SAFE: A clean-slate architecture for secure systems

SAFE is a large-scale, clean-slate co-design project encompassing hardware architecture, programming languages, and operating systems. Funded by DARPA, the goal of SAFE is to create a secure computing system from the ground up. SAFE hardware provides memory safety, dynamic type checking, and native support for dynamic information flow control. The Breeze programming language leverages the security features of the underlying machine, and the “zero kernel” operating system avoids relying on any single privileged component for overall system security. The SAFE project is working towards formally verifying security properties of the runtime software. The SAFE system sets a new high-water mark for system security, allowing secure applications to be built on a solid foundation rather than on the inherently vulnerable conventional platforms available today.

[1]  Benjamin C. Pierce,et al.  Testing noninterference, quickly , 2013, Journal of Functional Programming.

[2]  Robert A. Martin,et al.  Common weakness enumeration (CWE) status update , 2008, ALET.

[3]  Jonathan M. Smith,et al.  Preliminary design of the SAFE platform , 2011, PLOS '11.

[4]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[5]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[6]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[7]  Claes Wikström,et al.  Concurrent programming in ERLANG (2nd ed.) , 1996 .

[8]  Joe Armstrong,et al.  Concurrent programming in ERLANG , 1993 .

[9]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[10]  Robert S. Fabry,et al.  Capability-based addressing , 1974, CACM.

[11]  Gernot Heiser,et al.  L4 reference manual: MIPS R4x00, version 1.11, kernel version 79 , 1999 .

[12]  Benjamin C. Pierce,et al.  All Your IFCException Are Belong to Us , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Jochen Liedtke,et al.  On micro-kernel construction , 1995, SOSP.

[14]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[15]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[16]  Thomas F. Knight,et al.  A capability representation with embedded address and nearly-exact object bounds , 2000 .

[17]  Rishiyur S. Nikhil,et al.  Bluespec System Verilog: efficient, correct RTL from high level specifications , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[18]  Jonathan M. Smith,et al.  Hardware Support for Safety Interlocks and Introspection , 2012, 2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops.

[19]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[20]  Deian Stefan,et al.  Flexible dynamic information flow control in Haskell , 2012, Haskell '11.

[21]  Udit Dhawan,et al.  Area-efficient near-associative memories on FPGAs , 2013, FPGA '13.