slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ATC-NY * Architecture Technology Corporation PowerPoint Presentation
Download Presentation
ATC-NY * Architecture Technology Corporation

Loading in 2 Seconds...

play fullscreen
1 / 16

ATC-NY * Architecture Technology Corporation - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

ATC-NY * Architecture Technology Corporation. Efficient Code Certification for Open Firmware OASIS PI Meeting, Santa Rosa, California August 19-21, 2002 ATC-NY Cornell Business and Technology Park 33 Thornwood, Suite 500 Ithaca, NY 14850 (607) 257-1975 (800) 672-1982

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ATC-NY * Architecture Technology Corporation' - nona


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

ATC-NY*

Architecture Technology Corporation

Efficient Code Certification for Open Firmware

OASIS PI Meeting, Santa Rosa, California

August 19-21, 2002

ATC-NY

Cornell Business and Technology Park

33 Thornwood, Suite 500

Ithaca, NY 14850

(607) 257-1975 (800) 672-1982

http://www.atc-nycorp.com

Matt Stillerman

matt@atc-nycorp.com

*formerly, Odyssey Research Associates

Not for Public Release

contributors
Contributors
  • Dexter Kozen, Cornell
  • TJ Merritt, CodeGen
  • Frank Adelstein, ATC-NY
  • Kori Oliver, ATC-NY & Cornell
  • Dave Shifrin, Cornell
  • David Baca, ATC-NY

2

Not for Public Release

outline
Outline
  • Project Overview
  • Status
  • Accomplishments
    • Compilation of Java for Open Firmware
    • Working Java Device Driver Example
  • Plans

3

Not for Public Release

project overview
Project Overview
  • Goal: Build a prototype of the BootSafe system.
    • Purpose: Detect and stop malicious firmware at boot time.
  • Scope: Malicious fcode (firmware) on platforms using Open Firmware.
  • Approach: Static verification of fcode programs
    • Verifier runs as part of Open Firmware boot system.
    • Enhanced Open Firmware API and Java support package.
    • Certifying compiler for Java to fcode.
  • DARPA Phase II SBIR
    • Initial prototype, December 2002
    • Enhanced prototype, December 2003

4

Not for Public Release

motivation
Motivation
  • Boot program runs in privileged mode prior to the start of most security services.
  • Responsible for the initial integrity of the operating system.
    • Cornerstone of other security mechanisms.
  • Several routes for introduction of malicious boot firmware.
    • Exploitable by a well-funded adversary.

5

Not for Public Release

scope open firmware
Scope: Open Firmware
  • BootSafe will detect malicious fcode in Open Firmware-based systems.
    • Open Firmware is a widely used standard “platform” for boot firmware (IEEE-1275).
    • Standardizes the execution environment, the device API, the operating system API, and the user interface.
    • Popular because it enables reusability and portability of boot code.
    • Used by Sun Microsystems, Apple, and many embedded system vendors.
    • Used in DoD and US Government information systems.

6

Not for Public Release

open firmware fcode loading
Open Firmware: Fcode Loading

Other

Software

Fcode

Interpreter

Fcode

“Probe”

ROM Storage

Fcode

programs

Peripheral Device

Boot Program

7

Not for Public Release

efficient code certification ecc
Efficient Code Certification (ECC)
  • Technique that underlies our static verification.
  • Program is written in a high level language.
    • Language guarantees some safety properties
    • Other desired properties would be easily checked.
  • Certifying compiler produces particularly well-structured executable.
    • Also produces a “certificate” that explains why the code is safe to run.
  • Verifier checks the validity of the explanation and its correspondence to the compiled code.
    • Proof checking is much easier than proof construction.

8

Not for Public Release

ecc applied to open firmware
ECC Applied to Open Firmware
  • We apply ECC-style verification to fcode modules compiled from Java. Will verify:
    • Basic safety properties: type safety, memory safety, jump safety, and stack safety.
    • Architecture appropriate for the intended role of the module within Open Firmware boot program.
  • Will focus on boot-time device drivers.
    • Dynamically loaded from peripheral devices at boot time.
    • Easily exploited method for introducing malicious code.

9

Not for Public Release

bootsafe
BootSafe

Firmware Development

Open Firmware Boot System

Java

Verifier

Interpreter

Certificate

JVM Bytecode

SW

API

Fcode

J2F Compiler

BootSafe

10

Not for Public Release

status
Status
  • About 30% complete.
  • On track to achieve project objectives.

11

Not for Public Release

java compilation
Java Compilation

12

Not for Public Release

java compilation13
Java Compilation
  • Eager class loading and initialization
  • Stack frames
  • Objects, arrays
  • Virtual method invocation
  • Separate compilation of system classes
  • In-line Forth code
  • Future:
    • Garbage collection
    • Exceptions
  • Not planned: Threads, Reflection

13

Not for Public Release

device driver example
Device Driver Example
  • PCI disk drive, emulated in SmartFirmware
  • Device driver
    • Written in Java
    • Compiled with J2F
    • Linked against a small subset of system classes
      • Java language support
      • Open Firmware API support
    • Equivalent in design to a driver written by hand in Forth
    • Boots and opens the device node

14

Not for Public Release

class hierarchy
Class Hierarchy

15

Not for Public Release

plans
Plans
  • Near future:
    • Verifier, initial version.
    • Garbage collection.
    • Second example device.
    • Demo capabilities to Open Firmware platform vendors, device vendors, and end users.
  • Next year:
    • Enhanced “safe” API and more extensive Java support classes.
    • Reworked examples, using the new API.
    • Enhanced verifier.

16

Not for Public Release