Synergy: Collaborative: CPS-Security: End-to-End Security for the Internet of Things

协同：协作：CPS-安全：物联网的端到端安全

• 批准号: 1822332
• 负责人: Prabal Dutta
• 金额: $ 19.36万
• 依托单位: University of California-Berkeley
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-01-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1822332&HistoricalAwards=false
• 关键词: Synergy; Collaborative; CPS; Security; End

Computation is everywhere. Greeting cards have processors that play songs. Fireworks have processors for precisely timing their detonation. Computers are in engines, monitoring combustion and performance. They are in our homes, hospitals, offices, ovens, planes, trains, and automobiles. These computers, when networked, will form the Internet of Things (IoT). The resulting applications and services have the potential to be even more transformative than the World Wide Web. The security implications are enormous. Internet threats today steal credit cards. Internet threats tomorrow will disable home security systems, flood fields, and disrupt hospitals. The root problem is that these applications consist of software on tiny low-power devices and cloud servers, have difficult networking, and collect sensitive data that deserves strong cryptography, but usually written by developers who have expertise in none of these areas. The goal of the research is to make it possible for two developers to build a complete, secure, Internet of Things applications in three months.The research focuses on four important principles. The first is "distributed model view controller." A developer writes an application as a distributed pipeline of model-view-controller systems. A model specifies what data the application generates and stores, while a new abstraction called a transform specifies how data moves from one model to another. The second is "embedded-gateway-cloud." A common architecture dominates Internet of Things applications. Embedded devices communicate with a gateway over low-power wireless. The gateway processes data and communicates with cloud systems in the broader Internet. Focusing distributed model view controller on this dominant architecture constrains the problem sufficiently to make problems, such as system security, tractable. The third is "end-to-end security." Data emerges encrypted from embedded devices and can only be decrypted by end user applications. Servers can compute on encrypted data, and many parties can collaboratively compute results without learning the input. Analysis of the data processing pipeline allows the system and runtime to assert and verify security properties of the whole application. The final principle is "software-defined hardware." Because designing new embedded device hardware is time consuming, developers rely on general, overkill solutions and ignore the resulting security implications. The data processing pipeline can be compiled into a prototype hardware design and supporting software as well as test cases, diagnostics, and a debugging methodology for a developer to bring up the new device. These principles are grounded in Ravel, a software framework that the team collaborates on, jointly contributes to, and integrates into their courses and curricula on cyberphysical systems.

计算无处不在。贺卡有播放歌曲的处理器。烟花有处理器，可以精确地定时引爆。计算机在发动机中，监控燃烧和性能。它们存在于我们的家中、医院、办公室、烤箱、飞机、火车和汽车中。这些计算机联网后将形成物联网（IoT）。由此产生的应用程序和服务有可能比万维网更具变革性。安全影响是巨大的。今天的互联网威胁窃取信用卡。明天的互联网威胁将使家庭安全系统瘫痪，洪水泛滥，并扰乱医院。根本问题是，这些应用程序由小型低功耗设备和云服务器上的软件组成，网络连接困难，收集需要强大加密的敏感数据，但通常由在这些领域都没有专业知识的开发人员编写。这项研究的目标是让两个开发人员在三个月内构建一个完整的、安全的物联网应用程序成为可能。研究重点是四个重要原则。第一个是“分布式模型视图控制器”。“开发人员将应用程序编写为模型-视图-控制器系统的分布式管道。模型指定了应用程序生成和存储的数据，而一种称为转换的新抽象指定了数据如何从一个模型移动到另一个模型。二是“嵌入式-网关-云”。“一个共同的架构主导着物联网应用。嵌入式设备通过低功耗无线与网关通信。网关处理数据并与更广泛的互联网中的云系统进行通信。将分布式模型视图控制器集中在这个占主导地位的体系结构上，可以充分限制问题，使问题变得易于处理，例如系统安全性。第三是“端到端安全”。“数据从嵌入式设备中加密出现，只能由最终用户应用程序解密。服务器可以在加密数据上进行计算，多方可以在不学习输入的情况下协作计算结果。数据处理管道的分析允许系统和运行时断言和验证整个应用程序的安全属性。最后一个原则是“软件定义硬件”。由于设计新的嵌入式设备硬件非常耗时，开发人员依赖于通用的过度解决方案，而忽略了由此产生的安全问题。数据处理流水线可以被编译成原型硬件设计和支持软件以及测试用例、诊断和调试方法，以供开发人员开发新设备。这些原则以Ravel为基础，Ravel是一个软件框架，团队合作，共同贡献，并整合到他们的网络物理系统课程和课程中。