Today, embedded devices are ubiquitous. These devices are inherently networked, which exposes them to malware attacks. Windows devices remain the most prominent targets of malware attacks to date. But this playing field is quickly changing, as demonstrated with firmware attacks to private access points or closed-circuit television cameras. Other intrusions to industrial and governmental infrastructure have been reported in the power grid, for industrial control and automotive systems, even in small devices in private homes that are networked, often referred to as the Internet-of-Things. As our daily lives increasingly rely on such devices, malware attacks pose a severe risk. Yet, limited computational capabilities constrain embedded security measures. Even worse, execution of malware code in control systems may result in a time lag of control actions. Such delays may result in property damage, catastrophic failures and even lost lives. Hence, the effect of malware on not just system functionality but also timings is critical.
This project will reshape the landscape of protection for networked control devices as novel timing-based protection mechanisms across the entire software stack will complement traditional cybersecurity methods to significantly enhance safety and reliability. The investigator will promote participation of students from under-represented groups, with emphasis on educating and training PhD students from these groups. The investigator will also work with long-term industry partners to turn these efforts into practical impact through transfer of techniques and other means of outreach
The overall objective of this work is to significantly increase cyber security across embedded and networked computing devices by developing real-time monitoring techniques that defeat cyber-attacks. The project hypothesizes that these devices can be enhanced by a novel class of malware detection approaches that rely on fine-grained timing information of such devices. The premise is that embedded devices are subject to control systems with soft or even hard real-time constraints. The execution path of such control code on embedded devices thus follows a stringent and predictable behavior, which can be characterized by timing analysis. Once upper bounds on timings along execution paths are established, this information not only aids in the verification of timing constraints, but it can also be exploited to detect deviations from the certified timing behavior. Timing-based malware detection thus provides a means for non-stop system integrity. What is more, it can be used to trigger transitions into a safe operating mode at an early intrusion detection point to prevent anomalous behavior from escalating.
|