sel4 & agile and resilient embedded systems (ares) · 2018-11-20 · embedded systems (ares) d...
TRANSCRIPT
seL4 & Agile and Resilient Embedded Systems
(ARES)D o u g l a s S c h a f e r / P r o g r a m M a n a g e r
I n f o r m a t i o n D i r e c t o r a t e ; N o v e m b e r 1 4 , 2 0 1 8
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
• Highly complex & connected
• Multi-vendor; Intellectual property
• Procurement and funding
Challenge
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
To a high technology readiness level:
• Design-in embedded system software cybersecurity and resilience
• Decouple computing layers
• Integrate and protect 3rd party applications
• Address three pillars of cybersecurity by developing capabilities aligned with Cyber Survivability Attributes (CSA) 1
• Protect, Mitigate, Recover
• Implement and demonstrate feasibility meeting needs of Air Force weapon systems
1 United States Air Force Systems Security Engineering Guidebook, 8 May 2018, v1.3
ARES and seL4
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
ARES Architecture & Software
Development
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
Current SW Environment
CPU Memory Peripherals
Drivers
Operating System
Applications
Security posture, in general:• Tightly coupled• Unsecured communication• Lack of partitioning*• Lack of interface control• Lack of monitoring and
response
Significant cost in time, complexity, and funds to modify
*Some systems implement commercial software separation kernels.
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
Current SW Environment
CPU Memory Peripherals
Drivers
Operating System
Applications
Image source: https://www.google.com/search?q=cyber+attack
Attacks result in unchecked accesses and adversarial freedom of maneuver
No controls on memory access, processes, interfaces, or boundaries.So, how to protect and assuredly operate mission applications?
Notional depiction for illustration only
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
ARES SW Environment
CPU Memory Peripherals
Drivers
Operating System
Applications
CPU Memory Peripherals
Hardware Abstraction
Software Separation
Applications
Virtual Machine Manager
Operating SystemSecurity and Resilience
Services
• Fully isolates and controls applications• Restricts permissions and accesses• Protects and monitors
• Processes & memory• Interfaces• Information in-transit
(confidentiality & integrity)• Secures communication via dynamic
encryption• Enforces specified rules and polices
Addresses susceptibilities & monitors behaviorsDISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
Complete SW Development
• Common library support and driver development
• Secure Virtual Machine Manager hosting multiple, concurrent virtual machines
• Interprocess Communication encryption
• Process and memory introspection
• Successful integration of small unmanned system flight and autopilot applications
• Successful testing against cyber attack classes
In-progress SW Development
• Integration of industry flight management and control system
• Implementation within industry-grade small unmanned system flight module
• Flight and cyber assessment testing (4 QTR FY19)
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
Cyber Assessment
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
O b j e c t i v e
Create a methodology and metric to
quantitatively assess cyber mission
assurance, enabling:
• Return on investment analysis
• Comparative designs
• Execution evaluation
Align to USAF Systems Security
Engineering Acquisition Guidebook:
Prevent / Mitigate / Recover
M e t h o d o l o g y
• Mission decomposition into mission
essential functions
• System and sub-systems identified
• Failure conditions and behaviors
enumerated
• Protection and mitigation techniques
aligned
• Assess ability to detect, isolate, and
recover
Cyber Mission Assurance
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
Metric
• Missions exist in elements of time
• Establish:
• Mission time (tm)
• Survival time (ts)
• Assess ability and time to detect, isolate, recover
• Time to detect (td)
• Time to isolate (ti)
• Time to recover (tr)
• Score (1, 0) based on:
Detectability (D) = 1 iff td < tm,
Isolability (I) = 1 iff (td + ti) < ts, and
Recoverability (R) = 1 iff (td + ti + tr) < tm
Mission Capable Mission CapableCompromised Capacity Survival Capacity
Detect Isolate Recover
(td + ti) < ts(td + ti + tr) < tm
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
DIR Assessment Example (Octo-copter)
For baseline and modified flight system• Assessed failures conditions for DIR• Measures time
Performed decomposition• Identified failure states and types• Aligned mitigation and assessed DIR• Selected design maximizing increase
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
Summary
• ARES architecture allows use of 3rd party applications
• Decouples and encapsulates
• Tightly controls and monitors, prevents unauthorized actions
• Instill confidentiality, integrity, and authentication
• Leader in SW separation research & development
• Cyber mission assurance assessment and metric
• SW Technology Readiness Level 6+
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108
DISTRIBUTION STATEMENT C. Distribution authorized to U.S. Government agencies and their contractors , Critical Technology, October 2014. Other requests for this document shall be referred to AFRL/RIG.
DISTRIBUTION A. Approved for public release: distribution unlimited. Case Number 88ABW-2018-5644 20181108