MAE -- Chad Spensky

Wednesday, August 2, 2017 - 11:00am
HFH 1132
Analyzing and Securing Embedded Systems
Chad Spensky


While embedded systems (i.e., small single-purpose computing devices) have long been an active area of research, their pervasiveness in traditionally non-digital arenas (e.g., automobiles, physical access control, critical infrastructure) has placed a paramount importance on the security of these devices.

Unfortunately, security has not always been a priority in embedded devices, as most manufactures where focused on more functional constraints (e.g., stability and power consumption).
Numerous case studies have highlighted this point, demonstrating critical vulnerabilities in production automobiles, digital locks, and even nuclear refinement plants.  
Even worse, many of the well-vetted program analysis techniques that are typically used for vulnerability detection are not easily ported to embedded devices.
Much of this difficultly stems from the extremely tight-knit interactions between the software, or firmware, of these devices and their hardware.   
As a result, static analysis techniques typically lack the required context to provide meaningful results and dynamic analysis techniques either require the hardware itself to run the firmware, or an accurate virtualized model of the hardware, which must be constructed for each device. Fortunately, there is a common hardship for both static and dynamic analysis techniques: portions of the code that interact directly with the hardware or it's peripherals are currently hard to faithfully replicate. I plan on developing tools and techniques to help alleviate this burden, enabling traditional static and dynamic analysis techniques to be leveraged for the security critical firmwares that are becoming evermore critical to our society. When possible, I plan to develop "fixes" for the more fundamental flaws that are currently wide-spread on these embedded devices. The overarching goal is to shed light on the problems that currently exist on our deployed devices, and leverage these insights to help guide secure development in the future, and ultimately create a more secure (embedded) world.

Everyone welcome!