(1) Secure IoT nodes and networks
The proliferation of Internet of Things (IoT) is bringing new levels of connectivity and automation to embedded systems. This exposes such systems to network-based attacks. In the low-end IoT systems, nodes execute a single binary image providing both OS functionality and application logic, with full privileges throughout. The well-understood server-class protections (like address space randomization) are difficult to apply here because of tight resource constraints and no availability of virtual memory, MMU, etc.
The software design pattern prevalent in such systems shuns abstractions and allows all code to access all data and peripherals. Our project first develops methods to automatically trigger faults in such systems, including through UI interactions. Then it provides techniques to achieve separation of privileges through automatic compartmentalization of code, data, and peripherals. Runtime mechanisms enforce the compartment-based isolation while handling the hardware limitations of bare-metal embedded devices. We provide benchmark suites in the IoT space which will allow others to comparatively evaluate various security protocols.
(2) Behavioral Game Theory for Securing Inter-dependent IoT Systems
We study the security of large-scale cyber-physical systems (CPS) consisting of multiple interdependent subsystems, each managed by a different defender. Defenders invest their security budgets with the goal of thwarting the spread of cyber attacks to their critical assets. Facing increasingly sophisticated attacks from external adversaries, CPS owners have to judiciously allocate their (often limited) security budget in order to reduce their cyber risks. In their allocation, since CPS typically have many legacy components, improving the security of all of them at the same time is infeasible. This resource allocation problem is further complicated by the fact that large-scale CPS consist of multiple interdependent subsystems managed by different operators, with each operator in charge of securing their own subsystem. As a result, the security losses incurred by each operator will ultimately depend not only on their own security investments, but also on the decisions of all other stakeholders in the CPS.
Game theory has played a key role in reasoning about such security decision making problems, due to its ability to systematically capture the incentives of the various defenders from one side, and the attackers’ strategic best responses from the other side. As a novel method, we propose behavioral security games, in which defenders exhibit characteristics of human decision making that have been identified by behavioral economics, specifically, nonlinear perceptions of probabilities.
(3) Resilience of Mobiles and Wearables
As there is a profusion of new kinds of wearable and mobile devices, we pause to ask what is the software reliability of the software that runs on these devices. These devices increasingly run complex software stacks and have the salient characteristic that they have a number of sensors on them. There has been little in the way of systematic analysis of their reliability characteristics under various conditions — when multiple sensors are activated at the same time, when external malformed events arrive at the device, when user interaction causes multiple concurrent events.
In this work, we are bringing the notion of stateful fuzzing to these new kinds of devices to unearth their reliability weak points. We then suggest architectural improvements (to Android and Wear OS) to mitigate these weak points. We have managed to do a longitudinal study of Android OS from its early days to Wear OS now. We have had conversations with the vendors and through them improved the resilience of the devices.