Ed Maste, the Director of Technology at the FreeBSD Foundation, discusses the rapidly-evolving interplay between hardware, cybersecurity, open source, and instruction set architectures.
1. Cybersecurity is traditionally thought of from a software mindset—but what do developers need to understand about the role of hardware security?
Hardware is often the battleground where cyber attackers and security software vie for control. Because of that, there are tremendous opportunities for robust hardware security to effectively pull the rug out from under would-be attacks by simply disallowing attack mechanisms from functioning in the first place. Hardware security already plays a prominent role in several key areas. For example, trusted platform modules (TPMs) and secure boot ensure that devices run only trusted software while booting, eliminating the opportunity for attack software to compromise or tamper with systems. Hardware-based encryption solutions that protect data on hard drives and networks are another common hardware security use case. But more recently, emerging hardware security technologies are introducing some welcome new capability architectures for thwarting ever-more-sophisticated threats that software-based security measures have struggled to address. As these hardware capabilities and architectures grow to reshape mainstream cybersecurity practices, teams should be prepared to adapt and adopt new strategies that incorporate the combined protections of both software and hardware-based measures.
2. How has open source development impacted hardware security?
I believe that the active collaboration intrinsic to developing and advancing open source projects—software or hardware—makes for a more hardened solution than just about any closed-source organization could produce. Mature open source projects have so many eyeballs on them and so many diverse, global perspectives that constant iteration is inherent. Hardware security is particularly receptive to these benefits. With open source, anybody interested in contributing to a hardware security project can openly review all hardware designs and source code. That open invitation to test for vulnerabilities and introduce new creative approaches and improvements has allowed hardware security to innovate and evolve at a rapid clip. It’s reasonable to argue that many of the most exciting hardware security technologies available today would not exist or wouldn’t be what they are without the power of open source collaboration. Instruction-set architectures (ISAs) and extensions are a strong example of this, offering open source-hardened hardware foundations from which software can execute securely.
3. Digging deeper into ISAs—what is their role in hardware security?
ISAs provide the specification of the instructions that a microporcessor uses to execute commands. Therefore, it’s possible to implement and enforce secure conditions and protections at the foundational level of a device’s operations. ISAs are a critical part of device functionality and hardware security. For example, the x86 ISA is present on most desktops, laptops, and servers (having evolved through the 16-bit, 32-bit, and 64-bit eras). The ARM ISA is a mainstay of smartphones, tablets and other devices including servers (64-bit ARM), due to its low-power consumption attributes. The RISC-V ISA has thrived as a research platform and is earning increasing attention as a modern flexible option. A major factor in RISC-V’s success is the fact that it’s open source. The open source FreeBSD operating system offers support for x86, ARM, RISC-V, and the OpenPower Foundation’s open source Power ISA. Other ISAs are available as well to provide security and advantageous features for numerous further use cases. When it comes to delivering hardware-level security, specific ISAs offer a variety of valuable features. For instance, an ISA and extensions might provide built-in data execution prevention, data encryption, and memory protection—eliminating the threats of particular attacks or security vulnerabilities within software running on that ISA-protected hardware.
4. Are there any shortcomings with ISA, or concerns that developer teams exploring them should be aware of?
I think it’s important for teams to understand ISAs beyond just their lists of (compelling) features. They should assemble a logical, comprehensive, and strategic security technology stack that aligns hardware and software protections. Just as ISAs can forbid software-based attacks, they may be incompatible with particular security software. This is especially a concern if the selected ISA isn’t yet a widely supported one. Also, ISAs can suffer from vulnerabilities and attack exploits, similar to how software can be affected. Therefore, organizations must keep their CPU microcode updated to prevent ISA vulnerability risks.
5. What can you tell us about the CHERI ISA, and the FreeBSD-based CheriBSD?
A lot! CHERI is an open source research project being developed by the University of Cambridge and SRI International, which has gained traction as a hardware security solution via its new approach to data access control and memory protection. With the CHERI ISA, all memory access happens through a “capability” that features hardware-based bounds and permissions. With capabilities controlling access to memory regions and supported by hardware and runtime safeguards, CHERI’s promising spatial memory security offers to neutralize an entire range of memory-focused attacks—such as buffer overflows and use-after-free vulnerabilities. CHERI also shows potential in providing high-performance compartmentalization, such that attackers can’t access data without authorization. While CHERI is churning through its R&D phase, ISA leaders are producing promising prototypes with the technology. Arm’s Morello platform is the most advanced of the prototypes; it combines CHERI with a high-performance super-scaler core on a system-on-chip demonstration platform. CheriBSD is a FreeBSD extension enabled with CHERI capabilities, capable of providing memory security and software compartmentalization. Designed for use with Arm’s Morello and CHERI-RISC-V platforms, CheriBSD offers developer teams using those platforms a fully memory-safe environment for desktop software development, and represents a leading achievement in ISA hardware-based security.
6. Wrapping up, how should developers feel about hardware security right now?
Hardware security is the bedrock of your overall system security. Its role continues to magnify as security threats get more complex. Consider, for example, the growing concern over supply chain attacks, where the bad guys infiltrate the production process of hardware components, embedding backdoors or vulnerabilities that can be exploited later. Incidents like these continue to underscore the need for uber-rigorous hardware security practices—and fortunately there’s a lot of progress to be excited about. I’m also proud of the role FreeBSD is playing in advancing hardware security. Through collaborative efforts and the power of open source communities, the project is an active contributor to the development of secure hardware.