Embedded systems play a large role in our daily lives. They are found in everything from computers and consumer electronics to appliances and automobiles, and represent a market estimated to be worth almost $160 billion. Many of them, however, use inexpensive microcontrollers that cannot easily be analyzed, so it is unclear how well they operate in practice. This work seeks improve the safety and security of these systems by developing techniques to analyze their firmware, particularly with regards to the popular Universal Serial Bus (USB) and Bluetooth protocols.
This project will involve development of a platform for allowing firmware analysis of these common but overlooked microcontroller architectures. The goal is to validate the security of critical communications on these embedded devices. The project builds on three research thrusts: 1) Formal modeling of the USB and Bluetooth protocols and their sub-classes and automatic exploration of possible attack scenarios, 2) A firmware analysis framework with a novel query language and an analysis back-end, 3) A dynamic enforcement infrastructure that allows runtime vetting of devices prior to allowing machines to use them.
This project will create techniques and systems that can be broadly deployed in consumer, enterprise, government and military environments. The lessons learned from building frameworks in the USB and Bluetooth environments can serve as a larger goal towards developing integrity frameworks for general-purpose embedded and internet-of-things (IoT) environments.
The products of this project will be maintained for at least the duration of the project. Data and code from this project will be stored on the website www.firmware-analysis.org.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
