Towards Proofs of Remote Software Execution and TOCTOU-Avoidance in Simple Embedded Systems.

Speaker: Ivan De Oliveira Nunes , RIT

Date: Wednesday, December 08, 2021

Time: 4:00 PM to 5:00 PM Note: all times are in the Eastern Time Zone

Public: Yes

Location: Virtual (Zoom; contact for details)

Event Type: Seminar

Room Description:

Host: Zachary Newman, CSAIL MIT

Contact: Zachary J Newman, zjn@csail.mit.edu

Relevant URL:

Speaker URL: https://sites.uci.edu/ionunes/

Speaker Photo:
None

Reminders to: systems-security@csail.mit.edu, ivanoliv@uci.edu

Reminder Subject: TALK: Towards Proofs of Remote Software Execution and TOCTOU-Avoidance in Simple Embedded Systems.

Modern society is increasingly surrounded by, and is growing accustomed to, a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), and smart devices. They often perform safety- critical functions, e.g., personal medical devices, automotive CPS as well as industrial and residential automation, e.g., sensor-alarm combinations. On the lower end of the scale, these devices are small, cheap, and specialized sensors and/or actuators. They tend to host small CPUs, have small amounts of memory, and run simple software. If such devices are left unprotected, consequences of forged sensor readings or ignored actuation commands can be catastrophic, particularly, in safety-critical settings. This prompts the following three questions: (1) How to trust data produced, or verify that commands were performed, by a simple remote embedded device?, (2) How to bind these actions/results to the execution of expected software? and, (3) Can (1) and (2) be efficiently attained even if all software on a device can be modified and/or compromised (e.g., by malware)?

In this talk, I will overview two techniques that specifically target low-end microcontrollers, namely proofs of execution, and TOCTOU-avoidance. These techniques can be leveraged to assure the integrity of software and its execution, even on some of the most resource-constrained micro-controllers. In particular, I will discuss two formally verified architectures realizing the aforementioned techniques (APEX, and RATA) and how they have been securely implemented atop the TI MSP430 low-end micro-controller at a relatively low-cost.

Ivan De Oliveira Nunes is an Assistant Professor of Computing Security at the Rochester Institute of Technology (RIT). He received his Ph.D. from the University of California, Irvine (UCI) in 2021. Before UCI, he obtained a Computer Engineering degree at the Federal University of Espirito Santo (UFES), in Brazil, from 2009 to 2014. He also holds a Computer Science M.Sc. degree from the Federal University of Minas Gerais (UFMG) - Brazil (2016). In recent years, he has worked on several topics, including IoT Security, Content-Centric Networking Security, Secure Multi-Party Computation (MPC), Biometric-Based Authentication, and Opportunistic Mobile Networking. His research interests span the fields of security and privacy, embedded systems, computer networking, applied cryptography, and especially their intersection.

Research Areas:
Security & Cryptography

Impact Areas:
Cybersecurity

See other events that are part of the CSAIL Security Seminar Series 2021.

Created by Zachary J Newman Email at Monday, November 08, 2021 at 9:14 AM.