Role of Software Architecture in Open Source Hardening

Download Report

Transcript Role of Software Architecture in Open Source Hardening

Networking and Security Research Center
Industry Day
April 27, 2012
Security Research Activities at Great Valley
Phil Laplante, CSDP, PE, PhD
Penn State Great Valley
Status
Ongoing Projects at Great Valley
• Security software architectures using tactics
• VMs for small microcontrollers
• PE Software Licensure (for certified secure
systems)
• Requirements engineering
Penn State University
2
Tactics
Tactics
• Finer grained concept than architectural
patterns
– Manifestation of the building blocks of an
architectural pattern
– Mapping between a single quality attribute and
an aspect of an architectural pattern
– Establishing the explicit traceability
Penn State University
3
Tactics
Security Tactics Hierarchy
Source: Bass, et al 2003
Penn State University
4
Tactics
Recent Work
• Evaluated three different collections of security
architecture patterns
• Used a Wideband Delphi technique with six
experts to produce an updated security tactics
hierarchy.
• This hierarchy significantly refines and improves
the hierarchy previously developed by Bass et
al.
• These tactics collectively, they form a basis for a
theory of design.
Penn State University
5
Tactics
Security Tactics Hierarchy’
Penn State University
6
Architecture
Future Work
• Our tactics and taxonomy have implicit approval
of the software architecture patterns community
• However, they fall short of being formally
certified
• Need to qualitatively and quantitatively measure
the effectiveness of tactics
– Adoption of a tactic depends on its usefulness
• Process requires an infrastructure consisting of:
– specification, retrieval, and verification mechanisms.
Penn State University
7
VMs for small µcontrollers
Problem Statement
Java Standard Edition for Embedded 30MB
dot NET “Compact Framework” 5.5MB
.
Low Level Virtual Machine (LLVM) ~1MB
Small Embedded Platform 256K
Penn State University
VMs for small µcontrollers
Phase One – Platform Selection
Selected the Atmel XPlain development kit:
 Atmel AVR ATxMega128A1 microcontroller
 128K Flash ROM (code), 8 Megabyte external RAM (data)
 2 UARTS, spare port pins for debug
 Modified with a 12MHz crystal for 0.87 DMIPS performance
JTAG Interface
8 Megabyte RAM
www.atmel.com
12MHz crystal
modification
Penn State University
Atmel ATxMega128A1
Microcontroller
VMs for small µcontrollers
VM Selection
Standard Pascal “P5” P-Code virtual machine selected
Penn State University
VMs for small µcontrollers
Develop C/C++ Board Support Code
To Host
PC
Atmel Xplain Kit
JTAG Debugger
Tiny
Oscilliscope
Display
USB
Concentrator
Penn State University
VMs for small µcontrollers
Code Development
Pascal Source
for P5 Compiler
Pascal Source for P5 Combined
Assembler and Interpreter
Split into two applications
Assembler in Pascal
Interpreter in Pascal
Recode in C / C++
Assembler in C/C++
Interpreter in C/C++
Modify to Write
PCode to a File
ISO 7185 Validate
Modified Assembler
in C/C++
Optimize
Extend for
new
syntax
Extend for
new
instruction
s
Extend for
new
instructions
Enhanced Compiler
in Pascal
Enhanced
Assembler in C/C++
Enhanced
Interpreter in C/C++
Penn State University
VMs for small µcontrollers
Performance Evaluation
 Dhrystone is a standard computing performance test for integer operations
 A VAX 11/780 that ran at 1 million instructions per second was measured to
execute 1,757 Dhrystones per second
 This is “1 DMIPS” (Dhrystone Million Instructions Per Second)
Created two versions of Dhrystone code to run on the target platform:
 Native C implementation
 Pascal implementation that runs in the P-Code virtual machine
 Added a time() function to Pascal and the virtual machine to measure
performance
Platform
Speed
Dhrystones/s
econd
DMIPS
ATxMega AVR Native
12 MHz
1,529
0.87
ATxMega AVR Virtual
12 MHz
5.562
0.003165
Thus, initially, the Virtual Machine ran 274.9 times slower than the native machine
Penn State University
VMs for small µcontrollers
VM Optimizations
Penn State University
VMs for small µcontrollers
Modifications to VM for Multitasking
It is easier to switch tasks in the virtual machine than in the native machine
Application Pcode Constants
Task #5 Stack
TaskState table [5 entries]
Task #4 Stack
Entry #n
Occupied Flag = true
Task #3 Stack
SP, MP, EP Registers
PC Register
Task #2 Stack
Mail pointer, length
Task #1 Stack
Application Pcode Instructions
Penn State University
Dynamic Memory
Pool
VMs for small µcontrollers
Evaluating Abstract Performance
Created a native (C/C++) application using µCOS real-time operating system with 5
tasks that send messages to each other in a tight loop and measured the
performance.
A single native message and task switch takes 800 microseconds on the target.
A single virtual message and task switch takes 5.92 milliseconds on the target:
0.35
Task
Switch
1.67ms
Mail send/receive
1.13ms
Loop Overhead
Penn State University
2.77ms
Mail message generation
VMs for small µcontrollers
Evaluating Abstract Performance
Whereas normal execution was measured to be 187 times slower in the virtual
machine, with this abstraction, the gap narrows to 7.4 times slower:
187 : 1
Normal Virtual Machine to Native Execution Ratio
7.40 : 1
Execution Ratio When Combined With High Level Abstraction
Penn State University
VMs for small µcontrollers
Future Work/Potential Applications
• Ubiquitous VM for microcontrollers.
– common abstractions could be standardized
• Massive reuse potential
• Applications in consumer appliances, automotive
platforms, manufacturing, medical devices,
defense etc.
• Wifi based VM ecosystem networks
• Domain specific languages through language
extension
Penn State University
Software Licensure
PE Licensure Project
• Only Texas licenses software engineers who
work on systems that affect the “health, safety
and welfare of the public”
• Nine more states will soon require licensure: AL, DE,
FL, MI, MO, NM, NY, NC, VA
• Work underway to develop software PE
licensure exam
• Will include significant number of questions in
“Safety, Security and Privacy”
Penn State University
19
Software Licensure
PE Licensure Project
• Partners
PE
Certified
– NCEES
– NSPE
– IEEE – USA
– IEEE Computer Society
– Texas Board of Professional Engineers
– Prometric
• First exam will be administered in 2013.
Penn State University
20
Software Licensure
Partnership Opportunities
• Nominate licensed PEs with software
engineering experience to participate in
the project.
• Determine you licensure “exposure”.
– Does your product need to be signed by PE?
– Do you need licensed PEs?
– What about offshore providers?
– What about externally furnished components?
Penn State University
21
Requirements Engineering
Industrial Assistance
• Improving requirements engineering practices
for major medical devices manufacturer
• Establishing requirements engineering
pracitices using open source systems
• Requirements engineering in agile processes
7/18/2015
Penn State University
22
Questions
Contact: Phillip A. Laplante, CSDP, PE, PhD
Professor of Software Engineering
Penn State
[email protected]
Penn State University
23
Further Reading
Selected Publications
• Phillip A. Laplante, “Farewell to the Space Shuttle,” IT Professional,
March/April 2012, pp. 10-12.
• Phillip A. Laplante, “Econ 101 for Cloud Enthusiasts,” IT Professional,
Jan/Feb 2012, pp. 12-15.
• Phil Laplante, “When does software affect the health, safety and welfare of
the public?,” IEEE Reliability Society Newsletter, February 2012, online,
http://140.113.87.14/Newsletter/1_2012/Phil%20Laplante.htm
• Jungwoo Ryo, Phil Laplante, and Rick Kazman “Software Security
Tactics,” IA newsletter, Vol. 15, No. 3, Winter 2012, pp. 44-49.
• Phil Laplante, “Answers to FAQs about Software Licensing,” The Institute,
February 2012, http://theinstitute.ieee.org/ieee-roundup/opinions/ieeeroundup/answers-to-faqs-about-software-licensing
• Joanna DeFranco and Phil Laplante, “Preparing for Incident Response
Using the Zachman Framework,” IA newsletter, Vol. 14, No. 3, Summer
2011, pp. 20-25.
Penn State University
24
Further Reading
Selected Publications
• Robin Gandhi, Anup Sharma, William Mahoney, William Sousan, Qiuming
Zhu and Phillip Laplante, “Dimensions of Cyber-Attacks,” Technology and
Society, Spring 2011, pp. 28-38.
• Norita Ahmad and Phillip A. Laplante, “A Systematic Approach to
Evaluating Open Source Software,” International Journal of Strategic
Information Technology and Applications, vol. 2, no. 1, January-March,
2011, pp. 48-67.
• Phil Laplante, George Hurlburt, Keith Miller, and Jeff Voas, “Certainty
through Uncertainty?,” Computer, February 2011, pp. 79-81.
• Don Shafer and Phillip A. Laplante, “The BP Oil Spill: Could Software be
a Culprit?,” IT Professional, September/October 2010, pp. 6-9. Reprinted
in Annual Editions: Technologies, Social Media, and Society; McGraw
Hill/Dushkin, 2011. Also Reprinted in Engineering Management Review,
vol. 39, no.4, 2011, pp.11-15.
Penn State University
25