CRII: SaTC: Reconciling Run-time Attestation Methods and Real-Time Embedded Applications

CRII：SaTC：协调运行时证明方法和实时嵌入式应用程序

• 批准号: 2245531
• 负责人: Ivan De Oliveira Nunes
• 金额: $ 17.48万
• 依托单位: Rochester Institute of Tech
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-03-15 至 2025-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2245531&HistoricalAwards=false
• 关键词: CRII; SaTC; Reconciling; Run; time

Embedded devices are increasingly ubiquitous and their importance is hard to overestimate. While they often support safety-critical system functions, they are usually implemented under strict cost/energy budgets, using Micro-Controller Units (MCUs) that lack security mechanisms akin to those available in general-purpose computers. Unsurprisingly, the insecurity of embedded software has already led to several attacks, including massive denial of service and large-scale exploits. Run-time attestation techniques aim to remotely detect Malware that compromises the execution of software on safety-critical MCUs. However, existent run-time attestation methods preclude MCUs from processing real-time events (e.g., physical inputs, arrival of network packets, or expiring timers) as soon as they occur. On the other hand, real embedded applications are highly dependent on such time-sensitive event processing. Motivated by this problem, this project's novelties are the design and implementation of run-time attestation techniques that can securely co-exist with the real-time needs of MCU applications. The project's broader significance and importance are to reconcile run-time attestation techniques with the needs of realistic applications, bringing run-time attestation closer to practical adoption. This project develops novel run-time attestation methods to detect run-time attacks while considering the realistic needs of embedded applications. Our approach addresses a major shortcoming of all current run-time attestation techniques: their inability to work in tandem with asynchronous events via system interrupts. This project bridges this gap by (1) characterizing the conflict between existing run-time attestation techniques and embedded applications that must process asynchronous events via interrupts; and (2) rethinking run-time attestation designs to make them amenable to system interrupts while retaining all of their security guarantees. The aforementioned goals are approached from two complementary perspectives: legacy devices that are already manufactured and in which hardware modifications are unfeasible; and future devices, in which clean-slate run-time attestation designs (that include custom hardware changes) are feasible.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

嵌入式设备越来越普遍，其重要性难以估量。虽然它们通常支持安全关键系统功能，但它们通常在严格的成本/能源预算下使用微控制器单元（MCU）实现，这些MCU缺乏与通用计算机中可用的安全机制类似的安全机制。毫不奇怪，嵌入式软件的不安全性已经导致了几次攻击，包括大规模拒绝服务和大规模利用。运行时认证技术旨在远程检测危及安全关键MCU上软件执行的恶意软件。然而，现有的运行时证明方法阻止MCU处理实时事件（例如，物理输入、网络分组的到达或到期定时器）。另一方面，真实的嵌入式应用程序高度依赖于这种时间敏感的事件处理。出于这个问题，该项目的新颖性是设计和实现的运行时认证技术，可以安全地共存的实时需求的MCU应用程序。该项目更广泛的意义和重要性是协调运行时证明技术与实际应用程序的需求，使运行时证明更接近实际采用。该项目开发了新的运行时认证方法来检测运行时攻击，同时考虑到嵌入式应用程序的实际需求。我们的方法解决了当前所有运行时证明技术的一个主要缺点：它们无法通过系统中断与异步事件协同工作。该项目通过以下方式弥合了这一差距：（1）描述现有运行时证明技术与必须通过中断处理异步事件的嵌入式应用程序之间的冲突;（2）重新思考运行时证明设计，使其能够应对系统中断，同时保留所有安全保证。上述目标是从两个互补的角度来实现的：已经制造且硬件修改不可行的遗留设备;以及未来的设备，其中白板运行时证明设计（包括自定义硬件更改）该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查进行评估，被认为值得支持的搜索.

项目成果

ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation

• DOI: 10.48550/arxiv.2303.16282
• 发表时间: 2023-03
• 期刊: ArXiv
• 作者: Adam Caulfield;Norrathep Rattanavipanon;I. O. Nunes

ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations

• DOI: 10.1109/rtas58335.2023.00018
• 发表时间: 2023-03
• 期刊: 2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS)
• 作者: Antonio Joia Neto;I. O. Nunes

DiCA: A Hardware-Software Co-Design for Differential Check-Pointing in Intermittently Powered Devices

DiCA：用于间歇供电设备中差分检查点的硬件-软件协同设计

• DOI: 10.1109/iccad57390.2023.10323895
• 发表时间: 2023
• 期刊: 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD
• 作者: Neto, Antonio Joia;Caulfield, Adam;Alvares, Chistabelle;De Oliveira Nunes, Ivan
• 通讯作者: De Oliveira Nunes, Ivan