Meeting the Challenges of Critical and Extreme Dependability and Security

The world is becoming an immense critical information infrastructure, with the fast and increasing entanglement of utilities, telecommunications, Internet, cloud, and the emerging IoT tissue. This may create enormous opportunities, but also brings about similarly extreme security and dependability risks. We predict an increase in very sophisticated targeted attacks, or advanced persistent threats (APT), and claim that this calls for expanding the frontier of security and dependability methods and techniques used in our current CII. Extreme threats require extreme defenses: we propose resilience as a unifying paradigm to endow systems with the capability of dynamically and automatically handling extreme adversary power, and sustaining perpetual and unattended operation. In this position paper, we present this vision and describe our methodology, as well as the assurance arguments we make for the ultra-resilient components and protocols they enable, illustrated with case studies in progress.

[1]  Rüdiger Kapitza,et al.  AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves , 2016, ESORICS.

[2]  Tsutomu Ishida,et al.  Metrics and Models in Software Quality Engineering , 1995 .

[3]  Miguel Correia,et al.  The Crutial Way of Critical Infrastructure Protection , 2008, IEEE Security & Privacy Magazine.

[4]  Richard Durbin,et al.  Sequence analysis Fast and accurate short read alignment with Burrows – Wheeler transform , 2009 .

[5]  Adam Molyneaux,et al.  Privacy-Preserving Processing of Raw Genomic Data , 2013, DPM/SETOP.

[6]  William H. Sanders,et al.  Understanding the Role of Automated Response Actions in Improving AMI Resiliency , 2012 .

[7]  Johannes Behl,et al.  CheapBFT: resource-efficient byzantine fault tolerance , 2012, EuroSys '12.

[8]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[9]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[10]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[11]  Andrew W. Appel Verified Software Toolchain - (Invited Talk) , 2011, ESOP.

[12]  Emiliano De Cristofaro,et al.  Secure genomic testing with size- and position-hiding private substring matching , 2013, WPES.

[13]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[14]  Alysson Neves Bessani,et al.  BiobankCloud: A Platform for the Secure Storage, Sharing, and Processing of Large Biomedical Data Sets , 2015, Big-O/DMAH@VLDB.

[15]  L. Sweeney Simple Demographics Often Identify People Uniquely , 2000 .

[16]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[17]  Paulo Veríssimo,et al.  Travelling through wormholes: a new look at distributed systems models , 2006, SIGA.

[18]  Ramana Kumar,et al.  A new verified compiler backend for CakeML , 2016, ICFP.

[19]  Magnus O. Myreen,et al.  Self-Formalisation of Higher-Order Logic , 2016, Journal of Automated Reasoning.

[20]  Ramana Kumar,et al.  CakeML: a verified implementation of ML , 2014, POPL.

[21]  Cole Trapnell,et al.  Ultrafast and memory-efficient alignment of short DNA sequences to the human genome , 2009, Genome Biology.

[22]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[23]  Xi Wang,et al.  Verdi: a framework for implementing and formally verifying distributed systems , 2015, PLDI.

[24]  Ramana Kumar,et al.  Self-Formalisation of Higher-Order Logic - Semantics, Soundness, and a Verified Implementation , 2016, J. Autom. Reason..

[25]  Eran Halperin,et al.  Identifying Personal Genomes by Surname Inference , 2013, Science.

[26]  Danfeng Zhang,et al.  Ironclad Apps: End-to-End Security via Automated Full-System Verification , 2014, OSDI.

[27]  Alysson Neves Bessani,et al.  A High-Throughput Method to Detect Privacy-Sensitive Human Genomic Data , 2015, WPES@CCS.

[28]  Srinath T. V. Setty,et al.  IronFleet: proving practical distributed systems correct , 2015, SOSP.

[29]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[30]  Subhas C. Misra,et al.  Relationships Between Selected Software Measures and Latent Bug-Density: Guidelines for Improving Quality , 2003, ICCSA.

[31]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[32]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[33]  Miguel Correia,et al.  Efficient Byzantine Fault-Tolerance , 2013, IEEE Transactions on Computers.

[34]  Mark Bickford,et al.  Developing Correctly Replicated Databases Using Formal Tools , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[35]  Andrew W. Appel,et al.  Verified Correctness and Security of OpenSSL HMAC , 2015, USENIX Security Symposium.

[36]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[37]  Bruno Barras,et al.  Sets in Coq, Coq in Sets , 2010, J. Formaliz. Reason..

[38]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.