Domain Informed Techniques for Detecting and Defending Against Malicious Firmware

Faculty:Tuba Yavuz
Project Description:Embedded systems play a large role in our daily lives. They are found in everything from computers and consumer electronics to appliances and automobiles, and represent a market estimated to be worth almost $160 billion. Many of them, however, use inexpensive microcontrollers that cannot easily be analyzed, so it is unclear how well they operate in practice. This work seeks improve the safety and security of these systems by developing techniques to analyze their firmware, particularly with regards to the popular Universal Serial Bus (USB) and Bluetooth protocols. This project will involve development of a platform for allowing firmware analysis of these common but overlooked microcontroller architectures. The goal is to validate the security of critical communications on these embedded devices. The project builds on three research thrusts: 1) Formal modeling of the USB and Bluetooth protocols and their sub-classes and automatic exploration of possible attack scenarios, 2) A firmware analysis framework with a novel query language and an analysis back-end, 3) A dynamic enforcement infrastructure that allows runtime vetting of devices prior to allowing machines to use them. This project will create techniques and systems that can be broadly deployed in consumer, enterprise, government and military environments. The lessons learned from building frameworks in the USB and Bluetooth environments can serve as a larger goal towards developing integrity frameworks for general-purpose embedded and internet-of-things (IoT)