Enabling Trustworthy Remote Recovery

with seL4

Dr. Richard Skowyra

15 November 2018

DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited. This material is based upon work supported by the Assistant Secretary of Defense for Research and Engineering under

Air Force Contract No. FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the

Assistant Secretary of Defense for Research and Engineering. © 2018 Massachusetts Institute of Technology. Delivered to the U.S. Government with Unlimited Rights, as defined in DFARS Part 252.227-

7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other

than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work.

SmallSat Div. Seminar - 2

KWI. 1-NOV-2018

The United States Relies Heavily on Space Assets

SmallSat Div. Seminar - 3

KWI. 1-NOV-2018

SmallSats are an Attractive Option …

SmallSat Div. Seminar - 4

KWI. 1-NOV-2018

… and Cyber is an Attractive Vector

“Break one, break all”

COTS HW + SW

Inability to Reassert Physical Control

SmallSat Div. Seminar - 5

KWI. 1-NOV-2018

… and Cyber is an Attractive Vector

“Break one, break all”

COTS HW + SW

Inability to Reassert Physical Control

SmallSat Div. Seminar - 6

KWI. 1-NOV-2018

Terrestrial vs. Space Platforms

Variable Terrestrial Space

Physical access Easy Not Easy

Environmental

threats

Power surges, spilled

coffeeRadiation, thermal

SWaP concerns Low Very high

Installation method Person carrying box Rocket carrying box

Communications Wired, wireless Intermittent wireless

User specialization Low High

Platform

specializationLow High

Mission duration Days to Months Months to Years

No physical access to re-assert control over a compromised device

SmallSat Div. Seminar - 7

KWI. 1-NOV-2018

A Representative SmallSat: ORS-5

CCD Radiator (-40°C)

Star Tracker

Avionics

Baffle

One-time Cover

Reaction Wheels (3)

CCD

Radio

Telescope

Torque Rods (3)

Battery

GPS

Magnetometer

SmallSat Div. Seminar - 8

KWI. 1-NOV-2018

Satellite System Overview

Controls Comms and Power

Controls Mission Functionality

Controls Orientation and Thrusters

Low Compute Power

Increasing Compute Power Requirements

Dependent on Bus

Space Vehicle

(SV)

Bus ControlFocused on maintenance and survival

Ground

Bus

Payload

Payload ControlFocused on mission objectives

• Encrypting the link between the Ground and the Space Vehicle is necessary, but not sufficient

Key Security Attributes

SmallSat Div. Seminar - 9

KWI. 1-NOV-2018

Our Security Goals

Space Vehicle

(SV)

Bus Control-

Ground

Bus

Payload

Payload Control-

• Reassert control if the satellite is compromised

• Enable the satellite to survive if the ground stationis temporarily compromised

SmallSat Div. Seminar - 10

KWI. 1-NOV-2018

Larger Effort: MITLL SmallSat Security Program

• Fail Slowly

• Go Beyond COMSEC

• Flexible Defenses

• Field and Leverage Telemetry

• Include a Root of Recovery

• Monitor the Pre-Launch Environment

• Security as a Feature

• Succeed Quickly

SmallSat Div. Seminar - 11

KWI. 1-NOV-2018

(SV)

Ground

Bus

Payload

Root of Recovery

• RISK: An adversary may be able to compromise the SV and “lock out” the legitimate ground station

– Adversary can effect denial of service or takeover

• APPROACH: Implement an immutable “root of recovery” onboard the SV

Drivers

Root of Trust (sel4 Microkernel)

Update +

Root of

Recovery

AppsCOMSECSafety of

Flight

– Guarantees enough C2 to force a reset into

a “safe mode” and apply a software update

to fix the defect

EFFECT: Adversary cannot permanently

compromise the SV. Additionally reduces

risk for software update, both to fix security

problems and to augment or update

functionality.

SmallSat Div. Seminar - 12

KWI. 1-NOV-2018

A Representative Stack for a Satellite Bus

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorOn-Board

CommsPeripheral

SmallSat Div. Seminar - 13

KWI. 1-NOV-2018

A Representative Stack for a Satellite Bus

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

SmallSat Div. Seminar - 14

KWI. 1-NOV-2018

Operating System

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

Formally Verified

No common implementation errors (use-after-free,

deadlock, buffer overflow, etc.)

Authority confinement, confidentiality and integrity

guarantees

Not Formally Verified

600 lines of assembly code

36000+ lines of specification

The boot process

Almost everything built on top of seL4

SmallSat Div. Seminar - 15

KWI. 1-NOV-2018

Processor

• Native seL4 support

• High processing power

– 2 ARM Cortex A9s

• Integrated on-die FPGA

• COTS LEO applicability

– Part of the CHREC Space Processor

– 39 CSP computers over 14 missions since December 2015

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

SmallSat Div. Seminar - 16

KWI. 1-NOV-2018

BSP + Wired Comms

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

Device Driver

Wired Comms

Driver

PHYZynq

seL4

AXI

SmallSat Div. Seminar - 17

KWI. 1-NOV-2018

Peripheral / Testing Environment

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

SmallSat Div. Seminar - 18

KWI. 1-NOV-2018

Recap

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

SmallSat Div. Seminar - 19

KWI. 1-NOV-2018

Where is the Root of Recovery?

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

Root of

Recovery

Software-Defined

Radio (SDR)

End Cryptographic

Unit (ECU)

Embedded Power

Supply (EPS)

FLASH Controller

• Root of Recovery must always permit the spacecraft to:

– Receive the “recover” command from an authorized principal,

– Reset to a previous state, or

– Load a new state (software, firmware, and/or data) and reset to it

Userspace

Application

Userspace Drivers

SmallSat Div. Seminar - 20

KWI. 1-NOV-2018

Need for Defense-in-Depth

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

Root of

Recovery

Software-Defined

Radio (SDR)

End Cryptographic

Unit (ECU)

Embedded Power

Supply (EPS)

FLASH Controller

Driver code is

unverified

Applications may

have realtime

constraintsUpdate may be

unauthorized

Hardware may contain

vulnerabilities

SmallSat Div. Seminar - 21

KWI. 1-NOV-2018

Next Steps: A Secure Root of Recovery

Application Middleware AdapterOperating

System

Board

Support

Package

ProcessorWired

CommsPeripheral

Root of

Recovery

Software-Defined

Radio (SDR)

End Cryptographic

Unit (ECU)

Embedded Power

Supply (EPS)

FLASH Controller

Driver code is

unverified

Applications may

have realtime

constraints• Update may be

unauthorized

Hardware may contain

vulnerabilities

• Upcoming seL4

extensions

• FPGA-based real-

time protections

Formally verified

digital signature

algorithm

Implementation in

Rust, a memory-

safe language

• SW separation

• FPGA-based monitors

• Bus protections

SmallSat Div. Seminar - 22

KWI. 1-NOV-2018

Future Work

• Run alongside a representative bus application suite

– Operate NASA Core Flight System (CFS) on top of seL4 and CFS

• Incorporate other efforts from the MITLL Smallsat security initiative into a reference architecture for secure smallsats

• Deploy reference architecture on a flatsat to prove out real-world feasibility

• Concepts are applicable to any physically remote embedded platform:

– SCADA

– Long-Loiter UxVs

– Infrastructure / IoT

SmallSat Div. Seminar - 23

KWI. 1-NOV-2018

Conclusion

• MIT LL has developed a set of design guidelines to aid designers in building more securable satellites

• Small satellites are attractive cyber targets, and require a root of recovery to restore to a known good state while in orbit

– Must be secured against attack to have real value

– seL4 is necessary, but not sufficient

• MIT LL is building a secure reference architecture for small satellites

– seL4 provides strong isolation

– Root of recovery provides ability to re-assert control if the satellite is compromised

– Other security extensions enable the satellite to conduct its mission if the ground station is temporarily compromised

SmallSat Div. Seminar - 24

KWI. 1-NOV-2018

Questions

Dr. Richard Skowyra

richard.skowyra@ll.mit.edu

781-981-0664