Functional Programming for Securing Cloud and Embedded Environments

Abstract: The ubiquity of digital systems across all aspects of modern society, while beneficial, has simultaneously exposed a lucrative attack surface for potential adversaries and attackers. Consequently, securing digital systems becomes of critical importance. In this dissertation, we address the security concerns of two classes of digital systems: (i) cloud systems, co-locating multiple applications and relying on a large trusted code base for software virtualisation, and (ii) embedded systems, resource-constrained environments that typically employ unsafe programming languages for application development. The thesis underlying our dissertation is that digital systems can be protected from a wide range of critical attacks by employing functional programming-based techniques, ensuring software isolation in the cloud, and facilitating high-level, declarative and memory-safe abstractions in embedded systems. Our approach here is to employ programming language tools, specifically functional programming, which focuses on building software by composing pure functions, avoiding shared state, mutable data, and side-effects, to enhance the security of both cloud and embedded systems. For cloud systems, we use functional programming abstractions to partition security-critical software into compartmentalised structures that use modern hardware protection mechanisms such as Trusted Execution Environments (TEEs) for software isolation. For embedded systems, we present high-level functional programming constructs that raise the level of abstractions and provides safety features to resource constrained embedded system. The dissertation is organised into two parts. Part I introduces two successive versions of a domain-specific language (DSL) designed for programming TEEs, such as Intel SGX. TEEs isolate applications from low-level system software with large codebases, such as operating systems and hypervisors, thereby minimizing the trusted computing base and reducing the resultant attack surface of cloud applications. Broadly, the DSL contributes the following: (1) It facilitates automatic type-based program partitioning between trusted and untrusted code, (2) It supports dynamic information flow control mechanisms for ensuring data confidentiality , (3) It integrates with an automated remote attestation framework to preserve TEE integrity , and (4) It offers a tierless programming model that helps minimise errors arising from multi-tier confidential computing applications, requiring adherence to complex data exchange protocols. Evaluations for Part I involve expressing confidential computing applications, such as (i) a privacy-preserving federated learning application, (ii) an encrypted password wallet, and (iii) a data-clean room design pattern for multiple parties to conduct data analytics. Part II contributes a functional language runtime and a functional reactive programming language targeting embedded systems, with the goal of raising the level of abstraction and ensuring memory and type safety. The runtime offers a unified message-passing framework for handling both software messages and hardware interrupts, along with a novel timing operator to capture the notion of time. This allows for expressing classical (1) concurrent , (2) I/O-bound , and (3) timing-aware embedded systems applications in a declarative manner. Similarly, the reactive programming language is a declarative, pure functional language built on top of the runtime. It tracks unique side effects in its type system using a feature called resource types . Evaluations for Part II ran the language and runtime on microcontrollers like NRF52, STM32, and GRiSP boards, microbenchmarking resource efficiency parameters including memory footprint, garbage collection latency, throughput, jitter, and interpretive load, demonstrating acceptable overheads. The programming artifacts resulting from this dissertation comprise the HasTEE and HasTEE+ DSLs for programming TEEs, the Synchron C99-based portable embedded systems runtime, and the Hailstorm reactive programming language for embedded systems. All these programming artifacts are made publicly available, along with the evaluation procedures, encouraging further experiments in securing both cloud and embedded systems.