Privilege-Separating Embedded Applications using Web Assembly in the Plat FIDO2 Security Key

• dc.contributor.advisor: Athalye, Anish
• dc.contributor.advisor: Zeldovich, Nickolai
• dc.contributor.advisor: Kaashoek, M. Frans
• dc.contributor.author: Kettle, Benjamin B.
• dc.date.issued: 2023-06
• dc.date.submitted: 2023-06-06T16:34:55.811Z
• dc.identifier.uri: https://hdl.handle.net/1721.1/151516
• dc.description.abstract: Plat is a FIDO2 security key that uses privilege separation to protect the application’s private keys even if bugs are present in bug-prone parts of its codebase. Plat’s design encapsulates drivers and parsers in sandboxes that are isolated from the secrets that are used to perform authentication. To achieve privilege separation in the embedded context, Plat uses a new WebAssembly-based toolchain for ARM microcontrollers to implement and enforce isolation between individual components of an existing system without rewriting drivers and application code. This toolchain includes special support for device drivers, safely enabling isolated modules to access peripheral memory-mapped IO. Plat’s privilege separation reduces the lines of code in the trusted code base by 60% from our 20,000-line reference implementation while adding only 319 new trusted lines. Plat’s isolation strategy has acceptable performance overhead that does not prevent interactive use, with the slowest step of an authentication jumping from 277ms natively to 600ms when sandboxed. Plat ensures the protection of its secret key, and thus the security of the accounts it authenticates, in the presence of several classes of bugs.
• dc.publisher: Massachusetts Institute of Technology
• dc.type: Thesis
• dc.description.degree: M.Eng.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• mit.thesis.degree: Master
• thesis.degree.name: Master of Engineering in Electrical Engineering and Computer Science