DEF CON 27 - ANISH ATHALYE - Strong Isolation

1. Want strong isolation?
Just reset your processor.
How we can build more secure systems by applying
the age-old wisdom of “turning it off and on again”
Anish Athalye, Adam Belay, Frans Kaashoek, Robert Morris, Nickolai Zeldovich

2. Security devices are increasingly common
Smartphone apps
Custom hardware
2

3. They are getting better
Smaller TCB
SMS 2FA
Smartphone
TOTP Hardware
TOTP
Smartphone
U2F Hardware
U2F
Hardware
Cryptocurrency
wallet
3

4. Paradigm shift
2FA: More secure login on PC Transaction approval,
Removes PC from TCB
4

5. Can we make the PC secure instead?
5
• Endless bugs:
• Application bugs
• OS bugs (kernels > 20M LOC)
• Micro-architectural CPU bugs (Spectre, Meltdown, Foreshadow, Zombieload)
• Hardware bugs (Rowhammer, RAMBleed)

6. Transaction approval on simple devices
6

7. Remove PC from TCB
Untrusted PC
Trusted hardware
(has private key)
7
TX
Sign(TX)

8. Remove PC from TCB
8

9. Not just cryptocurrencies
9
Before: confirm on PC After: must confirm on device, which signs transaction

10. Not just cryptocurrencies
10

11. Transaction approval everywhere!
•••
11

12. Transaction approval everywhere!
•••
12

13. Sharing results in isolation bugs
• Some past wallet bugs
• Bad argument validation in syscalls
• Bad configuration of MPU
[Riscure @ Black Hat 2018; Ledger Blog;
Trezor Blog]
13
USB
SoC:
CPU+RAM,
Flash,
Peripherals
Buttons
Display

14. Security through physical separation
14

15. Simulating physical separation
15

16. Reset-based design
16
CPU
RAM
CPU
RAM
UART
Flash
Buttons Display
USB
Application core Management core
Syscalls:
exit()
exit_state(state)
Runs third-party code;
has no persistent state
Manages persistent state;
never runs third-party code

17. What needs to be reset?
17
CPU
RAM
CPU
RAM
UART
Flash
Buttons Display
USB
Application core Management core

18. Purging state in a CPU, attempt #1
18
cut power

19. Purging state in a CPU, attempt #2
19
reset!

20. What does reset mean?
20
RISC-V Instruction Set Manual

21. Purging state in a CPU, attempt #3
21
reset!
+
mov r0, #0
mov r1, #0
mov r2, #0
...

22. Architectural and micro-architectural state
22
Examples of architectural state vs micro-architectural state

23. Minimizing complexity
23
Simpler processors have less micro-architectural state

24. Purging state in a CPU, final attempt
24
reset!
+
mov r0, #0
mov r1, #0
mov r2, #0
...
// do things that end up
// clearing internal state
...
These instructions affect
micro-architectural state
}
Check against CPU implementation

25. How do we know that reset is correct?
25
Arbitrary state
Reset / purge
Purged state

26. How do we know that reset is correct?
26
State (secret = 0)
Reset / purge
(Same) purged state
State (secret = 1)

27. Tool: Satisfiability Modulo Theories (SMT)
27
(x AND y) OR (NOT z) SAT: {x = False, y = False, z = False}
(x AND y) AND ((NOT x) AND z) UNSAT
SAT solvers
SMT: SAT on steroids
x: Int, y: Int
x + y < 1 AND x + 1 = 3 AND y > 0
x: BitVec(8)
x > 0 AND x + 1 < 0
UNSAT
SAT: {x = 127}

28. SMT solvers as theorem provers
28
Theorem: forall x, P(x)
SAT => theorem is false
A counterexample to our
theorem: an x where NOT (P(x))
UNSAT => theorem is proven
A proof that our theorem holds: because
there is no x that makes NOT (P(x)) true,
P(x) must hold for all x
NOT (P(x))
Mechanical translation to SMT formula:
strip foralls, negate proposition

29. SMT solvers as theorem provers
29
Theorem: forall x y : Real,
min(x, y) <= (x + y)/2 <= max(x, y)
NOT [ min(x, y) <= (x + y)/2 <= max(x, y) ]
>>> from z3 import *
>>> x = Real('x'); y = Real('y'); s = Solver()
>>> Min = z3.If(x < y, x, y)
>>> Max = z3.If(x < y, y, x)
>>> avg = (x + y)/2
>>> theorem = And(Min <= avg, avg <= Max)
>>> s.add(Not(theorem))
>>> s.check()
unsat

30. Reset: theorem statement
30
forall s s’: CPU state,
purge(s) = purge(s’)

31. Combinatorial circuits
31
Full adder

32. Combinatorial circuits
32

33. Combinatorial circuits
33
Prove: a + b = b + a (when c_in is the same)
Preconditions:
a/b are swapped
c_in is the same
Negated theorem statement:
result of adder is different
Verified!

34. Stateful circuits
34

35. Stateful circuits
35
Proof (attempt): as long as it’s not reset,
count doesn’t decrease
Preconditions:
s1 steps to s2,
counter is not reset
Negated theorem statement:
count decreases
Concrete counterexample!

36. Converting CPU implementation to SMT
36
Python / Z3 SMT model:
Describes 1 cycle of CPU execution
Verilog implementation:
Gate-level design of CPU
mechanical
translation

37. Symbolic simulation of the CPU
37
step
s0 s1
step
s2
step
s3
step
s4
step
s5
step
...

38. Proving reset correct
38
Any possible initial states
Must converge to the same final state
s0
reset
s1
step
s2
step
s3
step
s4
step
...
s0’
reset
s1’
step
s2’
step
s3’
step
s4’
step
...
sr

39. Interactive development of reset code
39
Write reset code
Verifier
UNSA
T
SAT
“Concrete counterexample:
state <X> is not cleared”
Done!

40. Demo (reset verification)
40

46. Demo (hardware)
46

49. Conclusion
”Turning it off and on again” (with a little more details) can be used as
a primitive for achieving isolation.
• Users: Start using transaction authorization devices
• Developers:
• Support factoring out approval decisions (see WebAuthn)
• Use verification as a tool to improve security
49
Code: git.io/shiva