High Assurance Cyber Military Systems (HACMS)

Transcription

1 High Assurance Cyber Military Systems (HACMS) Ray Richards, I2O Program Manager November 19, /19/2018 Distribution Statement A - Approved for Public Release, Distribution Unlimited 1

2 Many Remote Attack Vectors Physical Short-Range Wireless Long-Range Wireless Entertainment SCADA Systems Source: Laing O Rourke Source: Dept. of Energy Pcdgraphics.com Hornlockandkey.com Pcdgraphics.com Medical Devices clker.com harborfreight.com Informationweek.com psd.fanextra.com Source: www. seekinglpha.com Source: www. medtechbusiness.com bing-gallery.com Computer Peripherals Source: HP Source: Source: all-free-download.com Distribution Statement A - Approved for Public Release, Distribution Unlimited 2

3 Securing Cyber-Physical Systems Control Systems Air gaps & obscurity Forget the myth of the air gap the control system that is completely isolated is history. -- Stefan Woronka, 2011 Siemens Director of Industrial Security Services Trying to adopt cyber approaches, but technology is not a good fit: Resource constraints, real-time deadlines Extreme cost pressures Patches may have to go through lengthy verification & validation processes Patches could require recalls Cyber Systems Anti-virus scanning, intrusion detection systems, patching infrastructure This approach cannot solve the problem. Not convergent with the threat Focused on known vulnerabilities; can miss zero-day exploits Can introduce new vulnerabilities and privilege escalation UNCLASSIFIED opportunities Additional security layers often create vulnerabilities October 2010 Vulnerability Watchlist Vulnerability Title Fix Avail? Date Added!"#$%&' ( )#( *&+, #-), **( )&. )( /&0 ( -1, )2&3), -, 4, *&!, 4/*&3)"5"*( 6( &784/*/9, #&: $*#( )/; "*"-<& 0, & =>?@>?ABA& C( D&E /-&: F GH &H, D$*( &GG!&+, ##( 49, #&F ( #"/*&, I&G( )5"4( &: $*#( )/; "*"-<& J ( 8& =>?K>?ABA& 3E 3&L"; /8( M6( #M"DNOL&P$#49, #&, QR; <R, #( &S$Q( )&T 5( )U, 1 &: $*#( )/; "*"-<& 0, & =>?A>?ABA& V#-( )#( -&7%W*, )( )&=&L-, G-/94E XH!NOL&E XH!&G/#"9Y/9, #&S<W/88&Z ( /2#( 88& 0, & =>B=>?ABA& H "4), 8, [ &Z "#D, 1 8&' ( ); ( ), 8&L3/88&X\ ( &X"42( -L&C( W*/<&G( 4$)"-<&S<W/88&: $*#( )/; "*"-< & 0, & =>B] >?ABA& +"84, &^ #"_( D&Z ")( *( 88&0 ( -1, )2&N^ Z 0 O&H $*9W*( &G( 4$)"-<&: $*#( )/; "*"9( 8& J ( 8& =>B` >?ABA& +, a W$-( )&. 88, 4"/-( 8&T #( 5"( 1 &H, #"-, )&LD, G/5( bc8wl&c( a, -( &+, D( &7%( 4$9, #&: $*#( )/; "*"-<& 0, & =>B` >?ABA& T W( #GG!&L88*dM6( -M2( <M( %4\ /#6( NOL&^ 8( R. [ ( )RP)( ( &H ( a, )<&+, ))$W9, #&: $*#( )/; "*"-<& 0, & =>B?>?ABA&. D, ; ( &. 4), ; /-&/#D&C( /D( )&P, #-&3/)8"#6&C( a, -( &+, D( &7%( 4$9, #&: $*#( )/; "*"-<& 0, & =>BA>?ABA& We need a fundamentally different approach T W( #T e 4( &Va W)( 88&P"*( &H $*9W*( &S$Q( )&T 5( )U, 1 &: $*#( )/; "*"9( 8& 0, & =>BA>?ABA& 1/3 of the vulnerabilities are in security software!!"#$%&' ( )#( *&3. RCVG+&L*( Db4L&G-/42&S$Q( )&T 5( )U, 1 &: $*#( )/; "*"-<& J ( 8& =>Af >?ABA& : %Z, )28&F ( ; $66"#6&G( )5"4( &G( 4$)"-<RS<W/88&: $*#( )/; "*"-<& 0, & =>A` >?ABA& : %Z, )28&H $*9W*( &G( 4$)"-<&: $*#( )/; "*"9( 8& 0, & =>A@>?ABA& H "4), 8, [ &V#-( )#( -&7%W*, )( )&P)/a ( &S, )D( )&3), W( )-<&S$Q( )&T 5( )U, 1 &: $*#( )/; "*"-<& 0, & ] >?f >?ABA& G<a /#-( 4&. #95")$8&+, )W, )/-( &7Db&. *( )-&H /#/6( a ( #-&G( )5"4( &C( a, -( &3)"5"*( 6( &784/*/9, #&: $*#( )/; "*"-<& 0, & ] >?=>?ABA& H "4), 8, [ &T $-*,, 2&Z ( ; &. 44( 88&I, )&7%4\ /#6( &G( )5( )&?AAd&+), 88&G"-( &C( g$( 8- &P, )6( )<&: $*#( )/; "*"-<& 0, & ] >?` >?ABA& H "4), 8, [ &F ")( 4-h&F ")( 4-3*/<&H $*9W*( &F ( #"/*&T I&G( )5"4( &: $*#( )/; "*"9( 8& 0, & ] >??>?ABA& 11/19/2018 Distribution Statement A - Approved for Public Release, Distribution Unlimited DISTRIBUTION F - Further dissemination only as directed by DARPA Public Release Center or higher DoD authority UNCLASSIFIED 3 6

4 Cyber Resilient Embedded Systems The HACMS program created technology for the construction of highassurance cyber-physical systems Cyber-physical systems are relatively easy to remotely take over and reprogram using cyber attacks. Capability Objectives: High-assurance operating systems and control systems Suite of program synthesizers and formal-methods tools Assured-integration tools and analysis workbench Accomplishments: High assurance components ported to ULB and US Army TARDEC Autonomous Mobility Appliqué System Joint Capability Technology Demonstration (AMAS JCTD) Red Team completed end-of-phase III assessments; no security flaws in demonstration platforms after full access to code SAE is developing a Formal Methods Academy to transition HACMS technologies to the automotive industry Distribution Statement A - Approved for Public Release, Distribution Unlimited 4

5 HACMS Program Structure Architectural-Level Rockwell Collins, University of Minnesota Compositional Reasoning Application-Level Software Galois, CMU, Draper Labs, MIT, Oxford, Princeton, SpiralGen, University of Illinois, University of Pennsylvania Generate from Specification, Correct by Construction, Software Verification, Robust Algorithms Low-Level Software Data61 (NICTA), Yale Verified OS Kernels Ground Vehicle HRL Integrate on TARDEC Autonomous Systems Air Vehicle Boeing Integrate on Unmanned Little Bird Penetration Testing AIS Distribution Statement A - Approved for Public Release, Distribution Unlimited 5

6 HACMS cyber retrofit Several prototypes of securing existing systems developed using this approach Host existing software load image in a sel4 virtual machine Study software architecture and partition into a set of virtual machines Determine which virtual machines need guest operating system services Re-implement security critical software components Leveraging proven sel4 protections to maintain integrity of the virtual machines Distribution Statement A - Approved for Public Release, Distribution Unlimited 6

7 sel4 ecosystem SBIR effort Build out the open-source ecosystem of secure software components around the sel4 operating system microkernel Develop US-based expertise in supporting sel4 Develop high assurance components for sel4 Demonstrate prototype sel4-based systems Remove roadblocks form sel4 adoption Distribution Statement A - Approved for Public Release, Distribution Unlimited 7

8 sel4 SBIR highlights Syracuse Assured Boat Loader Executive (SABLE) adapted to sel4 Genode application framework ported to sel4 Real-time profile of DDS ported to sel4 Multi-level secure helmet vision system prototype Formally verified network stack RISC-V (Draper ISP) implementation Distribution Statement A - Approved for Public Release, Distribution Unlimited 8

9 sel4 Community of Excellence Provide stable US-based releases of sel4 system Deliver US-based support to integrators using sel4 Deliver training to sel4 users Manage a sel4 technology roadmap Mimic Linux distribution model. Make sel4 a viable candidate technology for use on high-integrity systems Distribution Statement A - Approved for Public Release, Distribution Unlimited 9

10 11/19/2018 Distribution Statement A - Approved for Public Release, Distribution Unlimited 10