On the Spatial and Temporal Safety of Multi-Language Applications
Loading...
Date
2024-08-07
Authors
Mergendahl, Samuel
Journal Title
Journal ISSN
Volume Title
Publisher
University of Oregon
Abstract
While the introduction of memory-safe programming languages into embedded, Cyber-Physical Systems (CPS) offers an opportunity to eliminate many system vulnerabilities, a pragmatic adoption of memory-safe programming languages often necessitates incremental deployment due to practical development constraints, such as the size of many legacy code bases. This incremental deployment of memory safety leads to a new type of system configuration, called Multi-Language Applications (MLA), where memory-safe and memory-unsafe programming languages are co-resident on the system.
Unfortunately, the spatial and temporal safety of Multi-Language Applications (MLA) remains understudied which contradicts the strict confidentiality, integrity, and availability constraints of embedded, Cyber-Physical Systems (CPS). Therefore, this dissertation investigates the new paradigm of MLA, in which this report enumerates novel spatial and temporal safety violations that can arise in this setting, and proposes a series of defense methodologies to ensure spatial and temporal isolation between potentially compromised components. Namely, because the memory-unsafe languages in an MLA offer an entry point for an attacker, the system must adopt cyber-resilience to prevent an attacker from spreading throughout the system and causing a critical system failure.
In particular, this report first introduces a new type of code-reuse attack that specifically appears in Multi-Language Applications (MLA), called Cross- Language Attacks (CLA). CLA takes advantage of conflicting assumptions between languages to maneuver around deployed defenses. Correspondingly, this report suggests two techniques to prevent CLA. First, a system should provide language-aware memory allocation and second, adopt a newly proposed language construct, called Pseudo-Pointers, to provide spatial isolation between the languages in the MLA. However, even with the temporal safety benefits gained from the thread isolation of Pseudo-Pointers, this report further demonstrates that the system must account for advanced Denial-of-Service (DoS) attacks, called Manipulative Interference Attacks (MIA), in which a compromised component manipulates another component into delaying a third, victim component. Additionally, an advanced form of MIA can arise, called Thundering Herd Attacks (THA), that specifically targets kernel mechanisms which exist to ostensibly enable temporal isolation as a means to inadvertently delay other high-priority threads in the system; consequently, the required temporal isolation mechanisms themselves act as an attack vector. Finally, in order to overcome this system coordination dilemma, this report proposes an analysis framework to automatically identify instances of MIA in a configured system. Specifically, the analysis uses a hybrid approach that first leverages static analysis to identify software components with influenceable execution times, and second, automatically generates a formal, system-wide model to determine which compromised protection domains can manipulate the influenceable components and trigger Manipulative Interference Attacks (MIA).
This dissertation includes previously published and unpublished co-authored material.
Description
Keywords
Code-reuse Attacks, Cybersecurity, Denial-of-Service Attacks, Linear Temporal Logic, Real-time Analysis, Requirements Engineering