Saurabh Bagchi Presents "Internet-Connected and Insecure at All Speeds: Wireless Embedded Systems"
ABSTRACT: We live in a data-driven world as everyone around has been telling us of late. Everything is generating data, sometimes volumes of it, from the sensors embedded in our physical spaces to the large number of machines in data centers, which are being monitored for a wide variety of metrics. The question that we pose is:

Can all this data be used for improving the dependability of computing systems?


Dependability is the property that the system continues to provide its functionality despite the introduction of faults, either accidental faults (design defects, environmental effects, etc.) or maliciously introduced faults (security attacks, either external or internal). We have been addressing the dependability challenge through large-scale data analytics in the small (networked embedded systems, mobile and wearable devices) and in the large (scientific computing clusters and applications, edge and cloud systems). In this talk, I will first give a high-level view of how data analytics has been brought to bear on the dependability challenges, and the key insights arising from our work. Then I will do a deep dive into the security of Internet of Things (IoT) systems.

While the connectivity of IoT systems has great potential to improve our lives, it has also exposed embedded systems to network-based attacks on an unprecedented scale. Embedded devices face a wide variety of attacks similar to always-connected server-class systems. However, the security controls available on such devices today hark back to the state of security in server-class devices a few decades back. Our position is that security of networked embedded systems must become a first-class concern (like functionality and energy).

To improve the security state of low-end embedded devices, we develop a technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode [S&P-17]--this is the principle of least privileges being brought to the embedded world. This provides the foundation on which we develop protections for code integrity, control-flow hijacking, and protections for sensitive IO. We develop an LLVM-based compiler that automatically infers and enforces inter-component isolation on bare-metal systems [UsenixSec-18]. We then present a technique to emulate embedded firmware so as to evaluate its security, even when the hardware is not available [UsenixSec-20] and conclude by presenting our benchmark suite, called BenchIoT, for evaluating IoT security [DSN-19]. This is the first benchmark suite for IoT applications and enables automatic evaluation of metrics covering security, performance, memory, and energy consumption.

BIO: Saurabh Bagchi is a Professor in the School of Electrical and Computer Engineering and the Department of Computer Science at Purdue University in West Lafayette, Indiana. He is the founding Director of a university-wide resiliency center at Purdue called CRISP (2017-present). He is the recipient of the Alexander von Humboldt Research Award (2018), an Adobe Research award (2017), the AT&T Labs VURI Award (2016), the Google Faculty Award (2015), and the IBM Faculty Award (2014). He serves on the IEEE Computer Society Board of Governors. Saurabh's research interest is in distributed systems and dependable computing.

He is proudest of the 21 PhD and about 50 Masters students who have graduated from his research group and who are in various stages of building wonderful careers in industry or academia. In his group, he and his students have far too much fun building and breaking real systems for greater good. Saurabh received his MS and PhD degrees from the University of Illinois at Urbana-Champaign and his BS degree from the Indian Institute of Technology Kharagpur, all in Computer Science.