The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Cybersecurity in Internet of Things, embedded systems, and real-time operating systems

Research Areas: Cyber-Physical Systems

Principal Investigator: Jamie Davis

Embedded software makes the world go 'round. Static and dynamic analysis of embedded software is a necessary capability for high-assurance software engineering (e.g. IEC 61508, ISO 26262). These capabilities facilitate many security tasks, e.g., vulnerability detection and repair, and reverse engineering.  This project evaluates the security of embedded software applications as well as the infrastructure on which they depend, such as embedded network stacks (lwIP etc.) and real-time operating systems (RTOSes like FreeRTOS). We are evaluating static analysis options and identifying shortcomings. We are performing vulnerability analysis to identify common weaknesses across vendors. We are working on automated rehosting to apply state-of-the-art dynamic analysis techniques (e.g. fuzzing) in a UNIX environment.

Personnel

Other PIs: Aravind Machiry (ECE)

Students: Paschal Amusuo (PhD student @ECE) Ritvik Tanksalkar (PhD student @ECE)

Representative Publications

Keywords: analysis, CPS, cyber-physical systems, fuzzing, real-time operating systems, RTOS