Smart and connected devices, also known as Internet of Things (IoT) devices, are now an integral part of our daily lives. These devices are found in cars, phones, watches, appliances, home security systems, and in critical applications, such as utilities and in the biomedical industry. The convenience provided by IoT devices comes with unique security and privacy concerns. Because of the shortened time-to-market and the fierce competition among companies, security has not been treated as a priority in these devices. Very importantly, IoT security challenges are different from those present in conventional devices because IoT devices (i) are heterogeneous, (ii) have limited computational resources, and (iii) can be prevalent in very large numbers. Thus, there is an urgent need to develop standardized, efficient, and embedded security modules to protect such devices from cyber attacks. The goal of this project is to design, implement, and fabricate REVELARE, a security solution for IoT devices, which protects IoT devices in two ways. The first is through a hardware module embedded in the device, which can analyze and filter low-level events based on predefined security policies. The second component resides on a cloud environment and performs forensic analyses on a large set of events continuously recorded from the IoT device. This project has the potential to immensely improve IoT security. Manufacturers will be able to ship IoT devices with built-in protection against cyber attacks. The principal investigators, with complementary expertises in the Computer Science and Engineering fields, have a strong record of advancement of female and minority students, as well as involvement of undergraduate students in research projects. Further, this project opens up new avenues for future work in hardware-for-software security, an area which, while still in its infancy, has the potential for breakthroughs in cyber security.
REVELARE is a hardware-supported dynamic information flow tracking (DIFT) framework to enhance IoT security and forensics. It consists of the following components: (i) a DIFT-enabling core for the ARM and the RISC-V architectures, which complements the main processor with DIFT capabilities, (ii) two DIFT-based security policies (prevention of memory corruption and in-memory-only attacks) enforced by hardware, whose accuracy is enhanced by the capture of DIFT indirect flows, and (iii) a mechanism for IoT virtualization-based security analysis and forensics, with the implementation of two types of security/forensics analyses: causality graphs and personalized (per-device) anomaly detection. REVELARE realizes the potential of DIFT capabilities for the needs of IoT security and forensics, transforming the state-of-the-art for how researchers in academia and industry have been addressing IoT security. Our efficient (architecture-supported) and effective (addressing indirect flows) DIFT framework can also inform future research on architecture-supported DIFT for other architectures (e.g., Intel x86) leveraged in traditional devices. Our combination of in-device built-in protection with cloud heavy-weight analysis and forensics has the potential to ignite the new field of IoT virtualization, in which IoT device management and security are outsourced to the cloud via virtualized devices.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
