Privilege-Separating Embedded Applications using Web Assembly in the Plat FIDO2 Security Key

Kettle, Benjamin B.

Author(s)

Kettle, Benjamin B.

DownloadThesis PDF (1009.Kb)

Advisor

Athalye, Anish

Zeldovich, Nickolai

Kaashoek, M. Frans

Terms of use

In Copyright - Educational Use Permitted Copyright retained by author(s) https://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

Plat is a FIDO2 security key that uses privilege separation to protect the application’s private keys even if bugs are present in bug-prone parts of its codebase. Plat’s design encapsulates drivers and parsers in sandboxes that are isolated from the secrets that are used to perform authentication. To achieve privilege separation in the embedded context, Plat uses a new WebAssembly-based toolchain for ARM microcontrollers to implement and enforce isolation between individual components of an existing system without rewriting drivers and application code. This toolchain includes special support for device drivers, safely enabling isolated modules to access peripheral memory-mapped IO. Plat’s privilege separation reduces the lines of code in the trusted code base by 60% from our 20,000-line reference implementation while adding only 319 new trusted lines. Plat’s isolation strategy has acceptable performance overhead that does not prevent interactive use, with the slowest step of an authentication jumping from 277ms natively to 600ms when sandboxed. Plat ensures the protection of its secret key, and thus the security of the accounts it authenticates, in the presence of several classes of bugs.

Date issued

2023-06

URI

https://hdl.handle.net/1721.1/151516

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses