Cyber Attacks Against SDN Controllers And Protecting The Control Plane With A Formally Verified Microkernel / Cyberattacker Mot SDN Kontroller Och Att Skydda Kontrollplanet Med En Formellt Verifierad Mikrokärna

Holmberg, Olof

January 2021

Software-Defined Networking (SDN) is a technology that is increasing in popularity. However, with increased prevalence comes increased opportunity to exploit vulnerabilities that exist within the technology. In this thesis, several attack vectors that can be used to attack SDN controllers were identified through a literature review. Among these vectors there is one that is concerned with the vulnerabilities present on the host of the SDN controller. One promising method that could be used to mitigate this attack vector is to deploy the SDN controller on a microkernel. The microkernel chosen in this thesis is the formally verified microkernel seL4®. This thesis investigate the possible ways of deploying an SDN controller on seL4. A deployment of an SDN controller is also performed in this thesis in order to assess the difficulties and possible performance tradeoffs present in adapting an SDN controller for seL4. The deployment of the SDN controller uses seL4’s virtualization capabilities and leaves the majority of the controller running in a virtual machine on seL4. A small part of the controller is moved to a separate and isolated component in order to showcase how the isolation capabilities of seL4 can be utilized. The performances of the unmodified and the modified controller are then compared. A significant increase in execution time when communicating between the VM and the separate component was discovered. However, such increases may also be attributed to dynamic binary translation used when simulating seL4 using QEMU. Thus, properly quantifying these overheads would require a different setup, either without simulation or with hardware-assisted virtualization.

SDN

Software-Defined Networking

Microkernel

seL4

Computer Engineering

Datorteknik

Towards attack-tolerant trusted execution environments : Secure remote attestation in the presence of side channels

Crone, Max

January 2021

In recent years, trusted execution environments (TEEs) have seen increasing deployment in computing devices to protect security-critical software from run-time attacks and provide isolation from an untrustworthy operating system (OS). A trusted party verifies the software that runs in a TEE using remote attestation procedures. However, the publication of transient execution attacks such as Spectre and Meltdown revealed fundamental weaknesses in many TEE architectures, including Intel Software Guard Exentsions (SGX) and Arm TrustZone. These attacks can extract cryptographic secrets, thereby compromising the integrity of the remote attestation procedure. In this work, we design and develop a TEE architecture that provides remote attestation integrity protection even when confidentiality of the TEE is compromised. We use the formally verified seL4 microkernel to build the TEE, which ensures strong isolation and integrity. We offload cryptographic operations to a secure co-processor that does not share any vulnerable microarchitectural hardware units with the main processor, to protect against transient execution attacks. Our design guarantees integrity of the remote attestation procedure. It can be extended to leverage co-processors from Google and Apple, for wide-scale deployment on mobile devices. / Under de senaste åren används betrodda exekveringsmiljöer (TEE) allt mera i datorutrustning för att skydda säkerhetskritisk programvara från attacker och för att isolera dem från ett opålitligt operativsystem. En betrodd part verifierar programvaran som körs i en TEE med hjälp av fjärrattestering. Nyliga mikroarkitekturella anfall, t.ex. Spectre och Meltdown, har dock visat grundläggande svagheter i många TEE-arkitekturer, inklusive Intel SGX och Arm TrustZone. Dessa attacker kan avslöja kryptografiska hemligheter och därmed äventyra integriteten av fjärrattestning. I det här arbetet utvecklar vi en arkitektur för en betrodd exekveringsmiljö (TEE) som ger integritetsskydd genom fjärrattestering även när TEE:s konfidentialitet äventyras. Vi använder den formellt verifierade seL4-mikrokärnan för att bygga TEE:n som garanterar stark isolering och integritet. För att skydda kryptografiska operationer, overför vi dem till en säker samprocessor som inte delar någon sårbar mikroarkitektur med huvudprocessorn. Vår arktektur garanterar fjärrattesteringens integritet och kan utnyttja medprocessorer från Google och Apple för att användas i stor skala på mobila enheter.

trusted execution environment

remote attestation

sel4

microkernel

arm trustzone

intel sgx

side-channels

transient execution attacks

trusted execution environment

remote attestation

sel4

microkernel

arm trustzone

intel sgx

side-channels

transient execution attacks

Computer and Information Sciences

Data- och informationsvetenskap