SaTC: CORE: Medium: Collaborative: REVELARE: A Hardware-Supported Dynamic Information Flow Tracking Framework for IoT Security and Forensics

SaTC：核心：媒介：协作：REVELARE：用于物联网安全和取证的硬件支持的动态信息流跟踪框架

• 批准号: 1801613
• 负责人: Jedidiah Crandall
• 金额: $ 29.97万
• 依托单位: University of New Mexico
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-15 至 2020-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801613&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; REVELARE

Smart and connected devices, also known as Internet of Things (IoT) devices, are now an integral part of our daily lives. These devices are found in cars, phones, watches, appliances, home security systems, and in critical applications, such as utilities and in the biomedical industry. The convenience provided by IoT devices comes with unique security and privacy concerns. Because of the shortened time-to-market and the fierce competition among companies, security has not been treated as a priority in these devices. Very importantly, IoT security challenges are different from those present in conventional devices because IoT devices (i) are heterogeneous, (ii) have limited computational resources, and (iii) can be prevalent in very large numbers. Thus, there is an urgent need to develop standardized, efficient, and embedded security modules to protect such devices from cyber attacks. The goal of this project is to design, implement, and fabricate REVELARE, a security solution for IoT devices, which protects IoT devices in two ways. The first is through a hardware module embedded in the device, which can analyze and filter low-level events based on predefined security policies. The second component resides on a cloud environment and performs forensic analyses on a large set of events continuously recorded from the IoT device. This project has the potential to immensely improve IoT security. Manufacturers will be able to ship IoT devices with built-in protection against cyber attacks. The principal investigators, with complementary expertises in the Computer Science and Engineering fields, have a strong record of advancement of female and minority students, as well as involvement of undergraduate students in research projects. Further, this project opens up new avenues for future work in hardware-for-software security, an area which, while still in its infancy, has the potential for breakthroughs in cyber security.REVELARE is a hardware-supported dynamic information flow tracking (DIFT) framework to enhance IoT security and forensics. It consists of the following components: (i) a DIFT-enabling core for the ARM and the RISC-V architectures, which complements the main processor with DIFT capabilities, (ii) two DIFT-based security policies (prevention of memory corruption and in-memory-only attacks) enforced by hardware, whose accuracy is enhanced by the capture of DIFT indirect flows, and (iii) a mechanism for IoT virtualization-based security analysis and forensics, with the implementation of two types of security/forensics analyses: causality graphs and personalized (per-device) anomaly detection. REVELARE realizes the potential of DIFT capabilities for the needs of IoT security and forensics, transforming the state-of-the-art for how researchers in academia and industry have been addressing IoT security. Our efficient (architecture-supported) and effective (addressing indirect flows) DIFT framework can also inform future research on architecture-supported DIFT for other architectures (e.g., Intel x86) leveraged in traditional devices. Our combination of in-device built-in protection with cloud heavy-weight analysis and forensics has the potential to ignite the new field of IoT virtualization, in which IoT device management and security are outsourced to the cloud via virtualized devices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

智能互联设备，也称为物联网(IoT)设备，现在是我们日常生活中不可或缺的一部分。这些设备在汽车、手机、手表、家用电器、家庭安全系统以及公用事业和生物医药行业等关键应用中都有应用。物联网设备提供的便利伴随着独特的安全和隐私问题。由于上市时间的缩短和公司之间的激烈竞争，安全并没有被视为这些设备的优先事项。非常重要的是，物联网安全挑战不同于传统设备中存在的挑战，因为物联网设备(I)是异构性的，(Ii)计算资源有限，(Iii)可能非常普遍。因此，迫切需要开发标准化、高效和嵌入式的安全模块，以保护此类设备免受网络攻击。该项目的目标是设计、实施和制造物联网设备安全解决方案REVELARE，该解决方案通过两种方式保护物联网设备。第一种是通过嵌入在设备中的硬件模块，该模块可以根据预定义的安全策略分析和过滤低级别事件。第二个组件驻留在云环境中，对从物联网设备连续记录的大量事件执行取证分析。该项目有可能极大地提高物联网安全。制造商将能够发货具有内置网络攻击保护的物联网设备。首席调查人员在计算机科学和工程领域拥有互补的专业知识，在女性和少数族裔学生以及本科生参与研究项目方面都有很好的记录。此外，该项目为硬件换软件安全方面的未来工作开辟了新的途径，该领域虽然仍处于初级阶段，但有可能在网络安全方面取得突破。REVELARE是一个硬件支持的动态信息流跟踪(DIFT)框架，用于增强物联网安全和取证。它由以下组件组成：(I)用于ARM和RISC-V架构的支持DIFT的核心，它补充了主处理器的DIFT功能；(Ii)由硬件实施的两个基于DIFT的安全策略(防止内存崩溃和仅内存中的攻击)，其准确性通过捕获DIFT间接流而得到提高；以及(Iii)基于物联网虚拟化的安全分析和取证机制，通过实施两种类型的安全/取证分析：因果图和个性化(按设备)异常检测。REVELARE认识到DIFT功能满足物联网安全和取证需求的潜力，改变了学术界和工业界研究人员一直在解决物联网安全问题的最先进方式。我们高效的(架构支持的)和有效的(解决间接流动)DIFT框架还可以为未来研究传统设备中使用的其他架构(例如Intel x86)的架构支持的DIFT提供信息。我们将设备内内置保护与云重量级分析和取证相结合，有可能点燃物联网虚拟化的新领域，在该领域，物联网设备管理和安全通过虚拟化设备外包到云。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Detecting TCP/IP Connections via IPID Hash Collisions

• DOI: 10.2478/popets-2019-0071
• 发表时间: 2019-07
• 期刊: Proceedings on Privacy Enhancing Technologies
• 作者: Geoffrey Alexander;Antonio M. Espinoza;Jedidiah R. Crandall