A Walkthrough of DARPA SSTIH Program-Mitigating Hardware Issues from Source.
DARPA and Galois Inc.
DARPA is an agency of the U.S. Department of Defense with a mission to make pivotal investments in breakthrough technologies for national security. The Agency explicitly reaches for transformational change instead of incremental advances. To do so, it works within an innovation ecosystem that includes academic, corporate and governmental partners, with a constant focus on the Nation’s military Services, which work with DARPA to create new strategic opportunities and novel tactical options.
The DARPA System Security Integration Through Hardware and Firmware (SSTIH) program aims to mitigate hardware issues at the source i.e. the hardware level. To this extent, they partnered with Galois Inc. which is a company that aims to create holistic software and hardware solutions of which, according to their words, “Failure is UNACCEPTABLE”.
Their partnership birthed the BESSPIN-GFE repositories which constantly host hardware exploit and subsequent patch development for government-issued chips and the operating systems running on them. This repository collects all the open-source repositories created or extended as a part of Galois’s Balancing the Evaluation of System Security Properties with Industrial Needs (BESSPIN) project, part of the DARPA SSITH program.
The Repositories
The Galois source code contains a lot of repositories based on different case subjects. The source code can be assessed on Linux using the NIX shell, and as a Docker image via Github. Users of these resources should generally check out only the individual repositories applicable to their interests, rather than the entire repository.
The repositories relevant to DARPA SSITH are numerous but the key ones for this document’s purpose are:
This repository hosts all the tools, operating systems, environments for creating, editing and testing the following things.
- Processor Schematics
- Operating System
- Exploits
- Patches
This repository holds example code for a vulnerable platform running on a 64-bit riscv CPU which demonstrates how a mock voting system can be compromised with the selected hardware and software running on the machine.
It also contains the source code for these exploits, found here
Getting started with the Repository
Setting up the environment for this repository is lengthy but straightforward.
Get dependencies (Linux only)
This repository relies on a few dependencies to run, make and the riscv-gnuunknown-elf compiler toolchain.
Installing make is as simple as running
sudo apt install make -y
This will install make after which you run
$ sudo apt-get install autoconf automake autotools-dev curl python3
libmpc-dev libmpfr-dev libgmp-dev gawk build-essential bison flex texinfo
gperf libtool patchutils bc zlib1g-dev libexpat-dev
This finally gets you ready to build the riscv-gnu-unknown-elf toolchain.
To get the toolchain, you’ll need to clone it from GitHub and build it from scratch using make.
First, execute this command,
git clone —recursive https://github.com/riscv/riscv-gnu-toolchain
which will clone the toolchain and all its dependencies. The download is about 1.4GB and might take a while to complete.
When this is done, you go to the directory where the toolchain was cloned and run.
./configure —prefix=/opt/riscv
This will generate a file called Makefile which contains instructions for make to follow and build the toolchain.
After running make, the toolchain should be installed and if it is not, the relevant directories need to be linked to the system’s PATH variable
Clone the repository
With the toolchain now installed, you need to clone the repository, this is done by running the command
git clone —recursive https://github.com/GaloisInc/BESSPIN-Voting-SystemDemonstrator-2019
When it is done cloning, we can build the environment.
Build the environment
To do this, go to the voting system’s directory and run make, this will build the environment and let you start the test.
When this is done, new binaries are generated which could be run on emulators like qemu, or be debugged with tools like gdb.
Running the exploits
Following the guides in the docs/red-team folder will help you build any of the example exploits in the repository.
When built, you give the exploits the address of the voting system server and execute them
Developing exploits
With the knowledge applied from previous steps, hackers are given free reign to develop exploits for the system and submit their findings which will further help the development of more secure riscv CPUs and software that run on them.
Advantages and Disadvantages of the Source Code
Open source code also has some advantages to it which includes:
- Better quality – Similarly, with more developers poring over the source code and
also testing its outcome, Open source is typically considered to have fewer flaws
and better quality than the standard developed code. - Resilience: With the source code open source it helps to know the vulnerabilities
before it can be exploited by an attacker
Some of the downsides to making such a sophisticated repository open-source code
includes:
- compatibility– because most at times it requires specialized drivers to run open-source programs, which are often only available from the equipment manufacturer. This can potentially add to the cost of your project. Even if an opensource driver exists, it may not work with your software as well as the proprietary driver.
- Possible exploitation of code by attackers.
Conclusion
Using the main BESSPIN-GFE repository, developers can design CPU hardware with patches implemented to mitigate any exploits found or developed. Submitting them also helps improve the security of these systems. Along with other companies, DARPA and Galois Inc. have laid the foundation for creating more secure systems in the future, and with the progress made on the risc architecture, they have set their sights on cisc cpus, namely x86 and amd64 cpus
Written by Mainasara Tsowa, Faith Ariyo and Muktar Suleiman.
One Comment
Wow. DARPA is doing wonders. Welldome guys at CyberPlural.