CRII: SaTC: Reconciling Run-time Attestation Methods and Real-Time Embedded Applications

CRII:SaTC:协调运行时证明方法和实时嵌入式应用程序

基本信息

  • 批准号:
    2245531
  • 负责人:
    Ivan De Oliveira Nunes
  • 金额:
    $ 17.48万
  • 依托单位:
    Rochester Institute of Tech
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2023
  • 资助国家:
    美国
  • 起止时间:
    2023-03-15 至 2025-02-28
  • 项目状态:
    未结题

项目摘要

Embedded devices are increasingly ubiquitous and their importance is hard to overestimate. While they often support safety-critical system functions, they are usually implemented under strict cost/energy budgets, using Micro-Controller Units (MCUs) that lack security mechanisms akin to those available in general-purpose computers. Unsurprisingly, the insecurity of embedded software has already led to several attacks, including massive denial of service and large-scale exploits. Run-time attestation techniques aim to remotely detect Malware that compromises the execution of software on safety-critical MCUs. However, existent run-time attestation methods preclude MCUs from processing real-time events (e.g., physical inputs, arrival of network packets, or expiring timers) as soon as they occur. On the other hand, real embedded applications are highly dependent on such time-sensitive event processing. Motivated by this problem, this project's novelties are the design and implementation of run-time attestation techniques that can securely co-exist with the real-time needs of MCU applications. The project's broader significance and importance are to reconcile run-time attestation techniques with the needs of realistic applications, bringing run-time attestation closer to practical adoption. This project develops novel run-time attestation methods to detect run-time attacks while considering the realistic needs of embedded applications. Our approach addresses a major shortcoming of all current run-time attestation techniques: their inability to work in tandem with asynchronous events via system interrupts. This project bridges this gap by (1) characterizing the conflict between existing run-time attestation techniques and embedded applications that must process asynchronous events via interrupts; and (2) rethinking run-time attestation designs to make them amenable to system interrupts while retaining all of their security guarantees. The aforementioned goals are approached from two complementary perspectives: legacy devices that are already manufactured and in which hardware modifications are unfeasible; and future devices, in which clean-slate run-time attestation designs (that include custom hardware changes) are feasible.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
嵌入式设备越来越普遍,其重要性怎么估计都不为过。虽然它们通常支持安全关键系统功能,但它们通常是在严格的成本/能源预算下实施的,使用的微控制器单元(MCU)缺乏与通用计算机中提供的安全机制类似的安全机制。不出所料,嵌入式软件的不安全性已经导致了几次攻击,包括大规模拒绝服务和大规模利用。运行时证明技术旨在远程检测危害安全关键型MCU上的软件执行的恶意软件。然而,现有的运行时证明方法阻止MCU在实时事件(例如,物理输入、网络分组到达或计时器到期)发生时立即处理它们。另一方面,真正的嵌入式应用程序高度依赖于这种对时间敏感的事件处理。在这个问题的推动下,本项目的创新之处在于设计和实现了能够安全地与MCU应用程序的实时需求共存的运行时证明技术。该项目更广泛的意义和重要性是使运行时证明技术与实际应用程序的需求相协调,使运行时证明更接近实际采用。该项目开发了新的运行时证明方法来检测运行时攻击,同时考虑到嵌入式应用的现实需求。我们的方法解决了当前所有运行时证明技术的一个主要缺陷:它们无法通过系统中断与异步事件协同工作。该项目通过(1)描述现有的运行时证明技术与必须通过中断处理异步事件的嵌入式应用程序之间的冲突;以及(2)重新考虑运行时证明设计,使它们能够适应系统中断,同时保留其所有安全保证,从而弥合了这一差距。上述目标是从两个互补的角度来实现的:已经制造且硬件修改不可行的遗留设备;以及未来的设备,在这些设备中,完全从头开始的运行时证明设计(包括定制硬件更改)是可行的。该奖项反映了NSF的法定使命,并通过使用基金会的智力优势和更广泛的影响审查标准进行评估,被认为值得支持。

项目成果

期刊论文数量(5)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation
  • DOI:
    10.48550/arxiv.2303.16282
  • 发表时间:
    2023-03
  • 期刊:
    ArXiv
  • 影响因子:
    0
  • 作者:
    Adam Caulfield;Norrathep Rattanavipanon;I. O. Nunes
  • 通讯作者:
    Adam Caulfield;Norrathep Rattanavipanon;I. O. Nunes
ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations
DiCA: A Hardware-Software Co-Design for Differential Check-Pointing in Intermittently Powered Devices
DiCA:用于间歇供电设备中差分检查点的硬件-软件协同设计
{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
    {{ item.journal_name }}
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Ivan De Oliveira Nunes其他文献

Ivan De Oliveira Nunes的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
    {{ item.journal_name }}
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}
立即体验

相似海外基金

CRII: SaTC: Automated Knowledge Representation for IoT Cybersecurity Regulations
CRII:SaTC:物联网网络安全法规的自动化知识表示
  • 批准号:
    2348147
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Standard Grant
CRII: SaTC: Reliable Hardware Architectures Against Side-Channel Attacks for Post-Quantum Cryptographic Algorithms
CRII:SaTC:针对后量子密码算法的侧通道攻击的可靠硬件架构
  • 批准号:
    2348261
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Standard Grant
CRII: SaTC: Privacy vs. Accountability--Usable Deniability and Non-Repudiation for Encrypted Messaging Systems
CRII:SaTC:隐私与责任——加密消息系统的可用否认性和不可否认性
  • 批准号:
    2348181
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Standard Grant
SaTC: CORE: Small: An evaluation framework and methodology to streamline Hardware Performance Counters as the next-generation malware detection system
SaTC:核心:小型:简化硬件性能计数器作为下一代恶意软件检测系统的评估框架和方法
  • 批准号:
    2327427
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
  • 批准号:
    2317232
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
  • 批准号:
    2330940
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Continuing Grant
CRII: SaTC: Evolving I/O Protocols for Confidential Computing
CRII:SaTC:用于机密计算的不断发展的 I/O 协议
  • 批准号:
    2348130
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Standard Grant
CRII: SaTC: Enforcing Expressive Security Policies using Trusted Execution Environments
CRII:SaTC:使用可信执行环境执行表达性安全策略
  • 批准号:
    2348304
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Standard Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338301
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Continuing Grant
CRII: SaTC: The Right to be Forgotten in Follow-ups of Machine Learning: When Privacy Meets Explanation and Efficiency
CRII:SaTC:机器学习后续中被遗忘的权利:当隐私遇到解释和效率时
  • 批准号:
    2348177
  • 财政年份:
    2024
  • 资助金额:
    $ 17.48万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了