Microcontroller units (MCUs) drive many security- and safety-critical embedded applications. However, they inherit software bugs present in all computing systems. Firmware vulnerabilities have thus become one of the main targets of real-world exploitation. Successful exploitation can cause disastrous consequences to critical infrastructures (e.g., power outages and plant damage) and endanger human lives (e.g., by disabling a pacemaker). In the software community, there has been a rich body of knowledge regarding bug discovery and attack mitigation. However, it is notoriously difficult to apply these results to MCU firmware. Indeed, MCU firmware runs on resource-constrained hardware with heterogeneous architectures, integrates custom runtime environments, and makes unpredictable interactions with the physical world. This renders existing dynamic analysis techniques incompatible, expensive, and ineffective. The proposed research will cross the technical barriers imposed by the aforementioned challenges and greatly enrich the arsenal of MCU firmware security with new knowledge, frameworks, analysis tools, and supporting techniques. Due to the critical roles that MCU devices take in real life, this project will make huge progress towards securing the cyberspace and enhancing national security.
A key observation of this project is that MCU devices usually cannot operate by themselves. Rather, they have to rely on certain external computers in their entire life cycles. Therefore, around a unifying theme of offloading security analysis from the original application workload to more capable nearby workstations or hubs, this project will deliver a series of new methodologies and theories to significantly improve the lifetime security of MCU devices. With the decoupled design, three research thrusts will be investigated. The first thrust focuses on new techniques to automatically discover firmware vulnerabilities, such as bugs lurking deeply in the program space. The second thrust targets run-time monitoring of firmware execution in the production environment, allowing the stakeholders to detect ongoing attacks and catch bugs that never happen during in-house testing. The third thrust, cooperating with the second thrust, investigates vulnerability remediation techniques, in particular, how to efficiently diagnose production bugs without leaking privacy. The outcomes of this research will be freely distributed to the community. This research will also be integrated into the investigator’s education plan to develop a set of Virtual Machine-based labs to educate young minds and future embedded system developers and architects about MCU security.
- Funder: NSF
- Amount: $532,587
- PI: Le Guan