CRII: SaTC: Reconciling Run-time Attestation Methods and Real-Time Embedded Applications
Rochester Institute Of Tech, Rochester NY
Investigators
Abstract
Embedded devices are increasingly ubiquitous and their importance is hard to overestimate. While they often support safety-critical system functions, they are usually implemented under strict cost/energy budgets, using Micro-Controller Units (MCUs) that lack security mechanisms akin to those available in general-purpose computers. Unsurprisingly, the insecurity of embedded software has already led to several attacks, including massive denial of service and large-scale exploits. Run-time attestation techniques aim to remotely detect Malware that compromises the execution of software on safety-critical MCUs. However, existent run-time attestation methods preclude MCUs from processing real-time events (e.g., physical inputs, arrival of network packets, or expiring timers) as soon as they occur. On the other hand, real embedded applications are highly dependent on such time-sensitive event processing. Motivated by this problem, this project's novelties are the design and implementation of run-time attestation techniques that can securely co-exist with the real-time needs of MCU applications. The project's broader significance and importance are to reconcile run-time attestation techniques with the needs of realistic applications, bringing run-time attestation closer to practical adoption. This project develops novel run-time attestation methods to detect run-time attacks while considering the realistic needs of embedded applications. Our approach addresses a major shortcoming of all current run-time attestation techniques: their inability to work in tandem with asynchronous events via system interrupts. This project bridges this gap by (1) characterizing the conflict between existing run-time attestation techniques and embedded applications that must process asynchronous events via interrupts; and (2) rethinking run-time attestation designs to make them amenable to system interrupts while retaining all of their security guarantees. The aforementioned goals are approached from two complementary perspectives: legacy devices that are already manufactured and in which hardware modifications are unfeasible; and future devices, in which clean-slate run-time attestation designs (that include custom hardware changes) are feasible. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →