Towards using Capability Machines for Secure Compilation - CHERI

1/17

Formalizing Capability MachinesIs CHERI a promising target architecture for secure

compilation?

Akram El-Korashy1,2 Marco Patrignani1 Deepak Garg1

1Max Planck Institute for Software Systems, Saarbrücken

2Max Planck Institute for Informatics, IMPRS-CS, Saarbrücken

Saarland Informatics Campus (SIC), 13 Sep 2016

2/17

What are Capability Machines?

What is Secure Compilation?

Capabilities, part of theaddressing mechanism

I Capabilities, unforgeableI Permissions field enables

some operations.

Secure Compilation,preserving security-relevantproperties

2/17

What are Capability Machines?

What is Secure Compilation?



some operations.


2/17

What are Capability Machines? What is Secure Compilation?



some operations.


2/17

What are Capability Machines? What is Secure Compilation?



some operations.


I Full abstraction: esp.preserving observationalequivalence

3/17

Goal of this thesis

Build a paper formal modelof a capability machine:

“CHERI”..

I

X

Simplify instructionssemantics.

I

X

Prove capabilityunforgeability.

..to reason about securitybuilding blocks for secure

compilation.

I Goal is NOT to formally verify CHERI!

3/17

Goal of this thesis


“CHERI”..

I XSimplify instructionssemantics.

I XProve capabilityunforgeability.


compilation.

I Show CFI enforcement.

I XShow memorycompartmentalization.


3/17

Goal of this thesis


“CHERI”..

I XSimplify instructionssemantics.

I XProve capabilityunforgeability.


compilation.

I Show CFI enforcement.

I XShow memorycompartmentalization.


4/17

What is a capability?

A capability is an unforgeable token that gives its ownerpermission(s) to access a particular entity or object in acomputer system. [Levy, 1984]

I In CHERI, a capability is normal 256-bit data, interpretedas values for region bounds, permissions, etc..

I In CHERI, a security domain owns a capability on amemory region.

4/17





4/17





5/17

If it is normal data, how to guarantee unforgeability?

Historically [Fabry, 1974], two approaches

“Tagged” approach

Mixed data-capability

Tags determine whethercapability operation is

allowed.

“Partitioned” approach

Segregated data-capability

Capability operations areallowed on only the capability

partition of the memory.

5/17



“Tagged” approach

Mixed data-capability


allowed.





5/17



“Tagged” approachMixed data-capability


allowed.





5/17



“Tagged” approachMixed data-capability


allowed.

“Partitioned” approachSegregated data-capability



6/17

CHERI combines both approaches:Two Register Files, Memory, Where are capabilities stored?[Norton, 2016, Woodruff, 2014]

CHERI ISA guarantees unforgeability ofcapabilities.

6/17



6/17



6/17



6/17



7/17

A CHERI capability in a nutshell [Woodruff et al., 2014, Watson et al., 2015]

A capability is a 256-bit unforgeablevalue

7/17



7/17



7/17



7/17



8/17

Overview of the CHERI machine

CHERI instruction execution

8/17



8/17



8/17



9/17

Our formal model of the CHERI ISA

Decoupled addressing and authorization, no relativeaddressing

9/17



9/17



9/17



10/17

Our formal model of the CHERI ISA - Simplifications

Our formal model

I Word-addressableI Based on BinOp and a

couple of moveoperations

I Goes stuckI Models uniprocessor

CHERI

I Byte-addressableI Based on complete MIPS

I Raises exceptionsI Offers synchronization

instructions

10/17


Our formal model




CHERI



instructions

10/17


Our formal model




CHERI



instructions

11/17

Our formal model of the CHERI ISAExamples from the Instruction Set 1/2

load rd rs cc must contain a valid capability on address reg(rs) thatprovides the load permission.

11/17



11/17



11/17



12/17


ccall cc cdcc: sealed code capability, cd: sealed data capability, Newprotection domain to be called

12/17



12/17



12/17



12/17



12/17



12/17



13/17

Our formal model of the CHERI ISACapability Unforgeability

TheoremIf a permission does not exist on an allocated address at theinitial state, then this permission can never appear after any

execution sequence.

14/17

What we mean by Compartmentalization

Compartmentalization - DefinitionA compartment is code and data memory, along with legal externaljump destinations and load/store addresses. (similar to the paper on

Micropolicies [De Amorim et al., 2015])

1 class A {2 private fieldA1;3 public methodA1(B obj) {4 foo(obj.fieldB1);5 }6 }78 class B {9 public fieldB1;

10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A();14 a_in_B1.methodA1(this);15 }16 }1718 class Main {19 main () { ⇐=20 bMain = new B();21 bMain.methodB1();22 }23 }

Current Active Compartment

14/17





10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A();14 a_in_B1.methodA1(this);15 }16 }1718 class Main {19 main () {20 bMain = new B(); ⇐=21 bMain.methodB1();22 }23 }


14/17





10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A();14 a_in_B1.methodA1(this);15 }16 }1718 class Main {19 main () {20 bMain = new B();21 bMain.methodB1(); ⇐=22 }23 }


14/17





10 private fieldB2;1112 public methodB1() { ⇐=13 a_in_B1 = new A();14 a_in_B1.methodA1(this);15 }16 }1718 class Main {19 main () {20 bMain = new B();21 bMain.methodB1();22 }23 }


14/17





10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A(); ⇐=14 a_in_B1.methodA1(this);15 }16 }1718 class Main {19 main () {20 bMain = new B();21 bMain.methodB1();22 }23 }


14/17





10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A();14 a_in_B1.methodA1(this); ⇐=15 }16 }1718 class Main {19 main () {20 bMain = new B();21 bMain.methodB1();22 }23 }


14/17




1 class A {2 private fieldA1;3 public methodA1(B obj) { ⇐=4 foo(obj.fieldB1);5 }6 }78 class B {9 public fieldB1;

10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A();14 a_in_B1.methodA1(this);15 }16 }1718 class Main {19 main () {20 bMain = new B();21 bMain.methodB1();22 }23 }


14/17




1 class A {2 private fieldA1;3 public methodA1(B obj) {4 foo(obj.fieldB1); ⇐=5 }6 }78 class B {9 public fieldB1;



14/17




1 class A {2 private fieldA1;3 public methodA1(B obj) {4 foo(obj.fieldB1); ⇐=5 }6 }78 class B {9 public fieldB1;



14/17




1 class A {2 private fieldA1;3 public methodA1(B obj) {4 foo(obj.fieldB1); =⇒5 }6 }78 class B {9 public fieldB1;



14/17




1 class A {2 private fieldA1;3 public methodA1(B obj) {4 foo(obj.fieldB1);5 } ⇐=6 }78 class B {9 public fieldB1;



14/17





10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A();14 a_in_B1.methodA1(this);15 } ⇐=16 }1718 class Main {19 main () {20 bMain = new B();21 bMain.methodB1();22 }23 }


14/17





10 private fieldB2;1112 public methodB1() {13 a_in_B1 = new A();14 a_in_B1.methodA1(this);15 }16 }1718 class Main {19 main () {20 bMain = new B();21 bMain.methodB1();22 } ⇐=23 }


15/17

Theorem - Execution confined to compartments

A state’s restricteveness to a compartments set preserved byexecution, Some illegal behaviors prohibited

15/17


A state’s restricteveness to a compartments set preserved byexecution, (1) Illegal to load foreign capabilities

15/17


A state’s restricteveness to a compartments set preserved byexecution, (1) Illegal to load foreign capabilities

15/17


A state’s restricteveness to a compartments set preserved byexecution, (2) Illegal to jump arbitrarily, only entry points

15/17


A state’s restricteveness to a compartments set preserved byexecution, (2) Illegal to jump arbitrarily, only entry points

15/17


A state’s restricteveness to a compartments set preserved byexecution, (3) Illegal to read/write unshared data

16/17

Summary

I Capability-based ISAI Capability UnforgeabilityI Compartmentalization Preservation

I Future: Dynamically share dataI Future: Paper formalization of a secure compiler to CHERI

Thank you!

16/17

Summary

I Capability-based ISAI Capability UnforgeabilityI Compartmentalization PreservationI Future: Dynamically share dataI Future: Paper formalization of a secure compiler to CHERI

Thank you!

16/17

Summary

I Capability-based ISAI Capability UnforgeabilityI Compartmentalization PreservationI Future: Dynamically share dataI Future: Paper formalization of a secure compiler to CHERI

Thank you!

17/17

References I

[De Amorim et al., 2015] De Amorim, A. A., Dénes, M., Giannarakis, N., Hritcu, C., Pierce, B. C., Spector-Zabusky,A., and Tolmach, A. (2015).Micro-policies: Formally verified, tag-based security monitors.In Security and Privacy (SP), 2015 IEEE Symposium on, pages 813–830. IEEE.

[Fabry, 1974] Fabry, R. S. (1974).Capability-based addressing.Commun. ACM, 17(7):403–412.

[Levy, 1984] Levy, H. M. (1984).Capability-Based Computer Systems.Butterworth-Heinemann, Newton, MA, USA.

[Norton, 2016] Norton, R. M. (2016).Hardware support for compartmentalisation.Technical Report UCAM-CL-TR-887, University of Cambridge, Computer Laboratory.

[Watson et al., 2015] Watson, R. N., Woodruff, J., Neumann, P. G., Moore, S. W., Anderson, J., Chisnall, D., Dave,N., Davis, B., Gudka, K., Laurie, B., et al. (2015).Cheri: A hybrid capability-system architecture for scalable software compartmentalization.In Security and Privacy (SP), 2015 IEEE Symposium on, pages 20–37. IEEE.

[Woodruff et al., 2014] Woodruff, J., Watson, R. N., Chisnall, D., Moore, S. W., Anderson, J., Davis, B., Laurie, B.,Neumann, P. G., Norton, R., and Roe, M. (2014).The cheri capability model: Revisiting risc in an age of risk.SIGARCH Comput. Archit. News, 42(3):457–468.

[Woodruff, 2014] Woodruff, J. D. (2014).CHERI: A RISC capability machine for practical memory safety.Technical Report UCAM-CL-TR-858, University of Cambridge, Computer Laboratory.

1/2

Backup I

Semantics of ccall instruction for compartmentalization

m(pc) = 〈0, ccall cc cd cdd〉 cr ` callable(cc,cd)cc′ = unsealed(cr(cc)) cd ′ = unsealed(cr(cd))

pcc′ = cc′ cr ′ = {cdd 7→ cd ′}pc′ = compute_call_address(cr(cc′))

pcc ` executable(pc)〈m, r , cr ,pc, pcc, next_free〉 → 〈m, r , cr ′,pc′, pcc′, next_free〉

(ccall)

CompartmentA 5-tuple of sets of addresses,c = (Code,Data, J,L,S) ∈ 2Addr × 2Addr × 2Addr × 2Addr × 2Addr

is called a compartment iff (c.J ∪ c.Code) ∩ (c.S ∪ c.Data) = ∅.We refer to c.Code ∪ c.Data as the address space of c. Werefer to c.J as the set of legal jump targets, and c.L/c.S as theset of legal load/store targets.

2/2

Backup IIDisjoint compartmentsTwo compartments ci , cj are said to be disjoint, writtenci ∩ cj = ∅ iff (ci .Code ∪ ci .Data) ∩ (cj .Code ∪ cj .Data) = ∅.

A valid set of compartmentsA set C ⊂ 2Addr × 2Addr × 2Addr × 2Addr × 2Addr is a valid set ofcompartments iff every c ∈ C is a compartment and(⋃

ci∈Cci .J ∪ ci .Code) ∩ (

⋃ci∈C

ci .S ∪ ci .Data) = ∅ and

∀ci , cj ∈ C. i 6= j ⇒ ci ∩ cj = ∅ and⋃

c∈C(c.L ∪ c.S) ⊆

⋃c∈C

c.Data

and⋃

c∈Cc.J ⊆

⋃c∈C

c.Code.

Capability register file and memory more restrictive than acompartment, and a compartment setA pair of capability register file and memory 〈cr ,m〉 is said to bemore restrictive than compartment and a compartment set〈c∗,C〉, written 〈cr ,m〉 � 〈c∗,C〉 iff: . . .

Engineering

Towards using Capability Machines for Secure Compilation - CHERI