taipei.Google Scholar
- Google Inc. 2018. gperftools. https://github.com/gperftools/gperftoolsGoogle Scholar
- Yutaka Ishikawa and Hideyuki Tokuda. 1990. Object-oriented real-time language design: Constructs for timing constraints. Vol. 25. ACM. Google Scholar
Digital Library
- Farnam Jahanian and Ambuj Goyal. 1990. A formalism for monitoring real-time constraints at run-time. In Digest of Papers. Fault-Tolerant Computing: 20th International Symposium. IEEE, 148–155.Google Scholar
Cross Ref
- Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O’Keeffe, P Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, et al. 2017. Glamdring: Automatic application partitioning for Intel SGX. USENIX. Google Scholar
Digital Library
- Chung Laung Liu and James W Layland. 1973. Scheduling algorithms for multiprogramming in a hard-real-time environment. Journal of the ACM (JACM) 20, 1 (1973), 46–61. Google Scholar
Digital Library
- Shen Liu, Gang Tan, and Trent Jaeger. 2017. PtrSplit: Supporting General Pointers in Automatic Program Partitioning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2359–2371. Google Scholar
Digital Library
- Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. In Acm sigplan notices, Vol. 40. ACM, 190– 200. Google Scholar
Digital Library
- Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. ACM Sigplan Notices 44, 6 (2009), 245–258. Google Scholar
Digital Library
- United States. Department of Defense. 2015. Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT & E). http://www.secnav.navy.mil/ig/Lists/ Instructions%20Links/DispForm.aspx?ID=15Google Scholar
- OP-TEE. 2018. Open Portable Trusted Execution Environment. https: //www.op-tee.org/Google Scholar
- Anil Kumar Reddy, Periyasamy Paramasivam, and Prakash Babu Vemula. 2015. Mobile secure data protection using eMMC RPMB partition. In Computing and Network Communications (CoCoNet), 2015 International Conference on. IEEE, 946–950.Google Scholar
Cross Ref
- Konstantin Rubinov, Lucia Rosculete, Tulika Mitra, and Abhik Roychoudhury. 2016. Automated partitioning of android applications for trusted execution environments. In Software Engineering (ICSE), 2016 IEEE/ACM 38th International Conference on. IEEE, 923–934. Google Scholar
Digital Library
- Alexander Senier, Martin Beck, and Thorsten Strufe. 2017. PrettyCat: Adaptive guarantee-controlled software partitioning of security protocols. arXiv preprint arXiv:1706.04759 (2017).Google Scholar
- PX4 Dev Team. 2018. PX4. http://px4.io/Google Scholar
- The Clang Team. 2018. Attributes in Clang. https://clang.llvm.org/ docs/AttributeReference.htmlGoogle Scholar
- GlobalPlatform Device Technology. June 2010. TEE Client API Specification. https://www.globalplatform.org/specificationsdevice.aspGoogle Scholar
- GlobalPlatform Device Technology. June 2013. Trusted User Interface API. https://www.globalplatform.org/specificationsdevice.aspGoogle Scholar
- GlobalPlatform Device Technology. June 2016. TEE Internal Core API Specification. https://www.globalplatform.org/specificationsdevice. aspGoogle Scholar
- Mengmei Ye, Jonathan Sherman, Witawas Srisa-an, and Sheng Wei. 2018. TZSlicer: Security-aware dynamic program slicing for hardware isolation. In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 17–24.Google Scholar
Cross Ref
Index Terms
RT-trust: automated refactoring for trusted execution under real-time constraints
Recommendations
RT-trust: automated refactoring for trusted execution under real-time constraints
GPCE 2018: Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and ExperiencesReal-time systems must meet strict timeliness requirements. These systems also often need to protect their critical program information (CPI) from adversarial interference and intellectual property theft. Trusted execution environments (TEE) execute CPI ...
Statically Safe Speculative Execution for Real-Time Systems
Deterministic worst-case execution for satisfying hard-real-time constraints, and speculative execution with rollback for improving average-case throughput, appear to lie on opposite ends of a spectrum of performance requirements and strategies. ...
Satisfying real-time constraints with custom instructions
CODES+ISSS '05: Proceedings of the 3rd IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesisInstruction-set extensible processors allow an existing processor core to be extended with application-specific custom instructions. In this paper, we explore a novel application of instruction-set extensions to meet timing constraints in real-time ...







Comments