The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Securing Embedded Devices by Enforcing Lowest Privilege Execution

Research Areas: Cyber-Physical Systems

Principal Investigator: Saurabh Bagchi

With more than 9 billion embedded processors in use today, the number of embedded devices has surpassed the number of humans. With the rise of the “Internet of Things” (IoT), the number of embedded devices and their connectivity are exploding. These “things” include fitness trackers, smart light bulbs, smart thermostats, home assistants, utility smart meters, and smart locks. The increasing network connectivity coupled with the ubiquity of these devices makes securing IoT systems a critical task. Evidence of the dangers of insecure IoT systems abounds. For example, in 2016, hijacked smart devices like CCTV cameras and digital video recorders launched the largest distributed denial of service attack to date.

Many of these devices are low cost with software running directly on the hardware, known as “bare-metal systems.” The application runs as privileged, low-level software with direct access to the resources of the microcontroller (µC) and its peripherals. Unlike desktop systems, there are no intervening operating system software layers to control access to the resources in a secure manner. Making matters worse, embedded systems largely lack protection against code injection, control-flow hijacking, and data corruption attacks.

We are improving the security for bare-metal embedded and IoT systems through the design of a privilege overlay that restricts the privileges and capabilities of different regions of the application to the lowest necessary to perform intended operations. Our innovations instantiated in a system called ACES can be applied without needing application modification and with limited user annotations, to indicate what denotes security-critical operations, thus easing the application of ACES to legacy embedded applications. We have achieved this through three interlocking tasks:

We demonstrate the benefits of ACES through realistic applications developed in five domains on actual hardware—smart homes, wearables, smart cities, transportation, and industrial control systems.


Other PIs: Mathias Payer Abraham Clements

Representative Publications

Keywords: embedded system, least privilege execution, microcontroller security