Secure and Trustworthy Software for Embedded and IoT Devices
As the adoption of IoT/CPS rapidly widens, such devices and systems, when compromised, can cause much broader and deeper impacts than conventional computers. Although IoT security has drawn heavy attention from researchers, one fundamental problem remains open: how can software running on embedded devices be protected against attacks, or verified to be trustworthy? Due to IoT's unique hardware constraints and software designs, solving this challenging problem requires new ideas and approaches, as opposed to rehashes of existing software security techniques.
In this talk, I'll present our recent work towards solving this problem. Our work aims to lay the foundation needed for embedded software to be: (1) comprehensively vetted for vulnerabilities during development, and (2) efficiently monitored or checked for attacks during runtime. I'll then delve into one particular paper (to appear in Oakland'20), called "OAT: Attesting Operation Integrity of Embedded Devices", where we formulated a new security property tailored for embedded devices and presented a framework for remotely attesting this property. This new attestation scheme enables IoT backend controllers to verify operations performed by, and establish trust on, remotely deployed IoT devices.
Long Lu is an assistant professor of computer science at Northeastern University. His research interests lie in low-level software and systems security. His work often involves designing new operating system primitives, program analysis/transformation methods, and trusted execution environments. He won an NSF CAREER Award, an Air Force Faculty Fellowship, a Google ASPIRE Award, and a best paper award at ACM VEE. He frequently publishes at the top-tier security and systems venues. Some outcomes from his past research were adopted by Apple, Microsoft, IBM, Samsung, etc. His work is currently supported by NSF, ONR, ARO, and Google. Long obtained his Ph.D. in computer science from Georgia Tech.