Research

Contents

  1. 1 Objectives
  2. 2 Trustworthy Computing Research
    1. 2.1 Processor-Supported Whitelist Enforcement
    2. 2.2 Critical Infrastructure TCB Requirements
    3. 2.3 Remote Attestation for 32-bit and 8-bit Flash MCUs
    4. 2.4 Other Research
    5. 2.5 Architectures for Effective Demand Response
    6. 2.6 Opportunistic Use of Heterogeneous Networks for Emergency Response
    7. 2.7 Power Analysis for Remote Sensor Node Diagnosis
  3. 3 Complete Publication Listing

Objectives

  • Provide strong Trusted Computing Base (TCB) support for critical systems, including resource-constrained embedded systems.
  • Strengthen the TCB by shrinking it and modifying the processor core to support it.
  • Formally verify that it is secure in realistic operating conditions.

Trustworthy Computing Research


Processor-Supported Whitelist Enforcement

  • XIVE enforces a network-hosted code whitelist for software running on a specially-modified processor.  XIVE could be used to block attacks that rely on code injection, such as the PLC malware injection performed by Stuxnet.
    • The hardware modifications reduce XIVE's performance overhead and reduce the size of its TCB.
    • XIVE's kernel component comprises only 859 instructions.
  • Ph.D. Dissertation: "Compact Integrity-Aware Architectures" at University of Illinois at Urbana-Champaign. Aug. 2011.
  • Publication: Michael LeMay and Carl A. Gunter, "Enforcing Executing-Implies-Verified with the Integrity-Aware Processor," at International Conference on Trust and Trustworthy Computing (TRUST '11). Jun. 2011, Pittsburgh, PA, USA.

Critical Infrastructure TCB Requirements

  • The electric power grid relies on increasing numbers of embedded systems with remotely-upgradeable firmware.
    • Intelligent Electronic Devices (IEDs) in substations
    • Advanced electric meters in Advanced Metering Infrastructure (AMI)
  • Such systems potentially exhibit a variety of security and privacy vulnerabilities.
  • Remote attestation is desirable.  It permits authorized entities to verify that systems are running known firmware, to detect malware.
  • Publication: Michael LeMay, George Gross, Carl A. Gunter and Sanjam Garg: "Unified Architecture for Large-Scale Attested Metering" at Hawaii International Conference on System Sciences (HICSS '07). Jan. 2007, Waikoloa, HI, USA.

Remote Attestation for 32-bit and 8-bit Flash MCUs

  • Flash MCU: MicroController Unit (MCU) with small built-in flash memory and RAM, suitable for use in advanced meters.
  • We implemented remote attestation for a 32-bit flash MCU using only on-chip computational resources to conserve energy and reduce costs.
  • The remote attestation model is cumulative, meaning that all firmware revisions are recorded, not just the latest one.
  • We formally verified that our prototype satisfies important security and fault-tolerance properties using the Maude model checker.
  • Popular 8-bit flash MCUs do not have sufficient resources to support remote attestation in a standalone configuration.
  • We developed a remote attestation solution that offloads some work to a secondary 8-bit flash MCU.
  • Ph.D. Dissertation: "Compact Integrity-Aware Architectures" at University of Illinois at Urbana-Champaign. Aug. 2011.
  • Publication: Michael LeMay and Carl A. Gunter: "Cumulative Attestation Kernels for Embedded Systems" at European Symposium on Research in Computer Security (ESORICS '09). Sep. 2009, Saint Malo, France.

Other Research

Architectures for Effective Demand Response

  • Demand response: A process whereby an electricity consumer receives information from an electricity provider at a relatively fast rate and modifies their demand in response.
  • We propose and demonstrate an architecture for automating this process in the presence of multiple loci of control.
  • Example: An in-home-display centrally dims lighting in response to rising electricity prices, and a smart clothing dryer decides independently to turn off its heating element.
  • Publication: Michael LeMay, Rajesh Nelli, George Gross and Carl A. Gunter: "An Integrated Architecture for Demand Response Communications and Control" at Hawaii International Conference on System Sciences (HICSS '08). Jan. 2008, Waikoloa, HI, USA.

Opportunistic Use of Heterogeneous Networks for Emergency Response

  • Common networks may become disconnected during disasters.
  • We show how ad-hoc networking techniques can permit limited communication to occur over heterogeneous networks that happen to survive.
  • We demonstrate our technique using IP and a resilient mesh protocol, ZigBee, which is similar to some AMI networks that will be widely-deployed and thus potentially useful in a disaster scenario.
  • M.S. Thesis: "Dependable Emergency-Response Networking Based on Retaskable Network Infrastructures" University of Illinois, 2008.

Power Analysis for Remote Sensor Node Diagnosis

  • Sensors sometimes exhibit in-situ failures and are unable to communicate with the base station to indicate their status.
  • Some failures require immediate remedies to preserve critical sensor functionality, whereas others are solely communication-related.
  • We developed a parallel sensor network with independent radios to transmit and analyze power measurements from sensor nodes and thus distinguish between their failure modes to support appropriate responses.
  • Publication: Mohammad Maifi Hasan Khan, Hieu K. Le, Michael LeMay, Parya Moinzadeh, Lili Wang, Yong Yang, Dong K. Noh, Tarek Abdelzaher, Carl A. Gunter, Jiawei Han and Xin Jin: "Diagnostic Powertracing for Sensor Node Failure Analysis" at ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN '10). Apr. 2010, Stockholm, Sweden.

Complete Publication Listing

Sign in|Report Abuse|Print Page|Remove Access|Powered By Google Sites