CRASH/SAFE: Clean-slate Co-design of a Secure Host Architecture
An important cause for the insecurity of today’s computer systems is security–performance trade-offs made decades ago, which are now deeply embedded in the hardware and software ecosystem, but which are based on assumptions that are now obsolete. We are now living in an era in which security is no longer a side issue, hardware resources are abundant, and formal methods are more practical, so the time is ripe for a redesign.
The CRASH/SAFE project brings together academics (University of Pennsylvania, Harvard, and Northeastern) and industry (BAE Systems and Clozure Associates), with the very ambitious goal of designing a significantly more secure network host from scratch, without any legacy constraints. In this DARPA-funded project, we have undertaken a clean-slate co-design of novel hardware, operating system, programming language, and verification strategy based on modern cost structure and capabilities.
The SAFE hardware and a very thin layer of privileged software (a zero-kernel operating system), provide a run-time system for Breeze, a safe high-level language in which application software is written. This simpler design eliminates some of the traditional sources of complexity in operating systems and makes formal analysis more tractable. Moreover, safety and security are enforced at all layers of the system, not just at the programming language level. The SAFE hardware and runtime system dynamically enforce type and memory safety as well as fine-grained dynamic information-flow control (IFC) and label-based access control (clearance).
I’m going to talk about the CRASH/SAFE project in general and about a couple of specific research problems on which I’ve been working. I will focus on the novel exception handling mechanism in Breeze, which allows IFC violations to be recoverable exceptions as opposed to fatal stop-the-world failures. This work identifies public labels and delayed exceptions as the crucial ingredients for making all errors recoverable in a sound and usable language with fine-grained dynamic IFC. Finally, I’m going to discuss several directions for future research.
Speaker Details
Catalin is Research Associate at the University of Pennsylvania and is working on the DARPA-funded CRASH/SAFE project under the guidance of Prof. Benjamin C. Pierce. He is also a member of the Penn PL Club. His research is primarily focused on developing rigorous formal techniques for solving security problems. He is particularly interested in:
formal methods for computer and network security (security protocols, privacy, anonymity, zero-knowledge, information flow control, access control, integrity protection), programming-languages techniques (rigorous semantics, type systems, verification, automatic testing, formal metatheory, formally certified tools), and the design and verification of security-critical systems (microkernel components, electronic voting systems, crypto devices, security-preserving compilers, mobile devices, etc). He received a PhD in Computer Science (summa cum laude) from Saarland University in January 2012. While in Saarbrücken, he held fellowships from Microsoft Research Cambridge and the International Max Planck Research School for Computer Science.
- Date:
- Speakers:
- Catalin Hritcu
- Affiliation:
- University of Pennsylvania
-
-
Jeff Running
-