SaTC: CORE: Medium: Collaborative: REVELARE: A Hardware-Supported Dynamic Information Flow Tracking Framework for IoT Security and Forensics

SaTC：核心：媒介：协作：REVELARE：用于物联网安全和取证的硬件支持的动态信息流跟踪框架

• 批准号: 1801599
• 负责人: Renato Figueiredo
• 金额: $ 59.97万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-15 至 2023-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801599&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; REVELARE

Smart and connected devices, also known as Internet of Things (IoT) devices, are now an integral part of our daily lives. These devices are found in cars, phones, watches, appliances, home security systems, and in critical applications, such as utilities and in the biomedical industry. The convenience provided by IoT devices comes with unique security and privacy concerns. Because of the shortened time-to-market and the fierce competition among companies, security has not been treated as a priority in these devices. Very importantly, IoT security challenges are different from those present in conventional devices because IoT devices (i) are heterogeneous, (ii) have limited computational resources, and (iii) can be prevalent in very large numbers. Thus, there is an urgent need to develop standardized, efficient, and embedded security modules to protect such devices from cyber attacks. The goal of this project is to design, implement, and fabricate REVELARE, a security solution for IoT devices, which protects IoT devices in two ways. The first is through a hardware module embedded in the device, which can analyze and filter low-level events based on predefined security policies. The second component resides on a cloud environment and performs forensic analyses on a large set of events continuously recorded from the IoT device. This project has the potential to immensely improve IoT security. Manufacturers will be able to ship IoT devices with built-in protection against cyber attacks. The principal investigators, with complementary expertises in the Computer Science and Engineering fields, have a strong record of advancement of female and minority students, as well as involvement of undergraduate students in research projects. Further, this project opens up new avenues for future work in hardware-for-software security, an area which, while still in its infancy, has the potential for breakthroughs in cyber security.REVELARE is a hardware-supported dynamic information flow tracking (DIFT) framework to enhance IoT security and forensics. It consists of the following components: (i) a DIFT-enabling core for the ARM and the RISC-V architectures, which complements the main processor with DIFT capabilities, (ii) two DIFT-based security policies (prevention of memory corruption and in-memory-only attacks) enforced by hardware, whose accuracy is enhanced by the capture of DIFT indirect flows, and (iii) a mechanism for IoT virtualization-based security analysis and forensics, with the implementation of two types of security/forensics analyses: causality graphs and personalized (per-device) anomaly detection. REVELARE realizes the potential of DIFT capabilities for the needs of IoT security and forensics, transforming the state-of-the-art for how researchers in academia and industry have been addressing IoT security. Our efficient (architecture-supported) and effective (addressing indirect flows) DIFT framework can also inform future research on architecture-supported DIFT for other architectures (e.g., Intel x86) leveraged in traditional devices. Our combination of in-device built-in protection with cloud heavy-weight analysis and forensics has the potential to ignite the new field of IoT virtualization, in which IoT device management and security are outsourced to the cloud via virtualized devices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

智能互联设备，也称为物联网 (IoT) 设备，现已成为我们日常生活中不可或缺的一部分。这些设备广泛应用于汽车、电话、手表、电器、家庭安全系统以及公用事业和生物医学行业等关键应用中。物联网设备提供的便利伴随着独特的安全和隐私问题。由于上市时间的缩短和公司之间的激烈竞争，安全性并未被视为这些设备的优先考虑事项。非常重要的是，物联网安全挑战与传统设备中存在的挑战不同，因为物联网设备（i）是异构的，（ii）计算资源有限，并且（iii）数量庞大。 因此，迫切需要开发标准化、高效的嵌入式安全模块来保护此类设备免受网络攻击。该项目的目标是设计、实施和制造 REVELARE，这是一种物联网设备安全解决方案，它以两种方式保护物联网设备。第一种是通过设备中嵌入的硬件模块，该模块可以根据预定义的安全策略分析和过滤低级事件。第二个组件驻留在云环境中，并对从物联网设备连续记录的大量事件执行取证分析。 该项目有潜力极大提高物联网安全性。制造商将能够提供具有内置网络攻击保护功能的物联网设备。主要研究人员在计算机科学和工程领域拥有互补的专业知识，在女性和少数民族学生的进步以及本科生参与研究项目方面拥有良好的记录。此外，该项目为硬件换软件安全领域的未来工作开辟了新途径，该领域虽然仍处于起步阶段，但有可能在网络安全方面取得突破。REVELARE 是一种硬件支持的动态信息流跟踪（DIFT） ）框架来增强物联网安全和取证。它由以下组件组成：(i) 用于 ARM 和 RISC-V 架构的支持 DIFT 的核心，它通过 DIFT 功能补充主处理器，(ii) 两个基于 DIFT 的安全策略（防止内存损坏和-仅内存攻击）由硬件强制执行，其准确性通过捕获 DIFT 间接流而得到增强，以及（iii）基于物联网虚拟化的安全分析和取证机制，通过实施两种类型的安全/取证分析：因果关系图和个性化（每设备）异常检测。 REVELARE 认识到 DIFT 功能在满足物联网安全和取证需求方面的潜力，改变了学术界和工业界研究人员解决物联网安全问题的最新技术。我们高效（架构支持）和有效（解决间接流）的 DIFT 框架还可以为传统设备中使用的其他架构（例如 Intel x86）的架构支持 DIFT 的未来研究提供信息。我们将设备内置保护与云重量级分析和取证相结合，有可能点燃物联网虚拟化的新领域，其中物联网设备管理和安全性通过虚拟化设备外包到云端。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Dual-Leak: Deep Unsupervised Active Learning for Cross-Device Profiled Side-Channel Leakage Analysis

双泄漏：用于跨设备侧通道泄漏分析的深度无监督主动学习

• DOI: 10.1109/host55118.2023.10133491
• 发表时间: 2023-05-01
• 期刊: 2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
• 作者: H. Yu;Shuo Wang;Haoqi Shan;Max Panoff;Michael Lee;Kaichen Yang;Yier Jin
• 通讯作者: Yier Jin

Challenges and Opportunities for Practical and Effective Dynamic Information Flow Tracking

实用有效的动态信息流跟踪的挑战和机遇

• DOI: 10.1145/3483790
• 发表时间: 2023-01
• 期刊: ACM Computing Surveys
• 影响因子: 16.6
• 作者: Brant, Christopher;Shrestha, Prakash;Mixon;Chen, Kejun;Varlioglu, Said;Elsayed, Nelly;Jin, Yier;Crandall, Jedidiah;Oliveira, Daniela
• 通讯作者: Oliveira, Daniela

DDIFT: Decentralized Dynamic Information Flow Tracking for IoT Privacy and Security

DDIFT：用于物联网隐私和安全的去中心化动态信息流跟踪

• DOI: 10.14722/diss.2019.23007
• 发表时间: 2019-01
• 期刊: Workshop on Decentralized IoT Systems and Security (DISS
• 作者: Sapountzis, Nikolaos;Sun, Ruimin;Oliveira, Daniela
• 通讯作者: Oliveira, Daniela

RTSEC: Automated RTL Code Augmentation for Hardware Security Enhancement

RTSEC：用于增强硬件安全性的自动 RTL 代码增强

• DOI: 10.23919/date54114.2022.9774745
• 发表时间: 2022-03
• 期刊: Automation & Test in Europe Conference & Exhibition (DATE
• 作者: Arias, Orlando;Liu, Zhaoxiang;Guo, Xiaolong;Jin, Yier;Wang, Shuo
• 通讯作者: Wang, Shuo

FineDIFT: Fine-Grained Dynamic Information Flow Tracking for Data-Flow Integrity Using Coprocessor

FineDIFT：使用协处理器实现数据流完整性的细粒度动态信息流跟踪

• DOI: 10.1109/tifs.2022.3144868
• 发表时间: 2022-01
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Chen, Kejun;Arias, Orlando;Deng, Qingxu;Oliveira, Daniela;Guo, Xiaolong;Jin, Yier
• 通讯作者: Jin, Yier