Upload
elu
View
40
Download
0
Embed Size (px)
DESCRIPTION
Introduction CS 188 Secure Design for Embedded Systems Peter Reiher January 3, 2011. Purpose of Class. To teach students about designing secure systems While also considering other important system requirements Functionality Power use Via actual system design. Description of Class. - PowerPoint PPT Presentation
Citation preview
Lecture 1Page 1CS 188, Winter 2011
IntroductionCS 188
Secure Design for Embedded Systems
Peter ReiherJanuary 3, 2011
Lecture 1Page 2CS 188, Winter 2011
Purpose of Class
• To teach students about designing secure systems
• While also considering other important system requirements
– Functionality
– Power use
• Via actual system design
Lecture 1Page 3CS 188, Winter 2011
Description of Class
• General outline of class
• Prerequisites
• Grading
• Reading materials
• Office hours
• Web page
Lecture 1Page 4CS 188, Winter 2011
Outline of Class
• Not a lecture class– I’ll talk today and Wednesday, but no
more lectures• Based on actual design, building, and
evaluation of a working system• Using teams of students• Working on assigned projects• Grading based entirely on project elements
Lecture 1Page 5CS 188, Winter 2011
So What Will You Learn?
• Practical experience in designing systems with security goals
• Practical experience in designing systems for embedded platforms
• Practical experience in evaluating the power use of systems
Lecture 1Page 6CS 188, Winter 2011
How Will It Work?• Teams of students will be assigned to
one of five projects
– 4-5 students per team
• Each team will design and built a working system
• Presenting results at the end of the class
Lecture 1Page 7CS 188, Winter 2011
Choosing Projects
• I will present the five projects later today
• Each student will send an ordered list of the projects he prefers
• I will assign team members and projects
– I’ll listen to particular appeals for team membership
– But don’t guarantee I’ll agree to them
Lecture 1Page 8CS 188, Winter 2011
Class Activities
• Each team will meet with the professor and TA each week
– To discuss progress and problems
• Teams will create and defend a design
• Teams will build to that design
• Teams will evaluate their prototype
• And present their results
Lecture 1Page 9CS 188, Winter 2011
The Design Platform
• The Intel ATOM
– A popular platform for embedded systems
– X86-based
• Running the Linux OS
• Augmented with special power-measurement capabilities
Lecture 1Page 10CS 188, Winter 2011
The LEAP Technology
• A power-measurement technology developed at UCLA
– By Prof. William Kaiser
• Allows unprecedented detailed measurement of power use
Lecture 1Page 11CS 188, Winter 2011
The Atom LEAP Platform
Lecture 1Page 12CS 188, Winter 2011
Another View
Lecture 1Page 13CS 188, Winter 2011
More On LEAP
• LEAP allows energy measurement of individual system components
• Also allows measurement of power use by particular pieces of code
– Controllable by the programmer
Lecture 1Page 14CS 188, Winter 2011
What Can You Measure?
• CPU power use
• Memory power use
• Disk power use
• Bridge power use
• Individual power costs for each component
Lecture 1Page 15CS 188, Winter 2011
Energy Calipers
• Technique used to measure power costs of particular code
• Essentially establishes a start and end point in code for measurement
• Gives power use of that code for each measured component
Lecture 1Page 16CS 188, Winter 2011
How Does It Work?• An external DAQ samples power use• A clock signal synchronizes the DAQ outputs
and the energy calipers– Indicated when the code was entered and
exited• Since signals are synchronized, software can
assign power to code– Sync granularity is 100 msec
Lecture 1Page 17CS 188, Winter 2011
LEAPFrog
• LEAP For Repetitive, Organized Gathering
• Tool to make experimentation with LEAP easier
– Eases running multiple experiments
– Better user interface for LEAP
– Better formatting of results
Lecture 1Page 18CS 188, Winter 2011
Prerequisites
• CS111 (Operating Systems) • CS 136 (Computer Security)• If you aren’t familiar with this material,
you’ll be at a disadvantage– Talk to me if you want to take this
class, anyway• Some knowledge of embedded systems
won’t hurt
Lecture 1Page 19CS 188, Winter 2011
Teaching Assistant
• Peter Peterson– [email protected]
• No formal recitation sections• But will work closely with students on the
Atom LEAPs• Will also work with me on group meetings• Office hours: TBA
Lecture 1Page 20CS 188, Winter 2011
Grading
• All based on projects
• No tests, no homeworks
• Project design – 20%
• Weekly updates (weeks 2-9) – 40%
• Final presentation – 10%
• Final report – 30%
Lecture 1Page 21CS 188, Winter 2011
Class Format
• Few lectures
– Today, we talk about the class organization
– Wednesday, we talk about evaluation issues
• Group presentation in last week
• No class meetings in weeks 2-9
Lecture 1Page 22CS 188, Winter 2011
Weekly Group Meetings
• One hour meeting every week for each group
• Some during scheduled hours
• Others at mutual convenience
• With professor and TA
• Attendance is mandatory for all group members
Lecture 1Page 23CS 188, Winter 2011
What Happens at the Group Meetings?
• Each is a research meeting for that group
• To present and discuss design and implementation issues
• To update professor on progress
Lecture 1Page 24CS 188, Winter 2011
Your Basic Schedule
• Week 1: Choose projects
• Week 2-3: Design your project and security evaluation of its design
• Week 4-7: Implementation of project
• Week 8-9: Performance, power, security evaluation of project
• Week 10: Present your project
Lecture 1Page 25CS 188, Winter 2011
Reading Materials
• No required reading materials
• There’s one copy of an Atom book that I can share with the class
• Some materials related to the projects produced by Peter Peterson
• Other materials made available on web site
Lecture 1Page 26CS 188, Winter 2011
Office Hours
• MW 2-3
• Held in 3532F Boelter Hall
• Other times available by prior arrangement
• Above and beyond weekly group meetings
Lecture 1Page 27CS 188, Winter 2011
Class Web Page
http://www.lasr.cs.ucla.edu/classes/188_winter11
• Slides for lectures will be posted there– But there are only two lectures– In 6-up PDF form or Powerpoint
• Schedule for group meetings posted there
• Materials for using Atom LEAPS there
Lecture 1Page 28CS 188, Winter 2011
Why a Class on Secure Software Design?
• Software is usually designed to meet some particular need
• That need is usually not security-related
• But software designed without considering security won’t be secure
– And it won’t be easy to fix that
Lecture 1Page 29CS 188, Winter 2011
How Do You Learn Secure Design?
• Primarily by doing it
• There are some principles and approaches that help
• But you really only get there through practice
• You’re going to get some practice here
Lecture 1Page 30CS 188, Winter 2011
The Tricky Thing About Security Design
• Again, the primary goal of the software isn’t to be secure
• It has to meet functionality goals first
• And performance goals
• And, for embedded systems, power goals
• AND it has to be secure
• A classic example of engineering tradeoffs
Lecture 1Page 31CS 188, Winter 2011
So What Will You Be Doing?• You’ll be assigned one of five projects
– All security related
• You’ll design software to solve a problem
• You’ll implement that software on the ATOM
• You’ll use LEAP to investigate its power properties
Lecture 1Page 32CS 188, Winter 2011
The zPad
• A fictional project to develop a power-aware highly secure pad computer
• Atom is a reasonable hardware platform for it
– Linux is underlying software
• You will work on important pieces of the system
Lecture 1Page 33CS 188, Winter 2011
The Five Projects
• CryptoFlex
• PowerZone
• OffLoading
• ElectricSandbox
• CryptoDisk
Lecture 1Page 34CS 188, Winter 2011
CryptoFlex
• Alter crypto used for network transmissions
• Based on power status and security posture
• Reduce crypto strength when power is low
• Prioritize use of crypto among different transmissions to minimize power use
• Students build part of system that makes decisions and alters crypto accordingly
Lecture 1Page 35CS 188, Winter 2011
PowerZone• Depending on threat level and power status,
allow security apps to alter behavior
– E.g., firewalls and antivirus software
– Delaying scans, prioritizing operations, etc.
• General interface for apps to make these decisions
• Build general framework and two sample apps using it
Lecture 1Page 36CS 188, Winter 2011
OffLoading• Certain security-related operations use a lot of
power – E.g., PK authentication
• Could offload some operations to a server– Which would require wireless transmissions,
which also burn power• When will this win?• Investigate this idea and build framework to test
when it wins and loses
Lecture 1Page 37CS 188, Winter 2011
ElectricSandbox
• Untrusted code can be run in a sandbox to provide greater protection
• But at what power cost?
– Different sandboxing approaches might have different costs
• Design basic sandboxing systems and investigate power costs of running them
Lecture 1Page 38CS 188, Winter 2011
CryptoDisk• Data can be protected on disk via full-disk
encryption
– Which can be done in hardware or software
• Which is more suitable for this kind of device?
• Build software full disk encryption and investigate performance costs of SW and HW full disk encryption
Lecture 1Page 39CS 188, Winter 2011
Common Elements of Projects
• All require design
• All require software implementation
• All require security evaluation
• All require performance evaluation
• All require energy use evaluation
Lecture 1Page 40CS 188, Winter 2011
Security Design
• All five projects are security related
• But it’s equally important that the systems you build are secure
– In design and implementation
• Requires attention to secure design and coding techniques
• And security evaluations
Lecture 1Page 41CS 188, Winter 2011
Evaluating Your Systems• Must evaluate your system for functionality,
performance, power, and security
• Each is different kind of evaluation
– And each particular to the project
• But all require experimentation
– Some material on that presented next class