CT-ISG: Compiler-Enabled Adaptive Security Monitoring on Networked Embedded Systems
Zhiyuan Li, Saurabh Bagchi, Yung-Hsiang Lu
Department of Computer Science, Department of Electrical and Electronic Engineering Purdue University
Hardware technologies have made steady progress in miniaturization of sensors and computing/communication devices, which has driven a trend towards pervasive computing, which is a way to let computing devices directly interact with the physical world to monitor the natural environment, to provide building safety, and so on. In order to make pervasive computing a reality, it is critical to secure the underlying networked embedded systems, because these systems may collect important environment data upon which time-sensitive decisions are dependent.
Unfortunately, many of networked embedded systems, e.g. wireless and wired sensor networks, RFID infrastructure, wireless mesh networks, have components or links that are openly exposed to potential adversaries and hence are under constant security threats such as node capture, denial of service, and intrusion, among others. To make the matters worse, many networked embedded systems have much more constrained resources such as storage, bandwidth, computing power and energy than computers used in non-embedded applications, e.g. desktop machines and servers. Sophisticated computer security schemes developed over the last few decades are often infeasible on networked embedded systems, at least not in their original forms.
The research team of this project develops a multi-grade monitoring scheme, supported by a new programming interface, in which low-cost monitoring activities are deployed in normal mode of operation of the systems to detect suspicious symptoms which are possibly, although not necessarily, caused by security threats. This effort will lead to much more effective, yet affordable, security monitoring and defense on networked embedded systems,
