Functional Programming for Securing Cloud and Embedded Environments
Doctoral thesis, 2024
The thesis underlying our dissertation is that digital systems can be protected from a wide range of critical attacks by employing functional programming-based techniques, ensuring software isolation in the cloud, and facilitating high-level, declarative and memory-safe abstractions in embedded systems. Our approach here is to employ programming language tools, specifically functional programming, which focuses on building software by composing pure functions, avoiding shared state, mutable data, and side-effects, to enhance the security of both cloud and embedded systems. For cloud systems, we use functional programming abstractions to partition security-critical software into compartmentalised structures that use modern hardware protection mechanisms such as Trusted Execution Environments (TEEs) for software isolation. For embedded systems, we present high-level functional programming constructs that raise the level of abstractions and provides safety features to resource constrained embedded system. The dissertation is organised into two parts.
Part I introduces two successive versions of a domain-specific language (DSL) designed for programming TEEs, such as Intel SGX. TEEs isolate applications from low-level system software with large codebases, such as operating systems and hypervisors, thereby minimizing the trusted computing base and reducing the resultant attack surface of cloud applications. Broadly, the DSL contributes the following: (1) It facilitates automatic type-based program partitioning between trusted and untrusted code, (2) It supports dynamic information flow control mechanisms for ensuring data confidentiality, (3) It integrates with an automated remote attestation framework to preserve TEE integrity, and (4) It offers a tierless programming model that helps minimise errors arising from multi-tier confidential computing applications, requiring adherence to complex data exchange protocols.
Evaluations for Part I involve expressing confidential computing applications, such as (i) a privacy-preserving federated learning application, (ii) an encrypted password wallet, and (iii) a data-clean room design pattern for multiple parties to conduct data analytics.
Part II contributes a functional language runtime and a functional reactive programming language targeting embedded systems, with the goal of raising the level of abstraction and ensuring memory and type safety. The runtime offers a unified message-passing framework for handling both software messages and hardware interrupts, along with a novel timing operator to capture the notion of time. This allows for expressing classical (1) concurrent, (2) I/O-bound, and (3) timing-aware embedded systems applications in a declarative manner. Similarly, the reactive programming language is a declarative, pure functional language built on top of the runtime. It tracks unique side effects in its type system using a feature called resource types.
Evaluations for Part II ran the language and runtime on microcontrollers like NRF52, STM32, and GRiSP boards, microbenchmarking resource efficiency parameters including memory footprint, garbage collection latency, throughput, jitter, and interpretive load, demonstrating acceptable overheads.
The programming artifacts resulting from this dissertation comprise the HasTEE and HasTEE+ DSLs for programming TEEs, the Synchron C99-based portable embedded systems runtime, and the Hailstorm reactive programming language for embedded systems. All these programming artifacts are made publicly available, along with the evaluation procedures, encouraging further experiments in securing both cloud and embedded systems.
trusted execution environment
real time
functional programming
runtime
information flow control
microcontrollers
functional reactive programming
Author
Abhiroop Sarkar
Chalmers, Computer Science and Engineering (Chalmers), Functional Programming
HasTEE - Programming Trusted Execution Environments with Haskell
Haskell 2023 - Proceedings of the 16th ACM SIGPLAN International Symposium on Haskell, Co-located with ICFP 2023,;(2023)p. 72-88
Paper in proceeding
Sarkar A, Russo A. HasTEE+ : Confidential Cloud Computing and Analytics with Haskell
Synchron - An API and Runtime for Embedded Systems
Leibniz International Proceedings in Informatics, LIPIcs,;Vol. 222(2022)p. 17:1-17:28
Paper in proceeding
Hailstorm : A Statically-Typed, Purely Functional Language for IoT Applications
ACM International Conference Proceeding Series,;(2020)
Paper in proceeding
This dissertation addresses the fundamental issue of trust in software through a domain-specific functional programming language. The language employs a combination of specialised hardware isolation technologies and cryptographic techniques to eliminate the tower of low-level software abstractions from the programmer’s trusted code base, enabling software construction tailored for malicious cloud environments. Furthermore, in the realm of embedded systems, we introduce a high-level functional programming language and runtime, elevating the abstraction level at which these systems are programmed and significantly reducing common memory, type, and temporal-unsafety vulnerabilities. We hope that the contributions made through our dissertation will pave the way for further research avenues, where the robust security guarantees provided by our proposed functional languages can be integrated with emerging hardware and software-based security techniques to enable the construction of safer and more secure digital systems.
Octopi: Secure Programming for the Internet of Things
Swedish Foundation for Strategic Research (SSF), 2018-05-01 -- .
Subject Categories
Computer Engineering
Computer and Information Science
Areas of Advance
Information and Communication Technology
ISBN
978-91-8103-026-6
Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 5484
Publisher
Chalmers
HB2, Hörsalsvägen 8, 412 58
Opponent: Prof. Anil Madhavapeddy, University of Cambridge, UK.