Securing the Bare Metal Control Flow Attestation and Pitfalls in Microcontroller System Design скачать в хорошем качестве

Securing the Bare Metal Control Flow Attestation and Pitfalls in Microcontroller System Design

The Distinguished Speaker Webinar Series aims to advance state-of-the-art concepts and methods in artificial intelligence and cyber security. It is jointly hosted by the Centers for Cyber Security and AI Research and the School of Electrical Engineering and Computer Science (SEECS) at the University of North Dakota College of Engineering & Mines. Speaker's Biography: Dr. Ziming Zhao is an Associate Professor at the Khoury College of Computer Sciences and the director of the CyberspACe securiTy and forensIcs lab (CactiLab) at Northeastern University,  Boston, USA. His current research interests include systems and software security, network and web security, and human-centric security. His research has been supported by the U.S. National Science Foundation (NSF), the U.S. Department of Defense, the U.S. Air Force Office of Scientific Research, and the U.S. National Centers of Academic Excellence in Cybersecurity (part of the National Security Agency). He is a recipient of an NSF CAREER award and an NSF CRII award. His research outcomes have appeared in IEEE S&P, USENIX Security, ACM CCS, NDSS, ACM MobiSys, ACM/IEEE DAC, IEEE RTAS, ACM TISSEC/TOPS, IEEE TDSC, IEEE TIFS, etc. He is a recipient of the Test-of-Time paper award at ACM SACMAT 2024 and best/distinguished paper awards from several prestigious conferences, including USENIX Security 2019, ACM AsiaCCS 2022, ACM CODASPY 2014, and ITU Kaleidoscope 2016. He earned his Bachelor’s and Master’s degrees from the Beijing University of Posts and Telecommunications in 2006 and 2009, respectively, followed by a Ph.D. in Computer Science from Arizona State University, Tempe, AZ, in 2014. About the Webinar: Microcontroller units (MCUs) are small computers designed for embedded and Internet of Things (IoT) applications. MCUs power a variety of systems and subsystems, such as sensors, medical devices, smart family gadgets, industrial computing units, and electronic control units. Therefore, it is essential to investigate and outline the challenges encountered in developing secure microcontroller systems. In this talk, I will first discuss ENOLA, our recent solution for control-flow attestation (CFA) in microcontroller systems. Microcontroller-based embedded systems are increasingly targeted by control-flow hijacking attacks, yet existing CFA solutions struggle with trace size and computational overhead. ENOLA introduces a linear-space authenticator and leverages hardware-assisted MAC computations available on ARMv8.1-M devices. It employs a trusted execution environment and register-based defenses to mitigate memory corruption. Our LLVM-based implementation demonstrates ENOLA’s practicality and efficiency on low-end embedded systems. I will then discuss the broader pitfalls in designing secure microcontroller systems, based on an in-depth study of the 2023–2024 MITRE Embedded Capture the Flag (eCTF) competitions. By analyzing team submissions and conducting post-competition interviews, we uncover key conceptual and practical challenges—from limited awareness of MCU-specific threats to inadequate tool support and poor entropy sources. These findings highlight gaps in research, development, and education, and inform actionable recommendations for improving microcontroller system security.