research-article

RT-trust: automated refactoring for trusted execution under real-time constraints

Authors:

Eli TilevichAuthors Info & Claims

GPCE 2018: Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences

Pages 175 - 187

https://doi.org/10.1145/3278122.3278137

Published: 05 November 2018 Publication History

Abstract

Real-time systems must meet strict timeliness requirements. These systems also often need to protect their critical program information (CPI) from adversarial interference and intellectual property theft. Trusted execution environments (TEE) execute CPI tasks on a special-purpose processor, thus providing hardware protection. However, adapting a system written to execute in environments without TEE requires partitioning the code into the regular and trusted parts. This process involves complex manual program transformations that are not only laborious and intellectually tiresome, but also hard to validate and verify for the adherence to real-time constraints. To address these problems, this paper presents novel program analyses and transformation techniques, accessible to the developer via a declarative meta-programming model. The developer declaratively specifies the CPI portion of the system. A custom static analysis checks CPI specifications for validity, while probe-based profiling helps identify whether the transformed system would continue to meet the original real-time constraints, with a feedback loop suggesting how to modify the code, so its CPI can be isolated. Finally, an automated refactoring isolates the CPI portion for TEE-based execution, communicated with through generated calls to the TEE API. We have evaluated our approach by successfully enabling the trusted execution of the CPI portions of several microbenchmarks and a drone autopilot. Our approach shows the promise of declarative meta-programming in reducing the programmer effort required to adapt systems for trusted execution under real-time constraints.

References

[1]

2015. CVE-2015-8944. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2015-8944

[2]

2016. CVE-2016-9103. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2016-9103

[3]

2017. CVE-2017-12733. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-12733

[4]

2017. CVE-2017-13997. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-13997

[5]

2017. CVE-2017-1500. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-1500

[6]

2017. CVE-2017-17672. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-17672

[7]

2017. CVE-2017-2704. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-2704

[8]

2017. CVE-2017-5239. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-5239

[9]

2017. CVE-2017-6094. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-6094

[10]

2017. CVE-2017-7493. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2017-7493

[11]

2018. CVE-2018-1219. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-1219

[12]

2018. CVE-2018-6412. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-6412

[13]

2018. CVE-2018-8922. https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2018-8922

[14]

2018. Mirror of official llvm git repository. https://github.com/ llvm-mirror/test-suite

[15]

Gregory Bollella and James Gosling. 2000. The real-time specification for Java. Computer 33, 6 (2000), 47–54.

Digital Library

[16]

Stephan Flake and Wolfgang Mueller. 2002. An OCL extension for realtime constraints. In Object Modeling with the OCL. Springer, 150–171.

Digital Library

[17]

Matthew Fredrikson and Benjamin Livshits. 2014. ZØ: an optimizing distributing zero-knowledge compiler. In Proceedings of the 23rd USENIX conference on Security Symposium. USENIX Association, 909– 924.

Digital Library

[18]

Narain Gehani and Krithi Ramamritham. 1991. Real-time concurrent C: A language for programming dynamic real-time systems. Real-Time Systems 3, 4 (1991), 377–405.

[19]

GlobalPlatform. 2011. GlobalPlatform, TEE System Architecture, Technical Report. https://www.globalplatform.org/specificationsdevice. asp

[20]

GNU. 2018. Using the GNU Compiler Collection (GCC). http://gcc. gnu.org/onlinedocs/gcc/Attribute-Syntax.html

[21]

Susan L Graham, Peter B Kessler, and Marshall K Mckusick. 1982. Gprof: A call graph execution profiler. In ACM Sigplan Notices, Vol. 17. ACM, 120–126.

Digital Library

[22]

Kevin Hammond and Greg Michaelson. 2003. Hume: a domain-specific language for real-time embedded systems. In International Conference on Generative Programming and Component Engineering. Springer, 37– 56.

Digital Library

[23]

Pao-Ann Hsiung. 2001. Real-Time Constraints. In Institute of Information Science, Academia Sinica, Taipei.

[24]

Google Inc. 2018. gperftools. https://github.com/gperftools/gperftools

[25]

Yutaka Ishikawa and Hideyuki Tokuda. 1990. Object-oriented real-time language design: Constructs for timing constraints. Vol. 25. ACM.

Digital Library

[26]

Farnam Jahanian and Ambuj Goyal. 1990. A formalism for monitoring real-time constraints at run-time. In Digest of Papers. Fault-Tolerant Computing: 20th International Symposium. IEEE, 148–155.

[27]

Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O’Keeffe, P Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, et al. 2017. Glamdring: Automatic application partitioning for Intel SGX. USENIX.

Digital Library

[28]

Chung Laung Liu and James W Layland. 1973. Scheduling algorithms for multiprogramming in a hard-real-time environment. Journal of the ACM (JACM) 20, 1 (1973), 46–61.

Digital Library

[29]

Shen Liu, Gang Tan, and Trent Jaeger. 2017. PtrSplit: Supporting General Pointers in Automatic Program Partitioning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2359–2371.

Digital Library

[30]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. In Acm sigplan notices, Vol. 40. ACM, 190– 200.

Digital Library

[31]

Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. ACM Sigplan Notices 44, 6 (2009), 245–258.

Digital Library

[32]

United States. Department of Defense. 2015. Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT & E). http://www.secnav.navy.mil/ig/Lists/ Instructions%20Links/DispForm.aspx?ID=15

[33]

OP-TEE. 2018. Open Portable Trusted Execution Environment. https: //www.op-tee.org/

[34]

Anil Kumar Reddy, Periyasamy Paramasivam, and Prakash Babu Vemula. 2015. Mobile secure data protection using eMMC RPMB partition. In Computing and Network Communications (CoCoNet), 2015 International Conference on. IEEE, 946–950.

[35]

Konstantin Rubinov, Lucia Rosculete, Tulika Mitra, and Abhik Roychoudhury. 2016. Automated partitioning of android applications for trusted execution environments. In Software Engineering (ICSE), 2016 IEEE/ACM 38th International Conference on. IEEE, 923–934.

Digital Library

[36]

Alexander Senier, Martin Beck, and Thorsten Strufe. 2017. PrettyCat: Adaptive guarantee-controlled software partitioning of security protocols. arXiv preprint arXiv:1706.04759 (2017).

[37]

PX4 Dev Team. 2018. PX4. http://px4.io/

[38]

The Clang Team. 2018. Attributes in Clang. https://clang.llvm.org/ docs/AttributeReference.html

[39]

GlobalPlatform Device Technology. June 2010. TEE Client API Specification. https://www.globalplatform.org/specificationsdevice.asp

[40]

GlobalPlatform Device Technology. June 2013. Trusted User Interface API. https://www.globalplatform.org/specificationsdevice.asp

[41]

GlobalPlatform Device Technology. June 2016. TEE Internal Core API Specification. https://www.globalplatform.org/specificationsdevice. asp

[42]

Mengmei Ye, Jonathan Sherman, Witawas Srisa-an, and Sheng Wei. 2018. TZSlicer: Security-aware dynamic program slicing for hardware isolation. In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 17–24.

Cited By

Huang JHan HXu FChen B(2023)SAPPX: Securing COTS Binaries with Automatic Program Partitioning for Intel SGX2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00016(148-159)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00016
Hasan MMohan S(2023)You Can’t Always Check What You Wanted: : Selective Checking and Trusted Execution to Prevent False Actuations in Real-Time Internet-of-Things2023 IEEE 26th International Symposium on Real-Time Distributed Computing (ISORC)10.1109/ISORC58943.2023.00017(42-53)Online publication date: May-2023
https://doi.org/10.1109/ISORC58943.2023.00017
Liu YDhar STilevich E(2022)Only pay for what you need: Detecting and removing unnecessary TEE-based codeJournal of Systems and Software10.1016/j.jss.2022.111253188(111253)Online publication date: Jun-2022
https://doi.org/10.1016/j.jss.2022.111253
Show More Cited By

Index Terms

RT-trust: automated refactoring for trusted execution under real-time constraints
1. Security and privacy
  1. Formal methods and theory of security
    1. Trust frameworks
2. Software and its engineering
  1. Software notations and tools
    1. Compilers
      1. Translator writing systems and compiler generators
    2. Context specific languages
      1. Domain specific languages
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Automated static analysis
        Dynamic analysis
    2. Software system structures
      1. Real-time systems software

Recommendations

RT-trust: automated refactoring for trusted execution under real-time constraints
GPCE '18

Real-time systems must meet strict timeliness requirements. These systems also often need to protect their critical program information (CPI) from adversarial interference and intellectual property theft. Trusted execution environments (TEE) execute CPI ...
Satisfying real-time constraints with custom instructions
CODES+ISSS '05: Proceedings of the 3rd IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis

Instruction-set extensible processors allow an existing processor core to be extended with application-specific custom instructions. In this paper, we explore a novel application of instruction-set extensions to meet timing constraints in real-time ...
Statically Safe Speculative Execution for Real-Time Systems

Deterministic worst-case execution for satisfying hard-real-time constraints, and speculative execution with rollback for improving average-case throughput, appear to lie on opposite ends of a spectrum of performance requirements and strategies. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GPCE 2018: Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences

November 2018

214 pages

ISBN:9781450360456

DOI:10.1145/3278122

General Chair:
Eric Van Wyk
University of Minnesota, USA
,
Program Chair:
Tiark Rompf
Purdue University, USA

ACM SIGPLAN Notices Volume 53, Issue 9
GPCE '18
September 2018
214 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3393934
Editor:
Jens Palsberg
University of California, Los Angeles
Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 November 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

GPCE '18

Sponsor:

SIGPLAN

GPCE '18: 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences

November 5 - 6, 2018

MA, Boston, USA

Acceptance Rates

Overall Acceptance Rate 56 of 180 submissions, 31%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
266
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)3

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huang JHan HXu FChen B(2023)SAPPX: Securing COTS Binaries with Automatic Program Partitioning for Intel SGX2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00016(148-159)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00016
Hasan MMohan S(2023)You Can’t Always Check What You Wanted: : Selective Checking and Trusted Execution to Prevent False Actuations in Real-Time Internet-of-Things2023 IEEE 26th International Symposium on Real-Time Distributed Computing (ISORC)10.1109/ISORC58943.2023.00017(42-53)Online publication date: May-2023
https://doi.org/10.1109/ISORC58943.2023.00017
Liu YDhar STilevich E(2022)Only pay for what you need: Detecting and removing unnecessary TEE-based codeJournal of Systems and Software10.1016/j.jss.2022.111253188(111253)Online publication date: Jun-2022
https://doi.org/10.1016/j.jss.2022.111253
Liu SGuan NGuo ZYi W(2020)MiniTEE—A Lightweight TrustZone-Assisted TEE for Real-Time SystemsElectronics10.3390/electronics90711309:7(1130)Online publication date: 11-Jul-2020
https://doi.org/10.3390/electronics9071130
Wang PDing YSun MWang HLi TZhou RChen ZJing YRothermel GBae D(2020)Building and maintaining a third-party library supply chain for productive and secure SGX enclave developmentProceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice10.1145/3377813.3381348(100-109)Online publication date: 27-Jun-2020
https://dl.acm.org/doi/10.1145/3377813.3381348
An K(2020)Enhancing Web App Execution with Automated ReengineeringCompanion Proceedings of the Web Conference 202010.1145/3366424.3382087(274-278)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1145/3366424.3382087
An KTilevich E(2020)Client Insourcing: Bringing Ops In-House for Seamless Re-engineering of Full-Stack JavaScript ApplicationsProceedings of The Web Conference 202010.1145/3366423.3380105(179-189)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1145/3366423.3380105
Liu YTilevich E(2020)Reducing the Price of Protection: Identifying and Migrating Non-sensitive Code in TEE2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00028(112-120)Online publication date: Dec-2020
https://doi.org/10.1109/TrustCom50675.2020.00028
Mukherjee AMishra TChantem TFisher NGerdes RErmont JSong YGill C(2019)Optimized trusted execution for hard real-time applications on COTS processorsProceedings of the 27th International Conference on Real-Time Networks and Systems10.1145/3356401.3356419(50-60)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3356401.3356419
An K(2019)Facilitating the Evolutionary Modifications in Distributed Apps via Automated RefactoringWeb Engineering10.1007/978-3-030-19274-7_43(548-553)Online publication date: 26-Apr-2019
https://doi.org/10.1007/978-3-030-19274-7_43
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents