SaTC: CORE: Medium: Collaborative: REVELARE: A Hardware-Supported Dynamic Information Flow Tracking Framework for IoT Security and Forensics

SaTC：核心：媒介：协作：REVELARE：用于物联网安全和取证的硬件支持的动态信息流跟踪框架

• 批准号: 1801599
• 负责人: Renato Figueiredo
• 金额: $ 59.97万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-15 至 2023-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801599&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; REVELARE

Smart and connected devices, also known as Internet of Things (IoT) devices, are now an integral part of our daily lives. These devices are found in cars, phones, watches, appliances, home security systems, and in critical applications, such as utilities and in the biomedical industry. The convenience provided by IoT devices comes with unique security and privacy concerns. Because of the shortened time-to-market and the fierce competition among companies, security has not been treated as a priority in these devices. Very importantly, IoT security challenges are different from those present in conventional devices because IoT devices (i) are heterogeneous, (ii) have limited computational resources, and (iii) can be prevalent in very large numbers. Thus, there is an urgent need to develop standardized, efficient, and embedded security modules to protect such devices from cyber attacks. The goal of this project is to design, implement, and fabricate REVELARE, a security solution for IoT devices, which protects IoT devices in two ways. The first is through a hardware module embedded in the device, which can analyze and filter low-level events based on predefined security policies. The second component resides on a cloud environment and performs forensic analyses on a large set of events continuously recorded from the IoT device. This project has the potential to immensely improve IoT security. Manufacturers will be able to ship IoT devices with built-in protection against cyber attacks. The principal investigators, with complementary expertises in the Computer Science and Engineering fields, have a strong record of advancement of female and minority students, as well as involvement of undergraduate students in research projects. Further, this project opens up new avenues for future work in hardware-for-software security, an area which, while still in its infancy, has the potential for breakthroughs in cyber security.REVELARE is a hardware-supported dynamic information flow tracking (DIFT) framework to enhance IoT security and forensics. It consists of the following components: (i) a DIFT-enabling core for the ARM and the RISC-V architectures, which complements the main processor with DIFT capabilities, (ii) two DIFT-based security policies (prevention of memory corruption and in-memory-only attacks) enforced by hardware, whose accuracy is enhanced by the capture of DIFT indirect flows, and (iii) a mechanism for IoT virtualization-based security analysis and forensics, with the implementation of two types of security/forensics analyses: causality graphs and personalized (per-device) anomaly detection. REVELARE realizes the potential of DIFT capabilities for the needs of IoT security and forensics, transforming the state-of-the-art for how researchers in academia and industry have been addressing IoT security. Our efficient (architecture-supported) and effective (addressing indirect flows) DIFT framework can also inform future research on architecture-supported DIFT for other architectures (e.g., Intel x86) leveraged in traditional devices. Our combination of in-device built-in protection with cloud heavy-weight analysis and forensics has the potential to ignite the new field of IoT virtualization, in which IoT device management and security are outsourced to the cloud via virtualized devices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

智能和连接的设备，也称为物联网（IoT）设备，现在已成为我们日常生活中不可或缺的一部分。这些设备位于汽车，电话，手表，电器，家庭安全系统以及关键应用程序（例如公用事业和生物医学行业）中。物联网设备提供的便利性带有独特的安全性和隐私问题。由于上市时间缩短和公司之间激烈的竞争，因此在这些设备中，安全尚未被视为优先事项。非常重要的是，物联网安全挑战与传统设备中存在的挑战不同，因为物联网设备（i）是异质的，（ii）的计算资源有限，并且（iii）可以很大程度上普遍存在。 因此，迫切需要开发标准化，高效和嵌入式安全模块，以保护此类设备免受网络攻击。该项目的目的是设计，实施和制造Revelare，这是针对IoT设备的安全解决方案，该解决方案以两种方式保护IoT设备。首先是通过嵌入设备中的硬件模块，该模块可以根据预定义的安全策略分析和过滤低级事件。第二个组件位于云环境上，并对从物联网设备连续记录的大型事件进行法医分析。 该项目有可能大大提高物联网安全性。制造商将能够通过内置防护网络攻击运送IoT设备。在计算机科学和工程领域具有互补专业的主要研究人员，在女性和少数族裔学生的进步以及本科生参与研究项目方面有很强的记录。此外，该项目为硬件软件安全性的未来工作开辟了新的途径，该领域仍处于起步阶段，但仍具有在网络安全方面取得突破的潜力。Revelare是一个硬件支持的动态信息流跟踪（DIFT）框架，以增强IoT安全性和forensics。它由以下组件组成：（i）手臂和RISC-V体系结构的差异核心，它具有Dift功能，（ii）两种基于Dift的安全策略（预防记忆损坏和唯一的记忆中唯一的内存攻击）由硬件强大的机制增强了III的机制，并且III（III）是III（III）（III IID）（II II IID）（II II IID）（II II IID），并且它是III（II III）（II II flow ford a）分析和取证，实施了两种类型的安全/取证分析：因果关系图和个性化（人均）异常检测。 Revelare意识到了对物联网安全和法医需求的Dift功能的潜力，从而改变了学术界和行业研究人员如何解决IoT安全的最新技术。我们的高效（由建筑支持）和有效（解决间接流）DIFT框架还可以为未来在传统设备中利用其他体系结构（例如Intel X86）建筑支持的差异的研究提供信息。 Our combination of in-device built-in protection with cloud heavy-weight analysis and forensics has the potential to ignite the new field of IoT virtualization, in which IoT device management and security are outsourced to the cloud via virtualized devices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

项目成果

Challenges and Opportunities for Practical and Effective Dynamic Information Flow Tracking

实用有效的动态信息流跟踪的挑战和机遇

• DOI: 10.1145/3483790
• 发表时间: 2023
• 期刊: ACM Computing Surveys
• 影响因子: 16.6
• 作者: Brant, Christopher;Shrestha, Prakash;Mixon-Baca, Benjamin;Chen, Kejun;Varlioglu, Said;Elsayed, Nelly;Jin, Yier;Crandall, Jedidiah;Oliveira, Daniela
• 通讯作者: Oliveira, Daniela

Towards Hardware-Assisted Security for IoT Systems

迈向物联网系统的硬件辅助安全

• DOI: 10.1109/isvlsi.2019.00118
• 发表时间: 2019
• 期刊: 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI
• 作者: Jin, Yier

RTSEC: Automated RTL Code Augmentation for Hardware Security Enhancement

RTSEC：用于增强硬件安全性的自动 RTL 代码增强

• DOI: 10.23919/date54114.2022.9774745
• 发表时间: 2022
• 期刊: Automation & Test in Europe Conference & Exhibition (DATE
• 作者: Arias, Orlando;Liu, Zhaoxiang;Guo, Xiaolong;Jin, Yier;Wang, Shuo
• 通讯作者: Wang, Shuo

FineDIFT: Fine-Grained Dynamic Information Flow Tracking for Data-Flow Integrity Using Coprocessor

FineDIFT：使用协处理器实现数据流完整性的细粒度动态信息流跟踪

• DOI: 10.1109/tifs.2022.3144868
• 发表时间: 2022
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Chen, Kejun;Arias, Orlando;Deng, Qingxu;Oliveira, Daniela;Guo, Xiaolong;Jin, Yier
• 通讯作者: Jin, Yier

Dual-Leak: Deep Unsupervised Active Learning for Cross-Device Profiled Side-Channel Leakage Analysis

• DOI: 10.1109/host55118.2023.10133491
• 发表时间: 2023-05
• 期刊: 2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
• 作者: H. Yu;Shuo Wang;Haoqi Shan;Max Panoff;Michael Lee;Kaichen Yang;Yier Jin