Saurabh Bagchi, Professor
School of Electrical and Computer Engineering and the Department
of Computer Science, Purdue University

Abstract:
The proliferation of the Internet of Things (IoT) is bringing new levels of connectivity and automation to embedded systems. This connectivity has great potential to improve our lives but it also exposes embedded systems to network-based attacks on an unprecedented scale. Attacks against IoT devices have already unleashed massive Denial of Service attacks, invalidated traffic tickets, taken control of vehicles, and facilitated robbing hotel rooms. Embedded devices face a wide variety of attacks similar to always-connected server-class systems. Hence, their security must become a first-class concern. We focus on a particularly vulnerable and constrained subclass of embedded systems: bare-metal systems. They execute a single statically linked binary image providing both the (operating) system functionality and application logic without privilege separation between the two. Bare-metal systems are not an exotic platform: they are often found as part of larger systems, e.g., smart phones delegate control over the lower protocol layers of WiFi and Bluetooth to a dedicated bare-metal System on a Chip (SoC). These components can be compromised to gain access to higher level systems, the smartphones application processor in this case.

To improve the security state of bare-metal systems toward those in server-class systems, we develop a novel technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode¾this is the /principle of least privileges/ being brought to the embedded world. This provides the foundation on which code integrity, adapted control-flow hijacking defenses, and protections for sensitive IO are applied. We also design fine-grained randomization schemes, that work within the constraints of bare-metal systems to provide further protection against control-flow and data corruption attacks.

However, these security protections reduce the ability of embedded devices or mobile devices to run computationally demanding streaming applications, such as, streaming video analytics. Therefore, we demonstrate the power of approximate computing that can reduce the fidelity of the results with a bounded degradation in output quality but reducing the execution time and energy drain. Thus, in some application domains of mobile and embedded systems, we can have our cake and eat it too.

Speaker Bio
Saurabh Bagchi is a Professor in the School of Electrical and Computer Engineering and the Department of Computer Science at Purdue University in West Lafayette, Indiana. He is the founding Director of a university-wide resiliency center at Purdue called CRISP (2017-present). He is the recipient of the Alexander von Humboldt Research Award (2018), an Adobe Research award (2017), the AT&T Labs VURI Award (2016), the Google Faculty Award (2015), and the IBM Faculty Award (2014). He was elected to the IEEE Computer Society Board of Governors for the 2017-19 term. He is an ACM Distinguished Scientist (2013), a Senior Member of IEEE (2007) and of ACM (2009), and a Distinguished Speaker for ACM (2012). Saurabh's research interest is in distributed systems and dependable computing. He is proudest of the 20 PhD students who have graduated from his research group and who are in various stages of building wonderful careers in industry or academia. In his group, he and his students have far too much fun building and breaking real systems. Saurabh received his MS and PhD degrees from the University of Illinois at Urbana-Champaign and his BS degree from the Indian Institute of Technology Kharagpur, all in Computer Science.