IOSEC - Protection and Memory Safety for Input/Output Security

Lead Research Organisation: University of Cambridge
Department Name: Computer Laboratory


We wish to re-architect current computer input/output (I/O) systems with security as a first-class design constraint. Existing I/O has evolved organically over the decades and now faces a 'perfect storm' of security vulnerabilities, which we aim to address.

Computers today are full of processors: advertised, hidden and even unintentional. Processors, in the form of embedded microcontrollers, are hidden in 'devices' that we name as 'wireless card' or 'system management controller', but fundamentally they form a heterogenous distributed system. The software these processors run is often poorly scrutinised and may be actively malicious. As this field becomes more visible, vulnerabilities are being discovered with increasing frequency.

Worse still, the trend is for 'pluggable' devices via interfaces such as USB Type-C and Thunderbolt 3: users are being trained to pick up processors, thinking they are innocuous because they
are shaped like chargers or dongles. For instance, many buildings, aircraft, trains and buses now provide 'USB charging', but, without protection, the Type-C user may be exposing themselves to unexpected threats. Such threats are of substantial and increasing concern to businesses, government and consumers. By redesigning I/O with security at the core, we aim to considerably improve on today's weaknesses. We will investigate the weaknesses of current I/O and propose safer alternatives through three threads of research:

1. We will begin by performing a survey of the state-of-the-art of access-control protections in current hardware and software designs, to understand the limits of current pluggable-device security. We will focus in particular on current utilisation of Input/Output Memory Management Units (IOMMUs), which are the primary current defence that prevents devices from having unlimited Direct Memory Access (DMA) - the 'key to the kingdom' of system security that otherwise permits total compromise of firmware, OS, and applications from malicious devices. We will characterise current security-performance tradeoffs to establish a performance baseline. We will systemise new vulnerability classes and develop a corpus of vector-specific attack techniques which future defences must prevent or mitigate.

Our existing preliminary results investigating IOMMU use in modern operating systems, and a growing attack literature, suggest substantial security and performance shortcomings. We therefore propose two strands of research to develop and evaluate technical approaches to defend against I/O-based attackers:

2. Many I/O devices (e.g., USB and network cards) communicate with the host operating system through messages sent and received via DMA. We will develop new techniques to restructure CPU-to-I/O interconnects to provide a message-based abstraction for untrustworthy devices, rather than depending on DMA, as is current (and highly vulnerable) best practice.

3. To address devices for which a memory-oriented semantic is intrinsic (e.g., GPUs and Remote-DMA enabled network cards), we will explore new distributed-memory protection techniques that avoid the granularity and performance limitations of IOMMU-oriented approaches. This will enable greater control of device access to host memory while improving security-performance tradeoffs. For instance we might delegate specific memory access rights to devices, with policy and unforgeability enforced by the interconnect bridges.

All research will be performed via hardware-software co-design methodology and FPGA prototyping, with evaluation relative to performance, complexity, compatibility, and security metrics for both hardware and software. We will pursue these goals in close collaboration with ARM Ltd, who provide key insights into industry requirements and a transition path into commercial technologies.

Planned Impact

This research will be relevant to:

1. Hardware and software vendors and their supply chains, who design new systems and wish them to be secure.

2. Users of IT equipment, who will be protected from evolving security threats. This is particularly of relevance to commercial and government users to protect them from new and existing vulnerabilities and keep their organisation secure. Consumers will also benefit from being able to use trustworthy devices that are becoming smaller with increasingly pluggable components.

3. Researchers, who are learning how to build larger systems from distributed hardware components and how to maintain their security.

We work closely with ARM Ltd to transition secure processor technology. ARM is the architecture of choice for more than 90% of the smart electronic products being designed today, and found its way into more than 17 billion devices last year. This project will continue and extend this already successful collaboration.
Description In our NDSS 2019 paper, we describe a fundamental new set of operating-system vulnerabilities across the full range of OS vendors, describe our collaborations with them to resolve those issues, and present a new FPGA-based hardware-software I/O-security research platform, Thunderclap. The vulnerabilities relate to combining the supply of power and data communications in USB-C, where performance has been traded off for reduced security. IOMMU-based protections, which should limit these attacks, appear to be ineffective. We have now released the platform as open source, and presented the work at NDSS 2019. Since that time, the USB-4 specification has incorporated our guidance on IOMMU use.

In our HASP 2020 paper, we propose a new integration of the CHERI protection model with the DMA mechanism, with the potential to mitigate device-driver software vulnerabilities as well as malicious firmware or hardware DMA access. CHERI, developed by our team at SRI/Cambridge, is currently the subject of a UKRI ISCF project, Digital Security by Design, prototyping a CHERI-enabled SoC, Arm Morello. While this work will not feed into Morello, it directly enables new protections suitable for use in future generations of CHERI-enabled SoCs by allowing the CHERI protection model to be applied beyond the general-purpose processor -- such as in DMA-enabled network interface cards or storage controllers.
Exploitation Route In addition to writing up these early results in our papers, we have released our research platforms as open source to encourage other researchers to build on our work.
Sectors Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy

Description Our research results have substantially influenced several hardware and software vendors including Apple, Intel, Microsoft, and Google, as they uncover vulnerable hardware-software design putting end users (government, private sector, ..) at significant risk. These vendors have issued security updates addressing many of our concerns. The USB-4 specification now directly incorporates our guidance on safe IOMMU use.
First Year Of Impact 2019
Sector Digital/Communication/Information Technologies (including Software),Electronics
Impact Types Economic

Title Thunderclap I/O-security research platform 
Description Thunderclap is an FPGA-based I/O-security research platform suitable for exploring access to host computers from I/O devices via PCIe and Thunderbolt 3. 
Type Of Material Improvements to research infrastructure 
Year Produced 2019 
Provided To Others? Yes  
Impact Multiple mainstream computer-system vendors have worked with us to remediate vulnerabilities discovered using Thunderclap. We are now working with vendors to potentially adopt the tool for their own use in product development and testing.