/ Papers / Not-Quite-So-Broken TLS
In 24th USENIX Security Symposium (USENIX Security 15), Aug 2015
PDF   URL   BibTeX  

Abstract. Transport Layer Security (TLS) implementations have a history of security flaws. The immediate causes of these are often programming errors, e.g. in memory management, but the root causes are more fundamental: the challenges of interpreting the ambiguous prose specification, the complexities inherent in large APIs and code bases, inherently unsafe programming choices, and the impossibility of directly testing conformance between implementations and the specification. We present nqsb-TLS, the result of our re-engineered approach to security protocol specification and imple- mentation that addresses these root causes. The same code serves two roles: it is both a specification of TLS, executable as a test oracle to check conformance of traces from arbitrary implementations, and a usable implementation of TLS; a modular and declarative programming style provides clean separation between its components. Many security flaws are thus excluded by construction. nqsb-TLS can be used in standalone Unix applications, which we demonstrate with a messaging client, and can also be compiled into Xen unikernels (specialised virtual machine image) with a trusted computing base (TCB) that is 4% of a standalone system running a standard Linux/OpenSSL stack, with all network traffic being handled in a memory-safe language; this supports applications including HTTPS, IMAP, Git, and Websocket clients and servers. Despite the dual-role de- sign, the high-level implementation style, and the functional programming language we still achieve reasonable performance, with the same handshake performance as OpenSSL and 73% – 84% for bulk throughput.

Authors. David Kaloper-Mersinjak, Hannes Mehnert, Anil Madhavapeddy and Peter Sewell

See Also. This publication was part of the Unikernels project.

News Updates

Feb 2020. «» Part 3 / «» Part 2 / «» Delivered the distinguished seminar series at St Andrews on rebuilding Operating Systems with functional principles.
Oct 2016. «» DockerCon talk on unikernels and MirageOS.
Jun 2016. «» Interviewed by The New Stack at OSCON in Austin, Texas / «» Updated the MirageOS community about the 2016 hack retreat.
May 2016. «» Announced HyperKit, VPNKit and DataKit for the Docker ecosystem.
Jan 2016. «» Announced that Unikernel Systems is now part of Docker.
Sep 2015. «» Invited talk at NetPL on Immutable Distributed Infrastructure with Unikernels.
Aug 2015. «» Paper on rebuilding TLS securely but practically at USENIX Security 2015.
May 2015. «» Talk at Esper on functional programming with unikernels.
Apr 2015. «» Updated the OCaml community on annual OCaml Labs activities for 2014.
Jan 2015. «» Gave BOB 2015 keynote on functional Operating Systems.
Nov 2014. «» New Directions in Operating Systems talk on Jitsu.
Oct 2014. «» At the Xen Summit speaking about branch consistency for Xen Stub Domains.
Sep 2014. «» Gave Haskell Symposium 2014 Keynote on functional OS design.
Jul 2014. «» Announced the release of MirageOS 1.2, and a roadmap towards MirageOS 2.0 / «» Announced the long-awaited release of MirageOS 2.0 / «» Appeared on FLOSS Weekly 302 about Open Mirage.
May 2014. «» Appeared on SE Radio Episode 204 about Mirage and OCaml.
Jan 2014. «» Note on the discussions around my recent CACM article on unikernels.
Nov 2013. «» MirageOS and XAPI project update at XenSummit / «» Note on integrating Docker and opam more effectively.
Jul 2013. «» Mirage Developer Preview 1 screencast.
Oct 2012. «» Discussing how we disaggregated MirageOS into opam packages.
Sep 2012. «» Note on how to build XenStore stub domains using MirageOS.
Feb 2012. «» Note on using ARM Dreamplugs with OCaml published.
Oct 2011. «» At the OCaml Meeting 2011 speaking about MirageOS.
Sep 2011. «» Liveblog on the talks at CUFP 2011.
Jun 2011. «» Note discussing an OCaml interface to our new CIEL dataflow engine / «» Published a note on delimited continuations vs Lwt in OCaml for MirageOS.
Oct 2010. «» Announced that the MirageOS website now self-hosted on MirageOS! / «» At LinkedIn giving tech talk about Mirage.
Jun 2010. «» At HotCloud for the first talk about MirageOS.