CAREER: SaTC: Rethinking Trusted Execution Environments for Embedded and IoT Systems

职业：SaTC：重新思考嵌入式和物联网系统的可信执行环境

• 批准号: 2237238
• 负责人: Ziming Zhao
• 金额: $ 56.47万
• 依托单位: SUNY at Buffalo
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-02-15 至 2028-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2237238&HistoricalAwards=false
• 关键词: CAREER; SaTC; Rethinking; Trusted; Execution

Networked embedded and Internet of things (IoT) systems are essential to everyday life and predicted to reach one trillion systems by 2035. These systems power a variety of embedded and IoT devices, such as sensors, medical devices, wearables, smart family gadgets, industrial computing units, autonomous vehicles, and infotainment systems. While the benefits of these systems are unparalleled, they are susceptible to cyberattacks, which are occurring at unprecedented levels and often have severe consequences ranging from loss of life to homeland security breaches. To ensure our IoT infrastructure and ecosystem are built on a trustworthy and secure foundation, this project's novelties are to expand knowledge in pursuit of trustworthy and deployable solutions encompassing the hardware and software layers of computer systems. The project's broader significance and importance, beyond securing the IoT infrastructure, are to train the next generation of cybersecurity researchers, educators, and practitioners with deep theoretical understandings and practical skills in this field.Trusted Execution Environments (TEE), an enabling technology for the confidential computing paradigm, are offered in Central Processing Units (CPUs) as a foundational primitive for security to keep code and data loaded inside computer systems protected. The hardware and software layers of existing TEEs nevertheless have been criticized for lack of transparency and presence of vulnerabilities. This project studies a systematic research approach to increase the trustworthiness and deployability of TEEs and TEE-based security solutions for embedded and IoT devices. Specifically, the project advances the frontiers of knowledge in (1) designing trustworthy TEE hardware paradigms with a minimal Trusting Computing Base (TCB); (2) discovering and fixing confused deputy vulnerabilities of TEE software; and (3) developing new security solutions that utilize TEEs and other hardware units for better protection and superior performance. The education thrust advances the state of knowledge in IoT software and system security education pedagogy and platform.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络嵌入式和物联网（IoT）系统对日常生活至关重要，预计到2035年将达到1万亿个系统。这些系统为各种嵌入式和物联网设备提供动力，例如传感器、医疗设备、可穿戴设备、智能家庭小工具、工业计算单元、自动驾驶汽车和信息娱乐系统。虽然这些系统的优势无与伦比，但它们很容易受到网络攻击的影响，网络攻击正以前所未有的水平发生，往往会造成从生命损失到国土安全漏洞等严重后果。为了确保我们的物联网基础设施和生态系统建立在一个值得信赖和安全的基础上，这个项目的新颖之处在于扩展知识，追求可信和可部署的解决方案，包括计算机系统的硬件和软件层。除了确保物联网基础设施的安全，该项目更广泛的意义和重要性在于培养下一代网络安全研究人员、教育工作者和从业人员，他们在该领域具有深厚的理论理解和实践技能。可信执行环境（TEE）是一种支持机密计算范例的技术，它在中央处理单元（cpu）中提供，作为安全性的基本原语，以保护计算机系统内加载的代码和数据。然而，现有tee的硬件和软件层因缺乏透明度和存在漏洞而受到批评。本项目研究了一种系统的研究方法，以提高tee和基于tee的嵌入式和物联网设备安全解决方案的可信度和可部署性。具体而言，该项目在以下方面推进了知识的前沿：(1)设计具有最小可信计算基础（TCB）的可信TEE硬件范式；(2)发现并修复TEE软件的混淆副漏洞；(3)开发新的安全解决方案，利用tee和其他硬件单元提供更好的保护和卓越的性能。教育推力推进了物联网软件和系统安全教育教学方法和平台的知识状态。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。