### Dynamic Separation Kernel for Safety- and Security-critical Applications

#### Henrik Karlsson (henrik10@kth.se)

Supervisors: Mads Dam & Roberto Guanciale KTH Royal Institute of Technology

November 8, 2022





Henrik Karlsson (KTH)

**Dynamic Separation Kernel** 



Foto: TT

#### Cyberattack mot Naturvårdsverket – system nere

UPPDATERAD 6 OKTOBER 2022 PUBLICERAD 6 OKTOBER 2022

Naturvårdsverket har utsatts för ett dataintrång och information har läckt ut från myndigheten som nu inte går att nå digitalt.

 Det går inte att nå Naturvårdsverket utifrån nu, för att begränsa eventuellt pågående attacker, säger förvaltningschef Håkan Svaleryd till TT.

Naturvårdsverket upptäckte på onsdagseftermiddagen att man hade ett dataintrång.

 Vi hittade kod som inte skulle vara i våra system, säger Håkan Svaleryd, som är chef för förvaltningsavdelningen på Naturvårdsverket.

I den analys av attacken som inleddes upptäcktes också att information från myndigheten läckt.



FRA, Försvarets radioanstalt, på Lovön utanför Stockholm spanar på cyberattacker mot Sverige. Føte: Jonas Olsson, SVT arkivbild

#### FRA: Cyberattacker mot mjukvaruleverantörer allt vanligare

UPPDATERAD 2 FEBRUARI 2022 FUBLICERAD 2 FEBRUARI 2022

Försvarets radioanstalt, FRA, uppger till SVT att så kallade "supply chain attacker" blir allt vanligare – trots krisen för ett halvår sedan då Coop stängde nästan 800 butiker på grund av dataintrång i deras kassasystem.

En av Sveriges hemligaste myndigheter larmar återigen för brister i cybersäkerhet i landet.

I Januari 2017 uppgav FRA att de upptäckte cirka 10 000 "aktiviteter" per månad mot mål i Sverige från stattiga utändska angrignare. Två är senare <u>uppgav FRA att siftran var</u> "betvilligt högref: En aktivite innebär förberedelse, försök eller genomförd cyberattack.

Varningarna gjordes långt före sabotagen mot Coop sommaren 2021 då nära 800 butiker

2/21

#### CDIS: Center for Cyber Defence and Information Security



GOAL:

New and efficient verification techniques

METHOD:

OUTCOME:



OUTCOME:

4/21



4/21





Henrik Karlsson (KTH)





Partition system using separation kernel

- TCP/IP Handle TCP/IP communication
- Crypto Service Encrypts & Decrypts Packages
- Monitor Monitors, parse commands, upgrade system
- Functions Interact with environment and output data



Partitions has fixed round-robin scheduling



- Partitions has fixed round-robin scheduling
- Related Work



- Partitions has fixed round-robin scheduling
- Related Work
  - PikeOS by SYSGO



- Partitions has fixed round-robin scheduling
- Related Work
  - PikeOS by SYSGO
  - INTEGRITY-178B by Green Hills



- Partitions has fixed round-robin scheduling
- Related Work
  - PikeOS by SYSGO
  - INTEGRITY-178B by Green Hills
  - seL4 by Heiser et al.



Partitions has fixed round-robin scheduling

- Related Work
  - PikeOS by SYSGO
  - INTEGRITY-178B by Green Hills
  - seL4 by Heiser et al.
  - MultiZone Security by HEX-Five Security



Partitions has fixed round-robin scheduling

- Related Work
  - PikeOS by SYSGO
  - INTEGRITY-178B by Green Hills
  - seL4 by Heiser et al.
  - MultiZone Security by HEX-Five Security
  - OpenMZ (open-source MultiZone) by Henrik Karlsson





Designed and implemented a separation kernel with ....



Designed and implemented a separation kernel with ....

Memory Protection and Management



Designed and implemented a separation kernel with ....

- Memory Protection and Management
- Secure Time Management for Real-Time Systems

<sup>1</sup>MPU - Memory Protection Unit, protects physical memory.

Henrik Karlsson (KTH)

**Dynamic Separation Kernel** 

November 8, 2022 8 / 21



Designed and implemented a separation kernel with ....

- Memory Protection and Management
- Secure Time Management for Real-Time Systems
- Secure Inter-Process Communication (IPC)



Designed and implemented a separation kernel with ....

- Memory Protection and Management
- Secure Time Management for Real-Time Systems
- Secure Inter-Process Communication (IPC)
- Process Monitoring



Designed and implemented a separation kernel with ....

- Memory Protection and Management
- Secure Time Management for Real-Time Systems
- Secure Inter-Process Communication (IPC)
- Process Monitoring

Targeting standard RISC-V 64-bit (RV64IMA) with MPU<sup>1</sup>



Designed and implemented a separation kernel with ....

- Memory Protection and Management
- Secure Time Management for Real-Time Systems
- Secure Inter-Process Communication (IPC)
- Process Monitoring
- Targeting standard RISC-V 64-bit (RV64IMA) with MPU<sup>1</sup>
- Multi-core processor support



Designed and implemented a separation kernel with ....

- Memory Protection and Management
- Secure Time Management for Real-Time Systems
- Secure Inter-Process Communication (IPC)
- Process Monitoring
- Targeting standard RISC-V 64-bit (RV64IMA) with MPU<sup>1</sup>
- Multi-core processor support
- $\sim$  2000 lines of C/Assembly

<sup>1</sup>MPU - Memory Protection Unit, protects physical memory.

Henrik Karlsson (KTH)

Previously mentioned features are implemented using capabilities

• Capability = object in kernel representing a resource



| Kernel                   |
|--------------------------|
| Process X's capabilities |
| Memory Slice             |
| Memory Slice             |
| Time Slice               |
| Supervise Y              |
|                          |
|                          |
|                          |
| IPC Endpoint             |

Previously mentioned features are implemented using capabilities

- Capability = object in kernel representing a resource
- Process owning a capability has access to corresponding resource



Previously mentioned features are implemented using capabilities

- Capability = object in kernel representing a resource
- Process owning a capability has access to corresponding resource
- Process can derive new capabilities from existing capabilities



■ Memory Slice – Manage access to a physical memory region.

▶ PMP – Configure RISC-V's MPU, grants memory access.

- Memory Slice Manage access to a physical memory region.
  - ▶ PMP Configure RISC-V's MPU, grants memory access.
- Time Slice Manage and grant execution time on a core.

- Memory Slice Manage access to a physical memory region.
  - ▶ PMP Configure RISC-V's MPU, grants memory access.
- Time Slice Manage and grant execution time on a core.
- Channels Manage IPC channels and endpoints.
  - ► Receiver/Sender Unidirectional IPC channel.
  - Server/Client Bidirectional IPC channel.

- Memory Slice Manage access to a physical memory region.
  - ▶ PMP Configure RISC-V's MPU, grants memory access.
- Time Slice Manage and grant execution time on a core.
- Channels Manage IPC channels and endpoints.
  - ► Receiver/Sender Unidirectional IPC channel.
  - Server/Client Bidirectional IPC channel.
- Supervisor Manage a set of processes.



Cores can only run one process at the time



- Cores can only run one process at the time
- Multiplexing the Core main duty of the kernel



- Cores can only run one process at the time
- Multiplexing the Core main duty of the kernel
- Context switch ⇒ overhead



- Cores can only run one process at the time
- Multiplexing the Core main duty of the kernel
- Context switch ⇒ overhead
- Core multiplexing technique = Process Scheduling



- Cores can only run one process at the time
- Multiplexing the Core main duty of the kernel
- Context switch ⇒ overhead
- Core multiplexing technique = Process Scheduling
- Best scheduler?



- Cores can only run one process at the time
- Multiplexing the Core main duty of the kernel
- Context switch ⇒ overhead
- Core multiplexing technique = Process Scheduling
- Best scheduler?
  - Supercomputer, Desktop, ...  $\rightarrow$  Performance



- Cores can only run one process at the time
- Multiplexing the Core main duty of the kernel
- Context switch ⇒ overhead
- Core multiplexing technique = Process Scheduling
- Best scheduler?
  - Supercomputer, Desktop, ...  $\rightarrow$  Performance
  - Airplane, Car, Railroad, ...  $\rightarrow$  Safety



- Cores can only run one process at the time
- Multiplexing the Core main duty of the kernel
- Context switch ⇒ overhead
- Core multiplexing technique = Process Scheduling
- Best scheduler?
  - Supercomputer, Desktop, ...  $\rightarrow$  Performance
  - Airplane, Car, Railroad, ...  $\rightarrow$  Safety
  - $\blacktriangleright$  VPN servers, routers, ...  $\rightarrow$  Security



■ Modified RR – Minor frames defined by time slice capabilities.



- Modified RR Minor frames defined by time slice capabilities.
- Fair Process with execution time gets execution time.



- Modified RR Minor frames defined by time slice capabilities.
- Fair Process with execution time gets execution time.
- Predictable Process knows time slice capabilities, thus their execution time.

<sup>2</sup>Flush cache, branch predictors, etc., support is hardware dependant.

12/21



- Modified RR Minor frames defined by time slice capabilities.
- Fair Process with execution time gets execution time.
- Predictable Process knows time slice capabilities, thus their execution time.
- Temporal Isolation A process's execution time depends only on its capabilities.

<sup>2</sup>Flush cache, branch predictors, etc., support is hardware dependant.

Henrik Karlsson (KTH)

Dynamic Separation Kernel





- Modified RR Minor frames defined by time slice capabilities.
- Fair Process with execution time gets execution time.
- Predictable Process knows time slice capabilities, thus their execution time.
- Temporal Isolation A process's execution time depends only on its capabilities.
- Low-overhead Scheduling decided by a lookup table.

<sup>2</sup>Flush cache, branch predictors, etc., support is hardware dependant.

Henrik Karlsson (KTH)

Dynamic Separation Kernel



- Modified RR Minor frames defined by time slice capabilities.
- Fair Process with execution time gets execution time.
- Predictable Process knows time slice capabilities, thus their execution time.
- Temporal Isolation A process's execution time depends only on its capabilities.
- Low-overhead Scheduling decided by a lookup table.
- Dynamic Process can alter their time slices.

<sup>2</sup>Flush cache, branch predictors, etc., support is hardware dependant.

Henrik Karlsson (KTH)

Dynamic Separation Kernel



## Time Slice Capability



- hartid ID of a hardware thread.<sup>3</sup>
- begin start of a time slice
- free start of minor frame
- end end of a time slice and minor frame

<sup>3</sup>Hardware Thread – Logically separate processor.

### Application with Time Slices



#### Monitor has the initial time slice







(only create slices from free to end)







#### Monitor derives capability D



#### Monitor sends capability D to Sensor Reader

(using IPC or supervisor capability)



#### Sensor Reader malfunction

(Monitor knows nothing about Cap. D)





#### Monitor derives capability D again





- currently running core
- core with smallest ID.

<sup>&</sup>lt;sup>4</sup>non-determinism may leak information



- currently running core
- core with smallest ID.

<sup>&</sup>lt;sup>4</sup>non-determinism may leak information



- currently running core
- core with smallest ID.

<sup>&</sup>lt;sup>4</sup>non-determinism may leak information



- currently running core
- Iongest quantum (not implemented)
- core with smallest ID

<sup>&</sup>lt;sup>4</sup>non-determinism may leak information







17 / 21



RISC-V lets writes appear reordered for other cores.<sup>5</sup>

(d) can read initial value, "y = 0"!

<sup>&</sup>lt;sup>5</sup>All operations always appear in-order for the local core.



Writes reordered.



Reads reordered.



Verification of multicore RISC-V need all reorderings. Multicore HoIBA provides this!

Henrik Karlsson (KTH)









Dec. 2022 – Complete proof-of-concept

Jan./Feb. 2023 – Evaluation and publication of kernel with proof-of-concept

Henrik Karlsson (KTH)

<sup>&</sup>lt;sup>5</sup>Worst-case execution time

- Dec. 2022 Complete proof-of-concept
- Jan./Feb. 2023 Evaluation and publication of kernel with proof-of-concept
- Spring 2023
  - Publication of multicore HolBA
  - Workshop publication of OpenMZ (older kernel)
  - ▶ Measurements of WCET<sup>5</sup> and jitter of non-preemptive kernel parts
  - Implement secure interrupts, optimized scheduler, and 32-bit kernel version

<sup>&</sup>lt;sup>5</sup>Worst-case execution time

- Dec. 2022 Complete proof-of-concept
- Jan./Feb. 2023 Evaluation and publication of kernel with proof-of-concept
- Spring 2023
  - Publication of multicore HolBA
  - Workshop publication of OpenMZ (older kernel)
  - ▶ Measurements of WCET<sup>5</sup> and jitter of non-preemptive kernel parts
  - Implement secure interrupts, optimized scheduler, and 32-bit kernel version
- Summer 2023
  - Model and proofs on some concurrent kernel code using multicore HolBA
  - Finish sequential high-level model of kernel

<sup>&</sup>lt;sup>5</sup>Worst-case execution time

### Research Plan

- Dec. 2022 Complete proof-of-concept
- Jan./Feb. 2023 Evaluation and publication of kernel with proof-of-concept
- Spring 2023
  - Publication of multicore HolBA
  - Workshop publication of OpenMZ (older kernel)
  - ▶ Measurements of WCET<sup>5</sup> and jitter of non-preemptive kernel parts
  - Implement secure interrupts, optimized scheduler, and 32-bit kernel version
- Summer 2023
  - Model and proofs on some concurrent kernel code using multicore HolBA
  - Finish sequential high-level model of kernel
- Autumn 2023 Finish concurrent high-level model of kernel

<sup>&</sup>lt;sup>5</sup>Worst-case execution time



https://kth-step.github.io/projects/separation-kernel/

21/21